Commit 8c4b2deb authored by Jacques-Henri Jourdan's avatar Jacques-Henri Jourdan

Notations: use `` instead of ` for enc, in order to avoid compatibility with...

Notations: use `` instead of ` for enc, in order to avoid compatibility with proj1_sig notation defined in Coq's Program.Util.
parent af3458d2
...@@ -26,7 +26,7 @@ Implicit Types n : int. ...@@ -26,7 +26,7 @@ Implicit Types n : int.
(** [val_swap] defined in [ExampleBasicNonlifted.v] *) (** [val_swap] defined in [ExampleBasicNonlifted.v] *)
Lemma Rule_swap_neq : forall A1 A2 `{EA1:Enc A1} `{EA2:Enc A2} (v:A1) (w:A2) p q, Lemma Rule_swap_neq : forall A1 A2 `{EA1:Enc A1} `{EA2:Enc A2} (v:A1) (w:A2) p q,
Triple (val_swap `p `q) Triple (val_swap ``p ``q)
PRE (p ~~> v \* q ~~> w) PRE (p ~~> v \* q ~~> w)
POST (fun (r:unit) => p ~~> w \* q ~~> v). POST (fun (r:unit) => p ~~> w \* q ~~> v).
Proof using. Proof using.
...@@ -34,7 +34,7 @@ Proof using. ...@@ -34,7 +34,7 @@ Proof using.
Qed. Qed.
Lemma Rule_swap_eq : forall A1 `{EA1:Enc A1} (v:A1) p, Lemma Rule_swap_eq : forall A1 `{EA1:Enc A1} (v:A1) p,
Triple (val_swap `p `p) Triple (val_swap ``p ``p)
PRE (p ~~> v) PRE (p ~~> v)
POST (fun (r:unit) => p ~~> v). POST (fun (r:unit) => p ~~> v).
Proof using. Proof using.
......
...@@ -25,8 +25,8 @@ Definition val_apply : val := ...@@ -25,8 +25,8 @@ Definition val_apply : val :=
Lemma Rule_apply : forall (f:func) `{EA:Enc A} (x:A), Lemma Rule_apply : forall (f:func) `{EA:Enc A} (x:A),
forall (H:hprop) `{EB:Enc B} (Q:B->hprop), forall (H:hprop) `{EB:Enc B} (Q:B->hprop),
Triple (f `x) H Q -> Triple (f ``x) H Q ->
Triple (val_apply `f `x) H Q. Triple (val_apply ``f ``x) H Q.
Proof using. Proof using.
introv M. xcf. (* todo why not simplified? *) introv M. xcf. (* todo why not simplified? *)
unfold Substs; simpl; rew_enc_dyn. unfold Substs; simpl; rew_enc_dyn.
...@@ -35,8 +35,8 @@ Qed. ...@@ -35,8 +35,8 @@ Qed.
Lemma Rule_apply' : forall (f:func) `{EA:Enc A} (x:A), Lemma Rule_apply' : forall (f:func) `{EA:Enc A} (x:A),
forall (H:hprop) `{EB:Enc B} (Q:B->hprop), forall (H:hprop) `{EB:Enc B} (Q:B->hprop),
Triple (val_apply f `x) Triple (val_apply f ``x)
PRE (\[Triple (f `x) H Q] \* H) PRE (\[Triple (f ``x) H Q] \* H)
POST Q. POST Q.
Proof using. intros. xpull ;=> M. applys~ Rule_apply. Qed. Proof using. intros. xpull ;=> M. applys~ Rule_apply. Qed.
...@@ -53,11 +53,11 @@ Definition val_refapply : val := ...@@ -53,11 +53,11 @@ Definition val_refapply : val :=
Lemma Rule_refapply_pure : forall (f:func) `{EA:Enc A} (r:loc) (x:A), Lemma Rule_refapply_pure : forall (f:func) `{EA:Enc A} (r:loc) (x:A),
forall `{EB:Enc B} (P:A->B->Prop), forall `{EB:Enc B} (P:A->B->Prop),
Triple (f `x) Triple (f ``x)
PRE \[] PRE \[]
POST (fun y => \[P x y]) POST (fun y => \[P x y])
-> ->
Triple (val_refapply `f `r) Triple (val_refapply ``f ``r)
PRE (r ~~> x) PRE (r ~~> x)
POST (fun (_:unit) => Hexists y, \[P x y] \* r ~~> y). POST (fun (_:unit) => Hexists y, \[P x y] \* r ~~> y).
