Commit 07b93033 authored by Martin Clochard's avatar Martin Clochard

examples/in_progress(wip): 2wp_gen, cont'd

parent c8bbcd4b
(* TODO: complete. *)
module Base
meta compute_max_steps 0x1_000_000
function f (x:('a,'b)) : 'a = let (x,_) = x in x
meta rewrite_def function f
function s (x:('a,'b)) : 'b = let (_,x) = x in x
meta rewrite_def function s
end
(* Decomposition of quantification statements by destructuring
the argument structure. This is intended to be used by compute alone,
so the definitions/lemmas are kept away from the provers sight. *)
module Quant "W:non_conservative_extension:N"
use import HighOrd
type structure
predicate quant_structure bool structure (p:'a -> bool)
val ghost quant_structure_def (_:'a -> bool) : unit
ensures { forall b s,p:'a -> bool.
quant_structure b s p <-> if b then forall y. p y else exists y. p y }
constant def : structure
axiom forall_default : forall p:'a -> bool.
quant_structure true def p <-> forall y. p y
axiom exists_default : forall p:'a -> bool.
quant_structure false def p <-> exists y. p y
meta rewrite prop forall_default
meta rewrite prop exists_default
meta remove_prop prop forall_default
meta remove_prop prop exists_default
function pair structure structure : structure
axiom quant_structure_pair : forall b s1 s2,p:('a,'b) -> bool.
quant_structure b (pair s1 s2) p <->
quant_structure b s1 (\x. quant_structure b s2 (\y. p (x,y)))
meta rewrite prop quant_structure_pair
meta remove_prop prop quant_structure_pair
function cond structure structure : structure
axiom forall_cond : forall s1 s2,p:('a,bool) -> bool.
quant_structure true (cond s1 s2) p <->
quant_structure true s1 (\x. p (x,true)) /\
quant_structure true s2 (\x. p (x,false))
axiom exists_cond : forall s1 s2,p:('a,bool) -> bool.
quant_structure false (cond s1 s2) p <->
quant_structure false s1 (\x. p (x,true)) \/
quant_structure false s2 (\x. p (x,false))
meta rewrite prop forall_cond
meta rewrite prop exists_cond
meta remove_prop prop forall_cond
meta remove_prop prop exists_cond
end
module QuantImpl
use import HighOrd
type structure = int
constant def : int = 0
function pair 'a 'b : int = 0
predicate quant_structure (b:bool) 'b (p:'a -> bool) =
if b then forall x. p x else exists x. p x
let ghost quant_structure_def (_:'b) = ()
clone Quant with type structure = structure,
predicate quant_structure = quant_structure,
val quant_structure_def = quant_structure_def,
function def = def,
goal forall_default,
goal exists_default,
function pair = pair,
goal quant_structure_pair,
function cond = pair,
goal forall_cond,
goal exists_cond
end
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="1" name="Alt-Ergo" version="1.01" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../compute_elts.mlw" expanded="true">
<theory name="Base" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="Quant" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="QuantImpl" sum="345cdf6d746cb7346db087793c271275">
<goal name="WP_parameter quant_structure_def" expl="VC for quant_structure_def">
<proof prover="1"><result status="valid" time="0.00" steps="0"/></proof>
</goal>
<goal name="Quant.forall_default">
<proof prover="1"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
<goal name="Quant.exists_default">
<proof prover="1"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="Quant.quant_structure_pair">
<proof prover="0"><result status="valid" time="0.18"/></proof>
</goal>
<goal name="Quant.forall_cond">
<proof prover="0"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="Quant.exists_cond">
<proof prover="0"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="Quant.WP_parameter Quant quant_structure_def" expl="VC for Quant quant_structure_def">
<proof prover="1"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
</theory>
</file>
</why3session>
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
...@@ -201,7 +201,7 @@ ...@@ -201,7 +201,7 @@
<goal name="chain_subchain_completion"> <goal name="chain_subchain_completion">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="chain_subchain_completion.1" expl="1."> <goal name="chain_subchain_completion.1" expl="1.">
