Progress towards proved wp with option Assert
This commit is contained in:
parent
c2c58119be
commit
260ac05c6e
84
wp.v
84
wp.v
|
|
@ -441,30 +441,16 @@ Qed.
|
||||||
|
|
||||||
(***** Weakest precondition **************************************************)
|
(***** Weakest precondition **************************************************)
|
||||||
|
|
||||||
Fixpoint wp (instr: Instr) (condOpt: option Assert) : option Assert :=
|
Fixpoint wp (instr: Instr) (cond: Assert) : Assert := match instr with
|
||||||
match condOpt with
|
| skip => cond
|
||||||
| None => None
|
| abort => assertTop
|
||||||
| Some cond => match instr with
|
| assign x expr => (cond [[ x <- expr expr ]])
|
||||||
| skip =>
|
| seq s1 s2 => wp s1 (wp s2 cond)
|
||||||
Some cond
|
| ifelse guard sIf sElse =>
|
||||||
| abort =>
|
((assertOfExpr guard -> wp sIf cond)
|
||||||
Some assertTop
|
/\ (~ (assertOfExpr guard) -> wp sElse cond)) % assert
|
||||||
| assign x expr =>
|
| while guard body => assertBot
|
||||||
Some (cond [[ x <- expr expr ]])
|
end.
|
||||||
| seq s1 s2 =>
|
|
||||||
wp s1 (wp s2 condOpt)
|
|
||||||
| ifelse guard sIf sElse =>
|
|
||||||
match (wp sIf condOpt, wp sElse condOpt) with
|
|
||||||
| (None, _) | (_, None) => None
|
|
||||||
| (Some wpIf, Some wpElse) =>
|
|
||||||
Some (
|
|
||||||
((assertOfExpr guard -> wpIf)
|
|
||||||
/\ (~ (assertOfExpr guard) -> wpElse)) % assert)
|
|
||||||
end
|
|
||||||
| while guard body =>
|
|
||||||
None
|
|
||||||
end
|
|
||||||
end.
|
|
||||||
|
|
||||||
Lemma assertImplElim {a b: Assert} :
|
Lemma assertImplElim {a b: Assert} :
|
||||||
forall (m: Mem), (assertImpl a b) m -> a m -> b m.
|
forall (m: Mem), (assertImpl a b) m -> a m -> b m.
|
||||||
|
|
@ -482,40 +468,25 @@ Proof.
|
||||||
unfold assertImplLogical. intros mem x. assumption.
|
unfold assertImplLogical. intros mem x. assumption.
|
||||||
Qed.
|
Qed.
|
||||||
|
|
||||||
Definition whatever_or_none (whatever: Assert -> Instr -> Assert -> Prop)
|
Lemma preBottomIsCorrect {instr post}:
|
||||||
(pre: option Assert) (instr: Instr) (post: option Assert) : Prop :=
|
(|= [|assertBot|] instr [|post|]) % assert.
|
||||||
match (pre, post) with
|
|
||||||
| (Some _, None) => False
|
|
||||||
| (None, _) => True
|
|
||||||
| (Some pre0, Some post0) => whatever pre0 instr post0
|
|
||||||
end.
|
|
||||||
|
|
||||||
Definition provable_or_none := whatever_or_none hoare_provability.
|
|
||||||
Notation "|-opt [| pre |] instr [| post |]" :=
|
|
||||||
(provable_or_none pre instr post) (at level 30) : assert.
|
|
||||||
|
|
||||||
Definition consequence_or_none := whatever_or_none hoare_consequence.
|
|
||||||
Notation "|=opt [| pre |] instr [| post |]" :=
|
|
||||||
(consequence_or_none pre instr post) (at level 30) : assert.
|
|
||||||
|
|
||||||
Lemma postnone_is_okay {instr post}:
|
|
||||||
(forall post0, (|-opt [|wp instr (Some post0)|] instr [|Some post0|])%assert)
|
|
||||||
-> (|-opt [|wp instr post|] instr [|post|])%assert.