Proof using. Proof using.
...@@ -66,11 +66,11 @@ Qed. ...@@ -66,11 +66,11 @@ Qed.
Lemma Rule_refapply_effect : forall (f:func) `{EA:Enc A} (r:loc) (x:A), Lemma Rule_refapply_effect : forall (f:func) `{EA:Enc A} (r:loc) (x:A),
forall `{EB:Enc B} (P:A->B->Prop) (H H':hprop), forall `{EB:Enc B} (P:A->B->Prop) (H H':hprop),
Triple (f `x) Triple (f ``x)
PRE H PRE H
POST (fun y => \[P x y] \* H') POST (fun y => \[P x y] \* H')
-> ->
Triple (val_refapply `f `r) Triple (val_refapply ``f ``r)
PRE (r ~~> x \* H) PRE (r ~~> x \* H)
POST (fun (_:unit) => Hexists y, \[P x y] \* r ~~> y \* H'). POST (fun (_:unit) => Hexists y, \[P x y] \* r ~~> y \* H').
Proof using. Proof using.
...@@ -88,9 +88,9 @@ Definition val_twice : val := ...@@ -88,9 +88,9 @@ Definition val_twice : val :=
'f '(). 'f '().
Lemma Rule_twice : forall (f:func) (H H':hprop) `{EB:Enc B} (Q:B->hprop), Lemma Rule_twice : forall (f:func) (H H':hprop) `{EB:Enc B} (Q:B->hprop),
Triple (f `tt) H (fun (_:unit) => H') -> Triple (f ``tt) H (fun (_:unit) => H') ->
Triple (f `tt) H' Q -> Triple (f ``tt) H' Q ->
Triple (val_twice `f) H Q. Triple (val_twice ``f) H Q.
Proof using. Proof using.
introv M1 M2. xcf. xseq. xapp M1. xapp M2. hsimpl~. introv M1 M2. xcf. xseq. xapp M1. xapp M2. hsimpl~.
Qed. Qed.
...@@ -127,16 +127,16 @@ Proof using. math. Qed. ...@@ -127,16 +127,16 @@ Proof using. math. Qed.
Lemma Rule_repeat : forall (I:int->hprop) (f:func) (n:int), Lemma Rule_repeat : forall (I:int->hprop) (f:func) (n:int),
n >= 0 -> n >= 0 ->
(forall i, 0 <= i < n -> (forall i, 0 <= i < n ->
Triple (f `tt) Triple (f ``tt)
PRE (I i) PRE (I i)
POST (fun (_:unit) => I (i+1))) POST (fun (_:unit) => I (i+1)))
-> ->
Triple (val_repeat `n `f) Triple (val_repeat ``n ``f)
PRE (I 0) PRE (I 0)
POST (fun (_:unit) => I n). POST (fun (_:unit) => I n).
Proof using. Proof using.
introv N M. xcf. introv N M. xcf.
asserts_rewrite (`n = val_int n). auto. (* todo: investigate *) asserts_rewrite (``n = val_int n). auto. (* todo: investigate *)
applys local_weaken_post. xlocal. applys local_weaken_post. xlocal.
applys local_erase. applys xfor_inv_lemma (fun i => (I (i-1))). applys local_erase. applys xfor_inv_lemma (fun i => (I (i-1))).
{ math. } { math. }
...@@ -195,7 +195,7 @@ Definition val_mkcounter : val := ...@@ -195,7 +195,7 @@ Definition val_mkcounter : val :=
(** Verification *) (** Verification *)
Lemma Rule_mkcounter : Lemma Rule_mkcounter :
Triple (val_mkcounter `val_unit) Triple (val_mkcounter ``val_unit)
\[] \[]
(fun g => g ~> MCount 0). (fun g => g ~> MCount 0).
Proof using. Proof using.
......
...@@ -216,7 +216,7 @@ Definition val_new_cell := ...@@ -216,7 +216,7 @@ Definition val_new_cell :=
*) *)
Lemma Rule_new_cell : forall `{EA:Enc A} (x:A) (q:loc), Lemma Rule_new_cell : forall `{EA:Enc A} (x:A) (q:loc),
Triple (val_new_cell `x `q) Triple (val_new_cell ``x ``q)
PRE \[] PRE \[]
POST (fun p => (p ~> MCell x q)). POST (fun p => (p ~> MCell x q)).