<proof prover="2"><result status="valid" time="0.05" steps="357"/></proof> <proof prover="2"><result status="valid" time="0.16" steps="357"/></proof>
</goal> </goal>
<goal name="chain_subchain_completion.2" expl="2."> <goal name="chain_subchain_completion.2" expl="2.">
<proof prover="2"><result status="valid" time="0.02" steps="28"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="28"/></proof>
...@@ -219,7 +219,7 @@ ...@@ -219,7 +219,7 @@
<proof prover="2"><result status="valid" time="0.02" steps="54"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="54"/></proof>
</goal> </goal>
<goal name="chain_subchain_completion.7" expl="7."> <goal name="chain_subchain_completion.7" expl="7.">
<proof prover="2"><result status="valid" time="0.42" steps="1001"/></proof> <proof prover="2"><result status="valid" time="0.74" steps="1001"/></proof>
</goal> </goal>
<goal name="chain_subchain_completion.8" expl="8."> <goal name="chain_subchain_completion.8" expl="8.">
<proof prover="2"><result status="valid" time="0.04" steps="63"/></proof> <proof prover="2"><result status="valid" time="0.04" steps="63"/></proof>
...@@ -283,7 +283,7 @@ ...@@ -283,7 +283,7 @@
<proof prover="2"><result status="valid" time="0.01" steps="18"/></proof> <proof prover="2"><result status="valid" time="0.01" steps="18"/></proof>
</goal> </goal>
<goal name="order_product.2" expl="2."> <goal name="order_product.2" expl="2.">
<proof prover="1"><result status="valid" time="0.31"/></proof> <proof prover="1"><result status="valid" time="0.49"/></proof>
</goal> </goal>
<goal name="order_product.3" expl="3."> <goal name="order_product.3" expl="3.">
<proof prover="1"><result status="valid" time="0.50"/></proof> <proof prover="1"><result status="valid" time="0.50"/></proof>
...@@ -295,13 +295,13 @@ ...@@ -295,13 +295,13 @@
<proof prover="2"><result status="valid" time="0.02" steps="8"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="8"/></proof>
</goal> </goal>
<goal name="order_product.6" expl="6."> <goal name="order_product.6" expl="6.">
<proof prover="1"><result status="valid" time="0.30"/></proof> <proof prover="1"><result status="valid" time="0.52"/></proof>
</goal> </goal>
<goal name="order_product.7" expl="7."> <goal name="order_product.7" expl="7.">
<proof prover="2"><result status="valid" time="0.02" steps="10"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="10"/></proof>
</goal> </goal>
<goal name="order_product.8" expl="8."> <goal name="order_product.8" expl="8.">
<proof prover="1"><result status="valid" time="0.38"/></proof> <proof prover="1"><result status="valid" time="0.59"/></proof>
</goal> </goal>
<goal name="order_product.9" expl="9."> <goal name="order_product.9" expl="9.">
<proof prover="2"><result status="valid" time="0.01" steps="10"/></proof> <proof prover="2"><result status="valid" time="0.01" steps="10"/></proof>
...@@ -323,7 +323,7 @@ ...@@ -323,7 +323,7 @@
<proof prover="1"><result status="valid" time="0.45"/></proof> <proof prover="1"><result status="valid" time="0.45"/></proof>
</goal> </goal>
<goal name="prod_upper_bound.4" expl="4."> <goal name="prod_upper_bound.4" expl="4.">
<proof prover="1"><result status="valid" time="2.20"/></proof> <proof prover="1"><result status="valid" time="2.59"/></proof>
</goal> </goal>
<goal name="prod_upper_bound.5" expl="5."> <goal name="prod_upper_bound.5" expl="5.">
<proof prover="2"><result status="valid" time="0.02" steps="31"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="31"/></proof>
...@@ -332,7 +332,7 @@ ...@@ -332,7 +332,7 @@
<proof prover="2"><result status="valid" time="0.03" steps="11"/></proof> <proof prover="2"><result status="valid" time="0.03" steps="11"/></proof>
</goal> </goal>
<goal name="prod_upper_bound.7" expl="7."> <goal name="prod_upper_bound.7" expl="7.">
<proof prover="1"><result status="valid" time="3.55"/></proof> <proof prover="1"><result status="valid" time="2.85"/></proof>
</goal> </goal>
<goal name="prod_upper_bound.8" expl="8."> <goal name="prod_upper_bound.8" expl="8.">
<proof prover="2"><result status="valid" time="0.02" steps="11"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="11"/></proof>
...@@ -366,7 +366,7 @@ ...@@ -366,7 +366,7 @@