|
|
||||||
Proof.
|
Proof.
|
||||||
intros prf. destruct post.
|
unfold hoare_consequence. intros mem.
|
||||||
- apply prf.
|
unfold assertBot.
|
||||||
- unfold provable_or_none; unfold whatever_or_none.
|
intros F; exfalso; exact F.
|
||||||
unfold wp; destruct instr; trivial.
|
|
||||||
Qed.
|
Qed.
|
||||||
|
|
||||||
Theorem wp_correctness_provable (instr: Instr) :
|
Theorem wp_correctness (instr: Instr):
|
||||||
forall post, ( |-opt [| wp instr post |] instr [| post |] ) % assert.
|
forall post, ( |= [| wp instr post |] instr [| post |] ) % assert.
|
||||||
Proof.
|
Proof.
|
||||||
induction instr; intros post; apply postnone_is_okay; intros post0.
|
induction instr; intros post.
|
||||||
* apply (H_skip post0).
|
* apply hoare_provability_implies_consequence.
|
||||||
* apply (H_abort assertTop post0).
|
apply (H_skip post).
|
||||||
* apply (H_assign post0 v e).
|
* apply hoare_provability_implies_consequence.
|
||||||
* remember (wp instr2 (Some post0)) as mid eqn:midRel.
|
apply (H_abort assertTop post).
|
||||||
|
* apply hoare_provability_implies_consequence. apply (H_assign post v e).
|
||||||
|
* apply hoare_provability_implies_consequence.
|
||||||
|
remember (wp instr2 (Some post)) as mid eqn:midRel.
|
||||||
remember (wp instr1 mid) as pre eqn:preRel.
|
remember (wp instr1 mid) as pre eqn:preRel.
|
||||||
simpl; rewrite <- midRel; rewrite <- preRel.
|
simpl; rewrite <- midRel; rewrite <- preRel.
|
||||||
specialize IHinstr2 with (Some post0) as IHpost.
|
specialize IHinstr2 with (Some post0) as IHpost.
|
||||||
|
|
@ -530,7 +501,8 @@ Proof.
|
||||||
- unfold provable_or_none in IHmid; unfold whatever_or_none in IHmid.
|
- unfold provable_or_none in IHmid; unfold whatever_or_none in IHmid.
|
||||||
exfalso. apply IHmid.
|
exfalso. apply IHmid.
|
||||||
- unfold whatever_or_none; trivial.
|
- unfold whatever_or_none; trivial.
|
||||||
* specialize IHinstr1 with (Some post0);
|
* apply hoare_provability_implies_consequence.
|
||||||
|
specialize IHinstr1 with (Some post0);
|
||||||
specialize IHinstr2 with (Some post0).
|
specialize IHinstr2 with (Some post0).
|
||||||
destruct (wp instr1 (Some post0)) as [preIf | ] eqn:preIfRel;
|
destruct (wp instr1 (Some post0)) as [preIf | ] eqn:preIfRel;
|
||||||
destruct (wp instr2 (Some post0)) as [preElse | ] eqn:preElseRel.
|
destruct (wp instr2 (Some post0)) as [preElse | ] eqn:preElseRel.
|
||||||
|
|
@ -568,7 +540,7 @@ Proof.
|
||||||
rewrite preIfRel; trivial.
|
rewrite preIfRel; trivial.
|
||||||
- unfold provable_or_none; simpl; rewrite preElseRel;
|
- unfold provable_or_none; simpl; rewrite preElseRel;
|
||||||
rewrite preIfRel; trivial.
|
rewrite preIfRel; trivial.
|
||||||
* unfold wp; unfold provable_or_none; unfold whatever_or_none; trivial.
|
* unfold wp. apply preBottomIsCorrect.
|
||||||
Qed.
|
Qed.
|
||||||
|
|
||||||
Lemma provable_opt_implies_provable {pre instr post} :
|
Lemma provable_opt_implies_provable {pre instr post} :
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue