Home/Paper → Proof → Code/SafEDMD Koopman

>_SAFEDMD_KOOPMAN

Verified Data-Driven Controller Synthesis

Machine-checked Lean 4 formalization extending Strässer, Berberich & Allgöwer (arXiv 2402.03145) with nucleus-bottleneck Koopman autoencoder error bounds, Heyting algebra structure, and SDP Lyapunov controller synthesis.

VERIFIEDLean 4 + MathlibPLATINUM TIERGitHub

Modules

Theorems

Sorry Count

1092

Lines

Corrections

>_VERIFICATION.SEAL

Formal Verification Certificate

Every theorem in this project has been machine-checked by the Lean 4 kernel. No axiom is assumed without proof. No gap exists in the verification chain.

21 THEOREMS VERIFIED10 MODULES1,092 LINES0 SORRY

SafEDMD Koopman • Lean 4 + Mathlib • Apoth3osis Labs

>PAPER_PROOF_CORRESPONDENCE

Paper Section	Status	Lean Module
2.1 Koopman Operator Theory	PROVED	KoopmanAlgebra
2.2 EDMD Dictionary	PROVED	NucleusReLU, NucleusThreshold
3.1 SafEDMD Error Bounds (Thm 3.1)	EXTENDED	SafEDMD
3.2 Active Dictionary Restriction	PROVED	SafEDMD (projectedGramDiag_le)
4 Controller Synthesis (LMI)	SIMPLIFIED	StableGenerator
— Heyting Lattice Structure	ORIGINAL	HeytingOps, ParametricHeyting
— Semantic Closure	ORIGINAL	SemanticClosure/MR/*

>KEY_MATHEMATICS

SafEDMD Energy Bound

\sum_{i=1}^n R(v)_i^2 \leq \sum_{i=1}^n v_i^2

The ReLU nucleus cannot increase the finite-dimensional energy. This is the key algebraic ingredient for SafEDMD error envelopes.

Heyting Adjunction

(a \sqcap c \leq b) \iff (c \leq a \Rightarrow_H b)

The defining law of Heyting algebras. Proved for both fixed bounds [0, top]ⁿ and learned parametric bounds [lo, hi]ⁿ.

Gram Diagonal Bound

G^R_j = \sum_{s=1}^m R(x_s)_j^2 \leq \sum_{s=1}^m (x_s)_j^2 = G_j

Projected Gram diagonal entries are bounded by unprojected ones. Critical for SafEDMD active dictionary restriction.

Non-Boolean Witness

\exists i,\; lo_i < a_i < hi_i \implies \neg\neg a \neq a

Double negation does not recover the original for interior points. This witnesses that the latent lattice is genuinely Heyting, not Boolean.

>CORRECTIONS_AND_EXTENSIONS

Our formalization is SafEDMD-inspired, not a direct transcription. Key differences:

Bound formula

PAPER:

Scalar proportional bound (Theorem 3.1): ‖error‖ ≤ c̃ₓ ‖Φ(x) − Φ(0)‖ + c̃ᵤ ‖u‖

OURS:

Residual-covariance PSD envelope E = (G + λI)⁻¹ R (G + λI)⁻¹ — SafEDMD-inspired but not direct transcription

LMI controller synthesis

PAPER:

6×6 block LMI for bilinear control-affine systems (equation 17)

OURS:

Simplified 2×2 Schur complement for autonomous systems

Active dictionary restriction

PAPER:

Not discussed in the paper

OURS:

Original contribution — masking out latent dimensions killed by the ReLU nucleus for honest NBA-vs-baseline comparisons

Heyting algebra structure

PAPER:

No lattice-theoretic content in the paper

OURS:

Entirely original Apoth3osis work — bounded Heyting operations with adjunction proofs

⊢⊣⊢⊣

>_MENTAT.JOIN

“Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.”
Frank Herbert, Dune

A janitor who proves a theorem outranks a tenured professor who publishes noise.

Not as a slogan. As a structural fact of how the network operates. The only currency that matters is the quality of your contribution, measured not by committee but by mathematics.

ONTOLOGICAL ENGINEER8 designations

IDEA

A valid, original framing or conjecture

THEORY

Formal argument with paper-level rigor

APPLICATION

Connecting theory to observable outcomes

CODE

Working software the project depends on

EXPERIMENT

Reproducible research with methodology and data

PROOF

Machine-verified claim checked by a proof assistant

KERNEL

Foundational, load-bearing implementation

BRIDGE

Connecting subsystems or knowledge domains end-to-end

NOETIC ENGINEER8 designations

VISIONARY

Strategic direction & roadmaps

NARRATOR

Writing, documentation & papers

DESIGNER

Visual, UX & information design

EDUCATOR

Teaching, tutorials & workshops

CULTIVATOR

Community, outreach & events

DIPLOMAT

Partnerships, governance & policy

INTERPRETER

Translation, media & accessibility

SENTINEL

Ethics, review & quality assurance

Every accepted contribution receives a MENTAT Contribution Record — cryptographically signed, IPFS-pinned, permanently yours. No committee decides your worth. The type checker does.

APPLY TO MENTAT EXPLORE PROJECTSMESH-ENCRYPTED NETWORK FOR TRUSTED AUTONOMOUS TRANSACTIONS

>DEPENDENCY_GRAPH

Layer 1 (Mathlib):     Mathlib.Order.Nucleus    Mathlib.Data.Real.Basic
                             │                          │
Layer 2 (Nucleus):     NucleusReLU              NucleusThreshold
                             │                          │
Layer 3 (Lattice):     HeytingOps               ParametricHeyting
                             │
Layer 4 (Closure):     SC.Basic  →  SC.ClosureOp  →  SC.InverseEval
                             │
Layer 5 (SafEDMD):     SafEDMD (imports NucleusReLU)
                             │
Layer 6 (Dynamics):    StableGenerator           KoopmanAlgebra

>PROOF_BLUEPRINT

10 modules · 21 theorems · 12 definitions · 1092 lines · 0 sorry

>VERIFIED_C_ARTIFACTS

10 C files transpiled from Lean 4 via LambdaIR → MiniC → C. Each file carries provenance headers and theorem-preservation comments. Compile-verified with gcc -std=c11 -Wall -Wextra -Werror.

DOWNLOAD VERIFIED-C.TAR.GZ

>SAFE_RUST_ARTIFACTS

Rust crate verified-koopman-proofs with 8 modules and 17 tests. All tests pass, zero warnings. Memory-safe by construction.

DOWNLOAD SAFE-RUST.TAR.GZ

>PROVENANCE_CHAIN

Paper (arXiv 2402.03145)→Lean 4 Proofs→Verified C→Safe Rust

>RELATED

Nucleus Bottleneck Autoencoder

The foundational NBA research project.

verified-koopman on GitHub

Full source: Lean proofs + Python package.

Strässer et al. on arXiv

The original SafEDMD paper.