<proof prover="1"><result status="valid" time="0.68"/></proof> <proof prover="1"><result status="valid" time="0.68"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.4" expl="4."> <goal name="prod_lower_bound.4" expl="4.">
<proof prover="1"><result status="valid" time="5.60"/></proof> <proof prover="1"><result status="valid" time="3.56"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.5" expl="5."> <goal name="prod_lower_bound.5" expl="5.">
<proof prover="2"><result status="valid" time="0.02" steps="42"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="42"/></proof>
...@@ -375,41 +375,41 @@ ...@@ -375,41 +375,41 @@
<proof prover="1"><result status="valid" time="0.63"/></proof> <proof prover="1"><result status="valid" time="0.63"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.7" expl="7."> <goal name="prod_lower_bound.7" expl="7.">
<proof prover="1"><result status="valid" time="6.07"/></proof> <proof prover="1"><result status="valid" time="3.72"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.8" expl="8."> <goal name="prod_lower_bound.8" expl="8.">
<proof prover="1"><result status="valid" time="1.01"/></proof> <proof prover="1"><result status="valid" time="0.61"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.9" expl="9."> <goal name="prod_lower_bound.9" expl="9.">
<proof prover="1"><result status="valid" time="0.67"/></proof> <proof prover="1"><result status="valid" time="0.67"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.10" expl="10."> <goal name="prod_lower_bound.10" expl="10.">
<proof prover="1"><result status="valid" time="0.66"/></proof> <proof prover="1"><result status="valid" time="0.72"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.11" expl="11."> <goal name="prod_lower_bound.11" expl="11.">
<proof prover="1"><result status="valid" time="1.04"/></proof> <proof prover="1"><result status="valid" time="0.55"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.12" expl="12."> <goal name="prod_lower_bound.12" expl="12.">
<proof prover="1"><result status="valid" time="0.86"/></proof> <proof prover="1"><result status="valid" time="0.37"/></proof>
</goal> </goal>
<goal name="prod_lower_bound.13" expl="13."> <goal name="prod_lower_bound.13" expl="13.">
<proof prover="1"><result status="valid" time="1.05"/></proof> <proof prover="1"><result status="valid" time="0.65"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
<goal name="prod_supremum"> <goal name="prod_supremum">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="prod_supremum.1" expl="1."> <goal name="prod_supremum.1" expl="1.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.18" steps="143"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.06" steps="143"/></proof>
</goal> </goal>
<goal name="prod_supremum.2" expl="2."> <goal name="prod_supremum.2" expl="2.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.24" steps="142"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.08" steps="142"/></proof>
</goal> </goal>
<goal name="prod_supremum.3" expl="3."> <goal name="prod_supremum.3" expl="3.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="74"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="74"/></proof>
</goal> </goal>
<goal name="prod_supremum.4" expl="4."> <goal name="prod_supremum.4" expl="4.">
<proof prover="1" steplimit="-1"><result status="valid" time="1.02"/></proof> <proof prover="1" steplimit="-1"><result status="valid" time="0.54"/></proof>
</goal> </goal>
<goal name="prod_supremum.5" expl="5."> <goal name="prod_supremum.5" expl="5.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.16" steps="166"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.16" steps="166"/></proof>
...@@ -430,7 +430,7 @@ ...@@ -430,7 +430,7 @@
<proof prover="2"><result status="valid" time="0.03" steps="5"/></proof> <proof prover="2"><result status="valid" time="0.03" steps="5"/></proof>
</goal> </goal>
<goal name="prod_supremum.11" expl="11."> <goal name="prod_supremum.11" expl="11.">
<proof prover="2"><result status="valid" time="0.92" steps="1436"/></proof> <proof prover="2"><result status="valid" time="1.23" steps="1436"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