Proof using. xrule_new_record. Qed. Proof using. xrule_new_record. Qed.
...@@ -296,7 +296,7 @@ Definition val_mlist_copy := ...@@ -296,7 +296,7 @@ Definition val_mlist_copy :=
). ).
Lemma Rule_mlist_copy : forall p (L:list int), Lemma Rule_mlist_copy : forall p (L:list int),
Triple (val_mlist_copy `p) Triple (val_mlist_copy ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (p':loc) => (p ~> MList L) \* (p' ~> MList L)). POST (fun (p':loc) => (p ~> MList L) \* (p' ~> MList L)).
Proof using. Proof using.
...@@ -328,7 +328,7 @@ Definition val_mlist_length : val := ...@@ -328,7 +328,7 @@ Definition val_mlist_length : val :=
). ).
Lemma Rule_mlist_length : forall A `{EA:Enc A} (L:list A) (p:loc), Lemma Rule_mlist_length : forall A `{EA:Enc A} (L:list A) (p:loc),
Triple (val_mlist_length `p) Triple (val_mlist_length ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (r:int) => \[r = length L] \* p ~> MList L). POST (fun (r:int) => \[r = length L] \* p ~> MList L).
Proof using. Proof using.
...@@ -356,7 +356,7 @@ Definition val_mlist_append : val := ...@@ -356,7 +356,7 @@ Definition val_mlist_append : val :=
). ).
Lemma Rule_mlist_append : forall (L1 L2:list int) (p1 p2:loc), Lemma Rule_mlist_append : forall (L1 L2:list int) (p1 p2:loc),
Triple (val_mlist_append `p1 `p2) Triple (val_mlist_append ``p1 ``p2)
PRE (p1 ~> MList L1 \* p2 ~> MList L2) PRE (p1 ~> MList L1 \* p2 ~> MList L2)
POST (fun (p:loc) => POST (fun (p:loc) =>
p ~> MList (L1++L2) \* p1 ~> MList L1 \* p2 ~> MList L2). p ~> MList (L1++L2) \* p1 ~> MList L1 \* p2 ~> MList L2).
...@@ -376,13 +376,13 @@ Qed. ...@@ -376,13 +376,13 @@ Qed.
(* * Out-of-place append of two aliased mutable lists *) (* * Out-of-place append of two aliased mutable lists *)
Lemma Rule_mlist_append_aliased : forall (L:list int) (p1:loc), Lemma Rule_mlist_append_aliased : forall (L:list int) (p1:loc),
Triple (val_mlist_append `p1 `p1) Triple (val_mlist_append ``p1 ``p1)
PRE (p1 ~> MList L) PRE (p1 ~> MList L)
POST (fun (p:loc) => p ~> MList (L++L) \* p1 ~> MList L). POST (fun (p:loc) => p ~> MList (L++L) \* p1 ~> MList L).
Proof using. Proof using.
cuts K: (forall (L L1 L2:list int) (p1 p3:loc), cuts K: (forall (L L1 L2:list int) (p1 p3:loc),
L = L1++L2 -> L = L1++L2 ->
Triple (val_mlist_append `p3 `p1) Triple (val_mlist_append ``p3 ``p1)
PRE (p1 ~> MListSeg p3 L1 \* p3 ~> MList L2) PRE (p1 ~> MListSeg p3 L1 \* p3 ~> MList L2)
POST (fun (p:loc) => p ~> MList (L2++L) \* p1 ~> MList L)). POST (fun (p:loc) => p ~> MList (L2++L) \* p1 ~> MList L)).
{ intros. xchange (MListSeg_nil p1). xapplys (K L nil L). rew_list~. } { intros. xchange (MListSeg_nil p1). xapplys (K L nil L). rew_list~. }
...@@ -416,17 +416,17 @@ Definition val_mlist_iter : val := ...@@ -416,17 +416,17 @@ Definition val_mlist_iter : val :=
Lemma Rule_mlist_iter : forall `{EA:Enc A} (I:list A->hprop) (L:list A) (f:func) (p:loc), Lemma Rule_mlist_iter : forall `{EA:Enc A} (I:list A->hprop) (L:list A) (f:func) (p:loc),
(forall x K, (forall x K,
Triple (f `x) Triple (f ``x)
PRE (I K) PRE (I K)
POST (fun (_:unit) => I (K&x))) POST (fun (_:unit) => I (K&x)))
-> ->
Triple (val_mlist_iter `f `p) Triple (val_mlist_iter ``f ``p)
PRE (p ~> MList L \* I nil) PRE (p ~> MList L \* I nil)
POST (fun (_:unit) => p ~> MList L \* I L). POST (fun (_:unit) => p ~> MList L \* I L).
