Skip to main content

EVA Algebra

EVA Algebra is the mathematical framework that governs how monomers compose into programs. Every BRIK-64 program is an expression in EVA Algebra — not a sequence of imperative statements, but a structured combination of verified atomic units. The name EVA stands for the three operators:
SymbolNamePCD syntaxMathematical property
Sequentialstatement orderAssociative, identity = Id
Parallelparallel { } blockCommutative + Associative
Conditionalif / elseFinite branching, deterministic

Formal Definitions

Types

Circuit := Monomer
         | Circuit ⊗ Circuit
         | Circuit ∥ Circuit
         | Circuit ⊕ (Bool × Circuit × Circuit)
A circuit is either an atomic monomer, or one of three compositions. Programs are circuits. The TCE verifies circuits. The compiler emits circuits.

Compatibility

Composition is not always valid. Sequential composition requires type compatibility: 
Compat(A, B) := output_type(A) = input_type(B)
If Compat(A, B) does not hold, A ⊗ B is a compile-time error. The planner enforces this at the CPF stage — there is no runtime type mismatch in a certified program.

Operator 1: Sequential Composition (⊗)

A ⊗ B means: run A, then run B with A’s output as B’s input.

Formal axioms

-- Associativity (proven: Paper III, Lemma 3.1)
(A ⊗ B) ⊗ C = A ⊗ (B ⊗ C)

-- Left identity
Id ⊗ A = A

-- Right identity
A ⊗ Id = A

-- Type requirement
Compat(A, B) ∧ Compat(B, C) → Compat(A ⊗ B, C)

In PCD

Sequential composition is implicit — statement order in a function body is : 
fn process(input: String) -> Hash32 {
    let trimmed = MC_46.TRIM(input);       // step 1
    let upper   = MC_44.UPPER(trimmed);    // step 2  ← trimmed ⊗ upper
    let bytes   = MC_43.LEN(upper);        // step 3  ← upper ⊗ len
    let hash    = MC_48.HASH(upper);       // step 4  ← parallel with step 3
    return hash;
}
The planner infers from data dependencies. If B uses the output of A, they are sequential. If B does not use A’s output, the planner may classify them as (parallel) if side-effect-free.

Closure Theorem

Closure under ⊗: If Φ_c(A) = 1 and Φ_c(B) = 1, then Φ_c(A ⊗ B) = 1.This is the central theorem that makes composability work. You never need to re-certify a program after combining two certified sub-programs sequentially. Proof: Paper III, Theorem 3.4.

Operator 2: Parallel Composition (∥)

A ∥ B means: run A and B concurrently, with complete isolation between them. Neither A nor B can observe or modify the other’s state. Outputs are collected as a tuple.

Formal axioms

-- Commutativity (proven: Paper IV, Lemma 4.2)
A ∥ B = B ∥ A

-- Associativity
(A ∥ B) ∥ C = A ∥ (B ∥ C)

-- Isolation axiom
shared_state(A, B) = ∅   (required for ∥ to be valid)

Isolation enforcement

The planner enforces isolation at the CPF level. If A writes to a memory location that B reads (or vice versa), the planner rejects A ∥ B with a compilation error. You must restructure as A ⊗ B (sequential) or introduce a synchronization barrier via MC_23.FENCE.

In PCD

fn dual_hash(a: String, b: String) -> (Hash32, Hash32) {
    // Compiler infers ∥ — a and b are independent
    let ha = MC_48.HASH(a);
    let hb = MC_48.HASH(b);
    return (ha, hb);
}
You can also explicitly request parallel execution (future syntax, v4.0+): 
parallel {
    let result_a = heavy_computation(input_a);
    let result_b = heavy_computation(input_b);
}
// result_a and result_b available here

Closure Theorem

Closure under ∥: If Φ_c(A) = 1 and Φ_c(B) = 1, then Φ_c(A ∥ B) = 1. The thermal metrics compose additively: E_c(A ∥ B) = E_c(A) + E_c(B). This is the reason the TCE can compute metrics for large programs incrementally — parallel sub-circuits are independent thermal units.

Operator 3: Conditional Composition (⊕)

A ⊕_b B means: evaluate boolean b, then run A if b = true, or B if b = false. Only one branch executes. The Landauer cost is the cost of the chosen branch plus the cost of evaluating the condition.

Formal axioms

-- Determinism (proven: Paper V, Lemma 5.1)
∀ input, ∃! branch ∈ {A, B} : branch executes

-- Finiteness
depth(⊕) < MAX_DEPTH = 256

-- No implicit coercion
b : Bool   (not I64 — control monomers require Bool)

In PCD

fn classify(n: I64) -> String {
    if (n > 0) {
        return "positive";         // branch A
    } else {
        return "non-positive";     // branch B
    }
    // compiler sees: classify = (n>0) ⊕_b ("positive" | "non-positive")
}
Nested conditionals deepen the tree: 
fn sign(n: I64) -> I64 {
    if (n > 0) {
        return 1;
    } else {
        if (n < 0) {
            return -1;
        } else {
            return 0;
        }
    }
    // sign = (n>0) ⊕_b1 ( 1 | (n<0) ⊕_b2 (-1 | 0) )
}

Closure Theorem

Closure under ⊕: If Φ_c(A) = 1 and Φ_c(B) = 1, then Φ_c(A ⊕ B) = 1. The TCE computes H_d (decision entropy) across all nodes — this is where branching structure contributes to thermodynamic cost.

Critical Non-Property: Distributivity Does NOT Hold

Distributivity is proven NOT to hold in EVA Algebra (Paper V, Theorem 5.3).A ⊗ (B ∥ C) ≠ (A ⊗ B) ∥ (A ⊗ C) in general.This is not a limitation — it is a feature. If distributivity held, the algebra would collapse parallel and sequential composition into a single operator, losing the ability to reason about data dependencies and isolation separately.The TCE explicitly checks for distributivity violations and treats them as separate circuit topologies with different thermodynamic profiles.

How the Planner Infers EVA Algebra

The planner performs a data-flow analysis pass over the SSA-form CPF to annotate every composition node with its EVA operator: 
For each pair (stmt_i, stmt_j) in function body:
  if uses(stmt_j) ∩ defines(stmt_i) ≠ ∅:
    classify as  stmt_i ⊗ stmt_j   (sequential)
  elif writes(stmt_i) ∩ reads(stmt_j) = ∅
       AND reads(stmt_i) ∩ writes(stmt_j) = ∅:
    classify as  stmt_i ∥ stmt_j   (parallel)
  else:
    classify as  stmt_i ⊕ stmt_j   (conditional — requires explicit Bool)
This annotation is embedded in the CPF JSON under the "eva" field of each function and of each sub-expression block.

EVA Algebra in BIR Bytecode

BIR (BRIK IR) encodes EVA structure in the bytecode header: 
CIRCUIT_START  <id> <operator: SEQ|PAR|COND>
  ...instructions...
CIRCUIT_END    <id>
The BIR interpreter uses this structure to:
  1. Verify at load time that the circuit structure matches what the TCE certified
  2. Enable speculative parallel execution of blocks on multi-core hardware
  3. Apply the LOAD-take optimization: in a SEQ block, a value loaded and immediately stored into the same variable triggers mem::replace instead of clone

Examples: Real PCD Compositions

SHA-256 pipeline (⊗ chain)

fn hash_file(path: String) -> Hash32 {
    let fd      = MC_34.OPEN(path, 0);
    let content = read_all(fd);
    let _       = MC_35.CLOSE(fd);
    return MC_52.SHA256(content);
    // OPEN ⊗ read_all ⊗ CLOSE ⊗ SHA256
}

Dual signature verification (∥ composition)

fn verify_both(pk1: PubKey, pk2: PubKey, msg: Bytes, sig1: Sig, sig2: Sig) -> Bool {
    let v1 = MC_55.VERIFY(pk1, msg, sig1);  // independent
    let v2 = MC_55.VERIFY(pk2, msg, sig2);  // independent → inferred ∥
    return MC_08.AND8(v1, v2);
    // VERIFY(pk1) ∥ VERIFY(pk2) ⊗ AND8
}

Policy circuit (⊕ gate)

fn policy_check(action: I64, context: String) -> I64 {
    let allowed = check_allowlist(action);
    if (allowed) {
        let logged = audit_log(action, context);
        return 1;    // ALLOW
    } else {
        return 0;    // BLOCK
    }
    // check_allowlist ⊗ (allowed ⊕ (audit_log ⊗ ALLOW | BLOCK))
}

The 207 Coq Proofs

EVA Algebra is not claimed — it is proven. The theory/papers/ directory contains:
File groupCountContent
F0_arithmetic.v through F7_system.v8 filesPer-monomer correctness + termination
eva_seq.v1 fileAll sequential composition theorems
eva_par.v1 fileAll parallel composition theorems (commutativity, associativity, isolation)
eva_cond.v1 fileAll conditional composition theorems (determinism, finiteness)
eva_closure.v1 fileThe master closure theorem: certified ⊗/∥/⊕ certified = certified
eva_nondist.v1 fileProof that distributivity does NOT hold
tce_bounds.v1 fileThermodynamic bound proofs
bootstrap_fixpoint.v1 fileSelf-compilation fixpoint proof
Other lemmas~192 filesSupporting lemmas, type safety, SSA correctness
# Verify all proofs (requires Coq 8.18+)
cd theory/papers && coqc -R . BRIK64 *.v
# Expected: 0 errors, 0 warnings, 0 Admitted
The Admitted count was driven to zero during the audit of 2026-03-07. Every previously admitted lemma was either proven or replaced with an explicit DEFERRED comment documenting the open proof obligation. There are zero silent assumptions in the proof base.