chore: update to v4.28.0

[dtumad]

This PR updates Mathlib, CompPoly, and VCV to v.4.28.0 and fixes downstream proofs that break.

The only remaining regression is in QueryPhase.lean where the specification Prop now compiles very slowly so I've enabled debug.skipKernelTC there for now.

[github-actions]

🤖 Gemini PR Summary

This PR performs a major version bump of the project’s toolchain and core dependencies (Mathlib, CompPoly, and VCV) to v4.28.0. The majority of the changes involve fixing downstream proof regressions and refactoring tactics to align with the updated Lean 4 environment.

Features

• Dependency Update: Migrated the project toolchain and dependencies (including VCVio, doc-gen4, and CompPoly) to Lean v4.28.0.
• Enhanced Tactic Usage: Integrated modern tactics such as omega and fin_omega in various proof scripts (e.g., SingleRound.lean, QueryPhase.lean) to simplify index and bound reasoning.

Fixes

• Kernel Performance Workaround: Implemented debug.skipKernelTC in QueryPhase.lean to address a performance regression where the Prop specification was compiling too slowly in the new version.
• API Compatibility: Updated lemma references to match changes in upstream libraries, specifically migrating Cardinal.natCast_lt_aleph0 and various Finsupp lemmas.
• Proof Completion: Fixed several broken or incomplete proofs by adding missing rfl calls and explicit reflexivity steps, notably in Tuple/Lemmas.lean and SeqCompose.lean.
• Stability Improvements: Replaced broad automated hints with explicit lemma applications (e.g., decoder_eq_some) and transitioned to simp only in tuple operations to improve proof robustness against future library changes.

Refactoring

• Code Cleanup: Removed redundant NoZeroSMulDivisors instances and deleted the support_C theorem from MvPolynomial/Degrees.lean.
• Function Signature Optimization: Cleaned up knowledgeStateFunction definitions across several files (e.g., BatchingPhase.lean, RandomQuery.lean, ReduceClaim.lean) by removing unused parameters and moving hypotheses directly into tactic blocks via intro.
• Tactical Simplification: Streamlined proofs in BinaryBasefold/Basic.lean and Probability/Instances.lean by replacing manual case analysis with simp or aesop.
• Deferred Refactors: Temporarily suspended a proof in Execution.lean using stop to accommodate an upcoming refactor of loggingOracle and WriterT.

Documentation

• Future Maintenance: Added a TODO note in ArkLib/Data/Probability/Instances.lean regarding the planned generalization and relocation of probability instances.

---

Analysis of Changes

Metric	Count
📝 Files Changed	21
✅ Lines Added	52
❌ Lines Removed	58

---

Lean Declarations

✅ **Removed:** 1 declaration(s)

• theorem support_C {r : R} [h : Decidable (r = 0)] : in ArkLib/Data/MvPolynomial/Degrees.lean

---

sorry Tracking

• No sorrys were added, removed, or affected.

---

🎨 **Style Guide Adherence**

Based on the provided style guide, here are the violations found in the code changes:

• ArkLib/Data/CodingTheory/BerlekampWelch/BerlekampWelch.lean:135-138

  • Violation: (he : 2 * e < n - k + 1) (hn : k ≤ n) (and subsequent lines 136-138).
  • Rule: "Indentation: Use 2 spaces for indentation." (The lines use 4 spaces).

• ArkLib/Data/Fin/Tuple/TakeDrop.lean:122

  • Violation: + constructor <| intro ⟨hi, ha⟩ <| refine ⟨by omega, ?_⟩ <| rw! [ha] <| rfl
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/Data/Fin/Tuple/TakeDrop.lean:134

  • Violation: + constructor <| intro ⟨hi, ha⟩ <| refine ⟨by omega, ?_⟩ <| rw! [ha] <| rfl
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/Data/Fin/Tuple/TakeDrop.lean:293

  • Violation: + constructor <| intro ⟨h, h'⟩ <| refine ⟨by omega, ?_⟩ <| rw! [add_comm, h'] <| rfl
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/Data/Fin/Tuple/TakeDrop.lean:299

  • Violation: + constructor <| intro ⟨h, h'⟩ <| refine ⟨by omega, ?_⟩ <| rw! [add_comm, h'] <| rfl
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/ProofSystem/Binius/BinaryBasefold/QueryPhase.lean:134

  • Violation: let x_next : sDomain 𝔽q β h_ℓ_add_R_rate ⟨i + ϑ, by omega⟩ := next_suffix_of_v
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/ProofSystem/Binius/BinaryBasefold/QueryPhase.lean:137

  • Violation: oStmt ⟨k_val + 1, by rw [toOutCodewordsCount_last ℓ ϑ]; omega⟩
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/ProofSystem/Binius/BinaryBasefold/QueryPhase.lean:138

  • Violation: (⟨x_next', by simpa [Nat.add_mul] using hx_next'⟩)
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

• ArkLib/ProofSystem/Binius/RingSwitching/BatchingPhase.lean:309

  • Violation: toFun_full := fun ⟨stmtLast, oStmtLast⟩ tr witOut => by sorry
  • Rule: "Tactic Mode: Place by at the end of the line preceding the tactic block. Indent the tactic block."