Proof using. Proof using.
introv M. introv M.
cuts G: (forall L1 L2, cuts G: (forall L1 L2,
Triple (val_mlist_iter `f `p) Triple (val_mlist_iter ``f ``p)
PRE (p ~> MList L2 \* I L1) PRE (p ~> MList L2 \* I L1)
POST (fun (_:unit) => p ~> MList L2 \* I (L1++L2))). POST (fun (_:unit) => p ~> MList L2 \* I (L1++L2))).
{ applys G. } { applys G. }
...@@ -442,17 +442,17 @@ Qed. ...@@ -442,17 +442,17 @@ Qed.
Lemma Rule_mlist_iter_general : forall `{EA:Enc A} (I:list A->hprop) (L:list A) (f:func) (p:loc), Lemma Rule_mlist_iter_general : forall `{EA:Enc A} (I:list A->hprop) (L:list A) (f:func) (p:loc),
(forall x L1 L2, L = L1++x::L2 -> (forall x L1 L2, L = L1++x::L2 ->
Triple (f `x) Triple (f ``x)
PRE (I L1) PRE (I L1)
POST (fun (_:unit) => I (L1&x))) POST (fun (_:unit) => I (L1&x)))
-> ->
Triple (val_mlist_iter `f `p) Triple (val_mlist_iter ``f ``p)
PRE (p ~> MList L \* I nil) PRE (p ~> MList L \* I nil)
POST (fun (_:unit) => p ~> MList L \* I L). POST (fun (_:unit) => p ~> MList L \* I L).
Proof using. Proof using.
introv M. introv M.
cuts G: (forall L1 L2, L = L1++L2 -> cuts G: (forall L1 L2, L = L1++L2 ->
Triple (val_mlist_iter `f `p) Triple (val_mlist_iter ``f ``p)
PRE (p ~> MList L2 \* I L1) PRE (p ~> MList L2 \* I L1)
POST (fun (_:unit) => p ~> MList L2 \* I L)). POST (fun (_:unit) => p ~> MList L2 \* I L)).
{ applys~ G. } { applys~ G. }
...@@ -478,7 +478,7 @@ Definition val_mlist_length_using_iter : val := ...@@ -478,7 +478,7 @@ Definition val_mlist_length_using_iter : val :=
val_get 'r. val_get 'r.
Lemma Rule_mlist_length_using_iter : forall A `{EA:Enc A} (L:list A) (p:loc), Lemma Rule_mlist_length_using_iter : forall A `{EA:Enc A} (L:list A) (p:loc),
Triple (val_mlist_length_using_iter `p) Triple (val_mlist_length_using_iter ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (r:int) => \[r = length L] \* p ~> MList L). POST (fun (r:int) => \[r = length L] \* p ~> MList L).
Proof using. Proof using.
...@@ -509,7 +509,7 @@ Definition val_mlist_length_loop : val := ...@@ -509,7 +509,7 @@ Definition val_mlist_length_loop : val :=
val_get 'n. val_get 'n.
Lemma Rule_mlist_length_loop : forall A `{EA:Enc A} (L:list A) (p:loc), Lemma Rule_mlist_length_loop : forall A `{EA:Enc A} (L:list A) (p:loc),
Triple (val_mlist_length_loop `p) Triple (val_mlist_length_loop ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (r:int) => \[r = length L] \* p ~> MList L). POST (fun (r:int) => \[r = length L] \* p ~> MList L).
Proof using. Proof using.
...@@ -550,7 +550,7 @@ Definition val_mlist_incr : val := ...@@ -550,7 +550,7 @@ Definition val_mlist_incr : val :=
) End. ) End.
Lemma Rule_mlist_incr : forall (L:list int) (p:loc), Lemma Rule_mlist_incr : forall (L:list int) (p:loc),
Triple (val_mlist_incr `p) Triple (val_mlist_incr ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (r:unit) => p ~> MList (LibList.map (fun x => x+1) L)). POST (fun (r:unit) => p ~> MList (LibList.map (fun x => x+1) L)).
Proof using. Proof using.
...@@ -582,7 +582,7 @@ Definition val_mlist_in_place_rev : val := ...@@ -582,7 +582,7 @@ Definition val_mlist_in_place_rev : val :=
val_get 's. val_get 's.
Lemma Rule_mlist_in_place_rev : forall A `{EA:Enc A} (L:list A) (p:loc), Lemma Rule_mlist_in_place_rev : forall A `{EA:Enc A} (L:list A) (p:loc),
Triple (val_mlist_in_place_rev `p) Triple (val_mlist_in_place_rev ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (p':loc) => p' ~> MList (rev L)). POST (fun (p':loc) => p' ~> MList (rev L)).
Proof using. Proof using.
...@@ -623,10 +623,10 @@ Definition val_mlist_cps_append : val := ...@@ -623,10 +623,10 @@ Definition val_mlist_cps_append : val :=
Lemma Rule_mlist_cps_append : forall A `{EA:Enc A} (L M:list A) (p q:loc) (k:func), Lemma Rule_mlist_cps_append : forall A `{EA:Enc A} (L M:list A) (p q:loc) (k:func),
forall `{EB: Enc B} (H:hprop) (Q:B->hprop), forall `{EB: Enc B} (H:hprop) (Q:B->hprop),
(forall (r:loc), Triple (k `r) (forall (r:loc), Triple (k ``r)
PRE (r ~> MList (L ++ M) \* H) PRE (r ~> MList (L ++ M) \* H)
POST Q) -> POST Q) ->
Triple (val_mlist_cps_append `p `q `k) Triple (val_mlist_cps_append ``p ``q ``k)
PRE (p ~> MList L \* q ~> MList M \* H) PRE (p ~> MList L \* q ~> MList M \* H)
POST Q. POST Q.
Proof using. Proof using.
...@@ -644,7 +644,7 @@ Proof using. ...@@ -644,7 +644,7 @@ Proof using.
Qed. Qed.
(* Note that K' could be given the following spec, rather than inlining its code: (* Note that K' could be given the following spec, rather than inlining its code:
Triple (k' `r) Triple (k' ``r)
PRE (p ~~> (x,p') \* r ~> Mlist (L'++M) \* H) PRE (p ~~> (x,p') \* r ~> Mlist (L'++M) \* H)
POST Q. POST Q.
*) *)
......
...@@ -188,7 +188,7 @@ Definition val_new_node := ...@@ -188,7 +188,7 @@ Definition val_new_node :=
*) *)
Lemma Rule_new_node : forall x p1 p2, Lemma Rule_new_node : forall x p1 p2,
Triple (val_new_node `x `p1 `p2) Triple (val_new_node ``x ``p1 ``p2)
PRE \[] PRE \[]
POST (fun p => (p ~> Cell x p1 p2)). POST (fun p => (p ~> Cell x p1 p2)).
Proof using. xrule_new_record. Qed. Proof using. xrule_new_record. Qed.
...@@ -213,7 +213,7 @@ Definition val_tree_copy := ...@@ -213,7 +213,7 @@ Definition val_tree_copy :=
Hint Constructors tree_sub. Hint Constructors tree_sub.
Lemma Rule_tree_copy : forall p T, Lemma Rule_tree_copy : forall p T,
Triple (val_tree_copy `p) Triple (val_tree_copy ``p)
PRE (p ~> MTree T) PRE (p ~> MTree T)
POST (fun (p':loc) => (p ~> MTree T) \* (p' ~> MTree T)). POST (fun (p':loc) => (p ~> MTree T) \* (p' ~> MTree T)).
Proof using. Proof using.
...@@ -277,7 +277,7 @@ Qed. ...@@ -277,7 +277,7 @@ Qed.
(* ** Copy of a complete binary tree *) (* ** Copy of a complete binary tree *)
Lemma Rule_tree_copy_complete : forall p T, Lemma Rule_tree_copy_complete : forall p T,
Triple (val_tree_copy `p) Triple (val_tree_copy ``p)
PRE (p ~> MTreeComplete T) PRE (p ~> MTreeComplete T)
POST (fun (p':loc) => (p ~> MTreeComplete T) \* (p' ~> MTreeComplete T)). POST (fun (p':loc) => (p ~> MTreeComplete T) \* (p' ~> MTreeComplete T)).
Proof using. Proof using.
......
...@@ -770,7 +770,7 @@ Additional heap predicates: ...@@ -770,7 +770,7 @@ Additional heap predicates:
- r ~> S notation for [S r] - r ~> S notation for [S r]
Specification syntax: Specification syntax:
- [Triple (f `x `y) PRE H POST (fun (r:typ) => H')] - [Triple (f ``x ``y) PRE H POST (fun (r:typ) => H')]
Tactic for representation predicates [x ~> R X]: Tactic for representation predicates [x ~> R X]:
- [xunfold R] - [xunfold R]
...@@ -798,7 +798,7 @@ Additional relevant files: ...@@ -798,7 +798,7 @@ Additional relevant files:
(** Demo: verification of [incr] *) (** Demo: verification of [incr] *)
Lemma Rule_incr : forall (p:loc) (n:int), Lemma Rule_incr : forall (p:loc) (n:int),
Triple (val_incr `p) Triple (val_incr ``p)
PRE (p ~~> n) PRE (p ~~> n)
POST (fun (r:unit) => p ~~> (n+1)). POST (fun (r:unit) => p ~~> (n+1)).
Proof using. Proof using.
...@@ -812,7 +812,7 @@ Hint Extern 1 (Register_Spec val_incr) => Provide Rule_incr. ...@@ -812,7 +812,7 @@ Hint Extern 1 (Register_Spec val_incr) => Provide Rule_incr.
(** Exercise: [incr2] *) (** Exercise: [incr2] *)
Lemma Rule_incr2 : forall (p:loc) (n:int), Lemma Rule_incr2 : forall (p:loc) (n:int),
Triple (Basic.val_incr_twice `p) Triple (Basic.val_incr_twice ``p)
PRE (p ~~> n) PRE (p ~~> n)
POST (fun (r:unit) => p ~~> (n+2)). POST (fun (r:unit) => p ~~> (n+2)).
Proof using. Proof using.
...@@ -979,7 +979,7 @@ Definition val_mlist_length : val := ...@@ -979,7 +979,7 @@ Definition val_mlist_length : val :=
). ).
Lemma Rule_mlist_length : forall A `{EA:Enc A} (L:list A) (p:loc), Lemma Rule_mlist_length : forall A `{EA:Enc A} (L:list A) (p:loc),
Triple (val_mlist_length `p) Triple (val_mlist_length ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (r:int) => \[r = length L] \* p ~> MList L). POST (fun (r:int) => \[r = length L] \* p ~> MList L).
Proof using. Proof using.
...@@ -996,7 +996,7 @@ Qed. ...@@ -996,7 +996,7 @@ Qed.
Definition val_new_cell : val := val_new_record 2%nat. Definition val_new_cell : val := val_new_record 2%nat.
Lemma Rule_new_cell : forall `{EA:Enc A} (x:A) (q:loc), Lemma Rule_new_cell : forall `{EA:Enc A} (x:A) (q:loc),
Triple (val_new_cell `x `q) Triple (val_new_cell ``x ``q)
PRE \[] PRE \[]
POST (fun p => (p ~> Record`{ hd := x; tl := q })). POST (fun p => (p ~> Record`{ hd := x; tl := q })).
Proof using. xrule_new_record. Qed. Proof using. xrule_new_record. Qed.
...@@ -1019,7 +1019,7 @@ Definition val_mlist_copy := ...@@ -1019,7 +1019,7 @@ Definition val_mlist_copy :=
). ).
Lemma Rule_mlist_copy : forall p (L:list int), Lemma Rule_mlist_copy : forall p (L:list int),
Triple (val_mlist_copy `p) Triple (val_mlist_copy ``p)
PRE (p ~> MList L) PRE (p ~> MList L)
POST (fun (p':loc) => (p ~> MList L) \* (p' ~> MList L)). POST (fun (p':loc) => (p ~> MList L) \* (p' ~> MList L)).
Proof using. Proof using.
......
...@@ -1095,7 +1095,7 @@ Proof using. ...@@ -1095,7 +1095,7 @@ Proof using.
Abort. Abort.
Lemma rule_neq_3'' : forall (v1 v2:int), Lemma rule_neq_3'' : forall (v1 v2:int),
Spec val_neq `[ v1, v2 ] Spec val_neq ``[ v1, v2 ]
\[] \[]
(fun (r:int) => \[r = (If v1 = v2 then 0 else 1)]). (fun (r:int) => \[r = (If v1 = v2 then 0 else 1)]).
Proof using. Proof using.
...@@ -1106,7 +1106,7 @@ Proof using. ...@@ -1106,7 +1106,7 @@ Proof using.
Abort. Abort.
Lemma rule_neq_3'' : forall (v1 v2:int), Lemma rule_neq_3'' : forall (v1 v2:int),
App val_neq '[ `v1, `v2 ] App val_neq '[ ``v1, ``v2 ]
\[] \[]
(fun (r:int) => \[r = (If v1 = v2 then 0 else 1)]). (fun (r:int) => \[r = (If v1 = v2 then 0 else 1)]).
Proof using. Proof using.
...@@ -1122,7 +1122,7 @@ Abort. ...@@ -1122,7 +1122,7 @@ Abort.
(* DEPRECATED (* DEPRECATED
Lemma Rule_eq_int : forall (v1 v2 : int), Lemma Rule_eq_int : forall (v1 v2 : int),
Spec val_eq `[v1, v2] Spec val_eq ``[v1, v2]
\[] \[]
(fun (b:bool) => \[b = isTrue (v1 = v2 :> int)]). (fun (b:bool) => \[b = isTrue (v1 = v2 :> int)]).
Proof using. Proof using.
...@@ -1139,7 +1139,7 @@ Hint Extern 1 (RegisterSpec (val_prim val_eq)) => ...@@ -1139,7 +1139,7 @@ Hint Extern 1 (RegisterSpec (val_prim val_eq)) =>
(* ---------------------------------------------------------------------- *) (* ---------------------------------------------------------------------- *)
(* (*
Notation "` V" := (enc V) (at level 8, format "` V"). Notation "`` V" := (enc V) (at level 8, format "`` V").
*) *)
...@@ -1294,19 +1294,19 @@ Section SpecBasic. ...@@ -1294,19 +1294,19 @@ Section SpecBasic.
Transparent trm_apps apps. (* TODO: fix *) Transparent trm_apps apps. (* TODO: fix *)
Lemma Spec_ref : forall A `{EA:Enc A} (v:A), Lemma Spec_ref : forall A `{EA:Enc A} (v:A),
Spec val_ref `[v] Spec val_ref ``[v]
\[] \[]
(fun (l:loc) => l ~~~> v). (fun (l:loc) => l ~~~> v).
Proof using. intros. applys~ @Rule_ref. Qed. Proof using. intros. applys~ @Rule_ref. Qed.
Lemma Spec_get : forall A `{EA:Enc A} (v:A) l, Lemma Spec_get : forall A `{EA:Enc A} (v:A) l,
Spec val_get `[l] Spec val_get ``[l]
(l ~~~> v) (l ~~~> v)
(fun (x:A) => \[x = v] \* (l ~~~> v)). (fun (x:A) => \[x = v] \* (l ~~~> v)).
Proof using. intros. applys~ Rule_get. Qed. Proof using. intros. applys~ Rule_get. Qed.
Lemma Spec_set : forall A1 A2 `{EA1:Enc A1} `{EA2:Enc A2} l (v:A1) (w:A2), Lemma Spec_set : forall A1 A2 `{EA1:Enc A1} `{EA2:Enc A2} l (v:A1) (w:A2),
Spec val_set `[l,w] Spec val_set ``[l,w]
(l ~~~> v) (l ~~~> v)
(fun (_:unit) => l ~~~> w). (fun (_:unit) => l ~~~> w).
Proof using. intros. applys~ Rule_set. Qed. Proof using. intros. applys~ Rule_set. Qed.
...@@ -1891,21 +1891,21 @@ Proof using. auto. Qed. ...@@ -1891,21 +1891,21 @@ Proof using. auto. Qed.
(* DEPRECATED (* DEPRECATED
Notation "`[ x1 ]" := Notation "``[ x1 ]" :=
((Dyn x1)::nil) ((Dyn x1)::nil)
(at level 0, format "`[ x1 ]") (at level 0, format "``[ x1 ]")
: dyns. : dyns.
Notation "``[ x1 , x2 ]" := Notation "```[ x1 , x2 ]" :=
((Dyn x1)::(Dyn x2)::nil) ((Dyn x1)::(Dyn x2)::nil)
(at level 0, format "`[ x1 , x2 ]") (at level 0, format "``[ x1 , x2 ]")
: dyns. : dyns.
Notation "``[ x1 , x2 , x3 ]" := Notation "```[ x1 , x2 , x3 ]" :=
((Dyn x1)::(Dyn x2)::(Dyn x3)::nil) ((Dyn x1)::(Dyn x2)::(Dyn x3)::nil)
(at level 0, format "`[ x1 , x2 , x3 ]") (at level 0, format "``[ x1 , x2 , x3 ]")
: dyns. : dyns.
Notation "``[ x1 , x2 , x3 , x4 ]" := Notation "```[ x1 , x2 , x3 , x4 ]" :=
((Dyn x1)::(Dyn x2)::(Dyn x3)::(Dyn x4)::nil) ((Dyn x1)::(Dyn x2)::(Dyn x3)::(Dyn x4)::nil)
(at level 0, format "`[ x1 , x2 , x3 , x4 ]") (at level 0, format "``[ x1 , x2 , x3 , x4 ]")
: dyns. : dyns.
*) *)
...@@ -1913,21 +1913,21 @@ Notation "``[ x1 , x2 , x3 , x4 ]" := ...@@ -1913,21 +1913,21 @@ Notation "``[ x1 , x2 , x3 , x4 ]" :=
(* annotated (* annotated
Notation "`[ ]" := ((@nil dyn) : dyns) (format "`[ ]") : dyns_scope. Notation "``[ ]" := ((@nil dyn) : dyns) (format "``[ ]") : dyns_scope.
Notation "`[ x ]" := ((cons (Dyn x) nil) : dyns) : dyns_scope. Notation "``[ x ]" := ((cons (Dyn x) nil) : dyns) : dyns_scope.
Notation "`[ x1 , x2 ]" := Notation "``[ x1 , x2 ]" :=
(((Dyn x1)::(Dyn x2)::nil) : dyns) (((Dyn x1)::(Dyn x2)::nil) : dyns)
(at level 0, format "`[ x1 , x2 ]") (at level 0, format "``[ x1 , x2 ]")
: dyns_scope. : dyns_scope.
Notation "`[ x1 , x2 , x3 ]" := Notation "``[ x1 , x2 , x3 ]" :=
(((Dyn x1)::(Dyn x2)::(Dyn x3)::nil) : dyns) (((Dyn x1)::(Dyn x2)::(Dyn x3)::nil) : dyns)
(at level 0, format "`[ x1 , x2 , x3 ]") (at level 0, format "``[ x1 , x2 , x3 ]")
: dyns_scope. : dyns_scope.
Notation "`[ x1 , x2 , x3 , x4 ]" := Notation "``[ x1 , x2 , x3 , x4 ]" :=
(((Dyn x1)::(Dyn x2)::(Dyn x3)::(Dyn x4)::nil) : dyns) (((Dyn x1)::(Dyn x2)::(Dyn x3)::(Dyn x4)::nil) : dyns)
(at level 0, format "`[ x1 , x2 , x3 , x4 ]") (at level 0, format "``[ x1 , x2 , x3 , x4 ]")
: dyns_scope. : dyns_scope.
*) *)
...@@ -2009,7 +2009,7 @@ Qed. ...@@ -2009,7 +2009,7 @@ Qed.
(* (*
Lemma Spec_eq_int : forall (v1 v2 : int), Lemma Spec_eq_int : forall (v1 v2 : int),
Spec val_eq `[v1, v2] Spec val_eq ``[v1, v2]
\[] \[]
(fun (b:bool) => \[b = isTrue (v1 = v2 :> int)]). (fun (b:bool) => \[b = isTrue (v1 = v2 :> int)]).
Proof using. Proof using.
...@@ -2283,22 +2283,22 @@ Definition Apps (f:val) (Vs:dyns) := ...@@ -2283,22 +2283,22 @@ Definition Apps (f:val) (Vs:dyns) :=
(* ** Specification of primitive operations *) (* ** Specification of primitive operations *)
Lemma Spec_ref : forall A `{EA:Enc A} (v:A), Lemma Spec_ref : forall A `{EA:Enc A} (v:A),
App val_ref `[v] \[] (fun (l:loc) => l ~~~> v). App val_ref ``[v] \[] (fun (l:loc) => l ~~~> v).