---

📄 **Per-File Summaries**

• ArkLib/Data/CodingTheory/BerlekampWelch/BerlekampWelch.lean: Refactors the proof of not_exists_of_decoder_eq_none to explicitly apply the decoder_eq_some lemma instead of relying on an automated hint.
• ArkLib/Data/CodingTheory/Prelims.lean: Update the cRank_rank_conversion proof to use the current Cardinal.natCast_lt_aleph0 lemma.
• ArkLib/Data/CodingTheory/ProximityGap/DG25.lean: Refine a proof step and remove redundant NoZeroSMulDivisors instances.
• ArkLib/Data/Fin/Tuple/Lemmas.lean: Adds rfl to complete the proofs of the fappend₂_right and fappend_right lemmas.
• ArkLib/Data/Fin/Tuple/TakeDrop.lean: Update proofs for tuple take and drop operations to use simp only and explicit reflexivity for improved stability and performance.
• ArkLib/Data/MvPolynomial/Degrees.lean: Removes the support_C theorem, which characterizes the support of constant multivariate polynomials.
• ArkLib/Data/Probability/Instances.lean: This change simplifies the proof of the IsEmpty (PMF α) instance using aesop and adds a TODO note regarding the future generalization and relocation of the file's content.
• ArkLib/OracleReduction/Execution.lean: Temporarily suspends the proof of fst_map_simulateQ_loggingOracle_run using stop to accommodate a pending refactor of loggingOracle and WriterT.
• ArkLib/OracleReduction/ProtocolSpec/SeqCompose.lean: Complete the proof of the take_append_left theorem by adding a missing rfl.
• ArkLib/ProofSystem/Binius/BinaryBasefold/Basic.lean: Simplify the proof of take_snoc_oracle_eq_oStmtIn by replacing manual case analysis with a general simp tactic.
• ArkLib/ProofSystem/Binius/BinaryBasefold/Prelude.lean: Update Finsupp lemma names to maintain compatibility with recent library changes.
• ArkLib/ProofSystem/Binius/BinaryBasefold/QueryPhase.lean: This update simplifies the indexing and bound proofs for calculating the next suffix value in the proximityChecksSpec function by utilizing omega and more direct term construction.
• ArkLib/ProofSystem/Binius/BinaryBasefold/Steps.lean: This change adds a rfl tactic to complete an equality proof within the commitOracleVerifier definition.
• ArkLib/ProofSystem/Binius/RingSwitching/BatchingPhase.lean: Updated the toFun_full field in batchingKnowledgeStateFunction by removing an unused parameter from its function signature.
• ArkLib/ProofSystem/Binius/RingSwitching/SumcheckPhase.lean: Refactored the toFun_full proof in iteratedSumcheckKnowledgeStateFunction by moving the introduction of the h_relOut hypothesis into the tactic block.
• ArkLib/ProofSystem/Component/RandomQuery.lean: Removed an unused hypothesis from the toFun_full field in the knowledgeStateFunction definition.
• ArkLib/ProofSystem/Component/ReduceClaim.lean: Refactor the toFun_full proof in oracleKnowledgeStateFunction by moving the hypothesis h from the function parameters to an explicit intro statement within the tactic block.
• ArkLib/ProofSystem/Fri/Spec/SingleRound.lean: Refines a proof step in the sum_add_one lemma by using fin_omega and explicit simplification lemmas to resolve index constraints.
• lake-manifest.json: Update various project dependencies and their revisions, primarily bumping several packages to version 4.28.0.
• lakefile.toml: Update the revisions of the VCVio, doc-gen4, and CompPoly dependencies to version v4.28.0.
• lean-toolchain: Update the Lean 4 toolchain version from v4.26.0 to v4.28.0.

---

Last updated: 2026-02-25 02:14 UTC.

[dtumad]

I think this should be set to merge as soon as someone gets a chance to review and approve it.

[dhsorens]

This looks mostly fine to me, everything compiles locally for me fine. Most of these changes are fixing proofs, there are a couple introduced TODOs (in comments), no introduced sorry's afaict, and a couple deletions. The only real concern I have that may affect soundness is the introduction of the line set_option debug.skipKernelTC true in in the definition of proximityChecksSpec.

Reviewed for:

• correctness
• soundness
• added/resolved TODOs and sorrys
• proof repair

[dhsorens]

does this do what I think it does- skip the type checker? is this a soundness problem for proximityChecksSpec?

[alexanderlhicks]

yep
(I assume in this case it does actually go through without this option and Devon added it for the sake of compiling faster?)

[chung-thai-nguyen]

I will make many big updates on Binius later and I will fix type checking/slow compilation problems on my side when I do rebase, one of the reason might be due to the strict index design. So you can go ahead with some temporary solutions that you have to get the PR merged if that's acceptable, like #exit or so.

[dtumad]

Well not exactly not type-checked, the interpreter still checks it and you can step through it in VSCode for example. The only reason this is ever useful is that there is an error in how the interpreter models the kernel, which is why this error seemed very strange to me.

I've pushed a fix now, I have no idea why it works, it should be exactly equivalent but for some reason the kernel accepts this version. Some combination of not de-structuring the sub-domain element explicitly, using the change statement, and not using omega for the bounds was the problem. Seems like potentially something to do with having subtype elements as Fin arguments but I can't get any kind of MWE of the problem.

[dhsorens]

just making a note that this was removed bc it is now in mathlib

[dhsorens]

what's the story here? I noticed that reintroducing them gave me errors, looks like some of the definitions in mathlib changed. are there alternative definitions? if we don't need them, I'm happy to have them removed too

[dtumad]

It is because of this change to mathlib which seems to let Module.Free produce the required instances on its own now I think.

[quangvdao]

@dtumad

can we speed this up? I would like this to be merged by tomorrow so I can begin work on the refactor

[dtumad]

can we speed this up? I would like this to be merged by tomorrow so I can begin work on the refactor

@quangvdao I've fixed the merge conflicts again but I really have no control over merging this. Unlike VCV I don't have permissions to merge without approval so I've been waiting for someone to sign off.

[quangvdao]

Woops! There ya go

[lalalune]

Update: FinalSumcheck fixed (verified) — but the Binius cone has extensive in-flight #317 API-drift breakage beyond it

FinalSumcheck.lean: FIXED and verified. Commit 633a0526b — the 4 HEq errors (279/290/364/743) are gone; lake env lean ArkLib/ProofSystem/Binius/BinaryBasefold/Steps/FinalSumcheck.lean compiles 0 errors, 0 sorry, via a verified getFirstOracle_heq bridge lemma (HEq (getFirstOracle 𝔽q β oStmt) (oStmt ⟨0,h⟩)) reused at all 4 sites.

But the focused cone build still fails — a real lake build of BinaryBasefold.General/FRIBinius.General/BBFSmallFieldIOPCS now surfaces ~1000 errors across 40+ files, all from the active #317 refactor mid-flight (commits explicitly tagged "[UNVERIFIED pending cone build]" / "WIP, pre-compile"). Root causes (not random — signature/API drift not yet propagated to callers):

count	error class	example
13	renamed function arg	Invalid argument name ϑ for queryPhaseLogicStep
12	dependent-type drift	Invalid field notation / Application type mismatch
5	renamed arg	Invalid argument name y for iterated_fold
3	dead identifier	Unknown identifier k_succ_mul_ϑ_le_ℓ

Worst-hit files: Prelude.lean (147), QueryPhase.lean (139), Soundness/Incremental.lean (84), ReductionLogic.lean (81), Relations.lean (54), Soundness/SuffixAlignCore.lean (52), ExtractMLPCorrectness.lean (44), Steps/Fold.lean (42), Basic.lean (35)…

Honest disposition of closeout item 1: the cone build is not a stale-cache artifact (my first audit was wrong) nor a single break (my FinalSumcheck-only framing was incomplete) — it is the in-progress #317 cone refactor, currently broken across the whole tree as the renamed-signature changes propagate. Fixing it is the active #317 effort (multiple agents committing pre-compile WIP), not closeable by isolated patches while the refactor is mid-flight. My FinalSumcheck fix is one verified file repaired; the remaining ~40 files are the live #317 propagation. Recommend #313 item 1 be tracked as "blocked on #317 cone refactor completion + a green lake build of the three front-door modules," with a CI gate added once #317 lands so the cone can't silently re-break.