...@@ -455,7 +455,7 @@ ...@@ -455,7 +455,7 @@
<proof prover="2" steplimit="-1"><result status="valid" time="0.07" steps="81"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.07" steps="81"/></proof>
</goal> </goal>
<goal name="prod_infimum.7" expl="7."> <goal name="prod_infimum.7" expl="7.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.48"/></proof> <proof prover="1" steplimit="-1"><result status="valid" time="0.72"/></proof>
</goal> </goal>
<goal name="prod_infimum.8" expl="8."> <goal name="prod_infimum.8" expl="8.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.06" steps="200"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.06" steps="200"/></proof>
...@@ -467,7 +467,7 @@ ...@@ -467,7 +467,7 @@
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="5"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="5"/></proof>
</goal> </goal>
<goal name="prod_infimum.11" expl="11."> <goal name="prod_infimum.11" expl="11.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.86" steps="1504"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="1.34" steps="1504"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
...@@ -500,7 +500,7 @@ ...@@ -500,7 +500,7 @@
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="38"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="38"/></proof>
</goal> </goal>
<goal name="prod_chain.9" expl="9."> <goal name="prod_chain.9" expl="9.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.25"/></proof> <proof prover="1" steplimit="-1"><result status="valid" time="0.47"/></proof>
</goal> </goal>
<goal name="prod_chain.10" expl="10."> <goal name="prod_chain.10" expl="10.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.02" steps="17"/></proof> <proof prover="2" steplimit="-1"><result status="valid" time="0.02" steps="17"/></proof>
...@@ -526,22 +526,22 @@ ...@@ -526,22 +526,22 @@
<goal name="prod_q_chain_complete"> <goal name="prod_q_chain_complete">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="prod_q_chain_complete.1" expl="1."> <goal name="prod_q_chain_complete.1" expl="1.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.49"/></proof> <proof prover="1" steplimit="0"><result status="valid" time="0.52"/></proof>
</goal> </goal>
<goal name="prod_q_chain_complete.2" expl="2."> <goal name="prod_q_chain_complete.2" expl="2.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.60"/></proof> <proof prover="1" steplimit="0"><result status="valid" time="0.39"/></proof>
</goal> </goal>
<goal name="prod_q_chain_complete.3" expl="3."> <goal name="prod_q_chain_complete.3" expl="3.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="57"/></proof> <proof prover="2" steplimit="0"><result status="valid" time="0.06" steps="57"/></proof>
</goal> </goal>
<goal name="prod_q_chain_complete.4" expl="4."> <goal name="prod_q_chain_complete.4" expl="4.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.05" steps="106"/></proof> <proof prover="2" steplimit="0"><result status="valid" time="0.07" steps="106"/></proof>
</goal> </goal>
<goal name="prod_q_chain_complete.5" expl="5."> <goal name="prod_q_chain_complete.5" expl="5.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.02" steps="26"/></proof> <proof prover="2" steplimit="0"><result status="valid" time="0.04" steps="26"/></proof>
</goal> </goal>
<goal name="prod_q_chain_complete.6" expl="6."> <goal name="prod_q_chain_complete.6" expl="6.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="36"/></proof> <proof prover="2" steplimit="0"><result status="valid" time="0.04" steps="36"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
......
...@@ -126,9 +126,6 @@ module IterateProof ...@@ -126,9 +126,6 @@ module IterateProof
predicate all_acc (o:'a -> 'a -> bool) (f:'a -> 'a) (x:'a) (y:'a) = predicate all_acc (o:'a -> 'a -> bool) (f:'a -> 'a) (x:'a) (y:'a) =
forall z. tr_reach o f x z /\ o z y -> forall z. tr_reach o f x z /\ o z y ->
acc_on (lower o) (tr_reach o f x) z acc_on (lower o) (tr_reach o f x) z
(*predicate all_not_in (o:'a -> 'a -> bool) (f:'a -> 'a) (x:'a)
(s:'a -> bool) (y:'a) =
forall z. tr_reach o f x z /\ o z y -> not s z*)
lemma tr_reach_wf : forall o f,x:'a. lemma tr_reach_wf : forall o f,x:'a.
order o /\ inflationary o f -> order o /\ inflationary o f ->
...@@ -174,19 +171,27 @@ end ...@@ -174,19 +171,27 @@ end
module ChainExtensionCommon module ChainExtensionCommon
use import option.Option
use import Iterates use import Iterates
use import ho_set.Set use import ho_set.Set
use import ho_rel.Rel
use import order.Chain use import order.Chain
predicate ub_builder (o:'a -> 'a -> bool) (f:('a -> bool) -> 'a) = type ub_builder 'a = set 'a -> option 'a
forall ch. chain o ch -> upper_bound o ch (f ch)
function extends_ch (o:'a -> 'a -> bool) (f:('a -> bool) -> 'a) predicate ub_builder (o:erel 'a) (f:ub_builder 'a) =
(ch:'a -> bool) : 'a -> bool = forall ch. chain o ch -> match f ch with
if chain o ch then add ch (f ch) else ch | None -> true
| Some u -> upper_bound o ch u
end
predicate reach_ch (o:'a -> 'a -> bool) (f:('a -> bool) -> 'a) function extends_ch (o:erel 'a) (f:ub_builder 'a) (ch:set 'a) : set 'a =
(x y:'a -> bool) = if chain o ch then match f ch with
| None -> ch
| Some u -> add ch u
end else ch
predicate reach_ch (o:erel 'a) (f:ub_builder 'a) (x y:set 'a) =
tr_reach (subchain o) (extends_ch o f) x y tr_reach (subchain o) (extends_ch o f) x y
end end
...@@ -197,29 +202,30 @@ end ...@@ -197,29 +202,30 @@ end
module ChainExtension "W:non_conservative_extension:N" module ChainExtension "W:non_conservative_extension:N"
(* => ChainExtensionProof *) (* => ChainExtensionProof *)
use import ho_rel.Rel
use import order.SubChain use import order.SubChain
use export ChainExtensionCommon use export ChainExtensionCommon
axiom extends_inflationary : forall o:'a -> 'a -> bool,f. axiom extends_inflationary : forall o:erel 'a,f.
ub_builder o f -> inflationary (subchain o) (extends_ch o f) ub_builder o f -> inflationary (subchain o) (extends_ch o f)
axiom extends_preserve_chains : forall o:'a -> 'a -> bool,f ch. axiom extends_preserve_chains : forall o:erel 'a,f ch.
ub_builder o f /\ chain o ch /\ reflexive o -> ub_builder o f /\ chain o ch /\ reflexive o ->
chain o (extends_ch o f ch) chain o (extends_ch o f ch)
axiom extends_preserve_wf_chains : forall o:'a -> 'a -> bool,f ch. axiom extends_preserve_wf_chains : forall o:erel 'a,f ch.
ub_builder o f /\ wf_chain o ch /\ reflexive o -> ub_builder o f /\ wf_chain o ch /\ reflexive o ->
wf_chain o (extends_ch o f ch) wf_chain o (extends_ch o f ch)
axiom reach_only_chains : forall o:'a -> 'a -> bool,f ch1 ch2. axiom reach_only_chains : forall o:erel 'a,f ch1 ch2.
ub_builder o f /\ chain o ch1 /\ reach_ch o f ch1 ch2 /\ ub_builder o f /\ chain o ch1 /\ reach_ch o f ch1 ch2 /\
reflexive o -> chain o ch2 reflexive o -> chain o ch2
axiom reach_only_wf_chains : forall o:'a -> 'a -> bool,f ch1 ch2. axiom reach_only_wf_chains : forall o:erel 'a,f ch1 ch2.
ub_builder o f /\ wf_chain o ch1 /\ reach_ch o f ch1 ch2 /\ ub_builder o f /\ wf_chain o ch1 /\ reach_ch o f ch1 ch2 /\
reflexive o -> wf_chain o ch2 reflexive o -> wf_chain o ch2
axiom reach_ch_interval : forall o:'a -> 'a -> bool,f ch1 chm ch2. axiom reach_ch_interval : forall o:erel 'a,f ch1 chm ch2.
ub_builder o f /\ reach_ch o f ch1 ch2 /\ order o /\ ub_builder o f /\ reach_ch o f ch1 ch2 /\ order o /\
subchain o ch1 chm /\ subchain o chm ch2 -> subchain o ch1 chm /\ subchain o chm ch2 ->
reach_ch o f ch1 chm reach_ch o f ch1 chm
...@@ -228,18 +234,24 @@ end ...@@ -228,18 +234,24 @@ end
module ChainExtensionProof module ChainExtensionProof
use import option.Option
use import ho_set.SubsetOrder use import ho_set.SubsetOrder
use import ho_rel.Rel
use import order.SubChain use import order.SubChain
use import order.WfChain use import order.WfChain
use import choice.Choice use import choice.Choice
use import Iterates use import Iterates
use import ChainExtensionCommon use import ChainExtensionCommon
lemma extends_preserve_chains : forall o:'a -> 'a -> bool,f ch. lemma extends_inflationary : forall o:erel 'a,f.
let xt = extends_ch o f in
ub_builder o f -> inflationary (subchain o) xt
lemma extends_preserve_chains : forall o:erel 'a,f ch.
ub_builder o f /\ chain o ch /\ reflexive o -> ub_builder o f /\ chain o ch /\ reflexive o ->
chain o (extends_ch o f ch) chain o (extends_ch o f ch)
lemma extends_preserve_wf_chains : forall o:'a -> 'a -> bool,f ch. lemma extends_preserve_wf_chains : forall o:erel 'a,f ch.
ub_builder o f /\ wf_chain o ch /\ reflexive o -> ub_builder o f /\ wf_chain o ch /\ reflexive o ->
wf_chain o (extends_ch o f ch) wf_chain o (extends_ch o f ch)
by let nx = extends_ch o f ch in by let nx = extends_ch o f ch in
...@@ -252,13 +264,16 @@ module ChainExtensionProof ...@@ -252,13 +264,16 @@ module ChainExtensionProof
so exists z. ch z /\ not o u z /\ o z u so s2 z) so exists z. ch z /\ not o u z /\ o z u so s2 z)
so (forall x y. ch x /\ ch y /\ not o x y /\ not o y x -> false so (forall x y. ch x /\ ch y /\ not o x y /\ not o y x -> false
by s2 x) by s2 x)
) so nx = add ch (f ch) ) so match f ch with
so (exists z. s2 z /\ z <> f ch | None -> nx = ch
so let s3 = inter s2 ch in | Some u -> nx = add ch u
subset s3 ch /\ s3 z so (exists z. s2 z /\ z <> u
so exists z. minimum o s3 z so let s3 = inter s2 ch in
so minimum o s2 z subset s3 ch /\ s3 z
) || (y = f ch so minimum o s2 y) so exists z. minimum o s3 z
so minimum o s2 z
) || (y = u so minimum o s2 y)
end
lemma reach_only_chains : forall o f,ch1 ch2:'a -> bool. lemma reach_only_chains : forall o f,ch1 ch2:'a -> bool.
ub_builder o f /\ reflexive o /\ chain o ch1 /\ reach_ch o f ch1 ch2 -> ub_builder o f /\ reflexive o /\ chain o ch1 /\ reach_ch o f ch1 ch2 ->
...@@ -287,20 +302,23 @@ module ChainExtensionProof ...@@ -287,20 +302,23 @@ module ChainExtensionProof
so (forall ch0. reach_ch o f ch1 ch0 /\ sb ch0 chm -> so (forall ch0. reach_ch o f ch1 ch0 /\ sb ch0 chm ->
sb (xt ch0) chm sb (xt ch0) chm
by if sb (xt ch0) chm then true else by if sb (xt ch0) chm then true else
xt ch0 = add ch0 (f ch0) match f ch0 with
so reach_ch o f ch1 (xt ch0) | None -> false
so (if sb (xt ch0) ch2 then true else | Some f0 -> xt ch0 = add ch0 f0
false by separator sb xt ch0 ch2 so sb ch2 ch0 so reach_ch o f ch1 (xt ch0)
so order sb so sb ch2 ch0) so (if sb (xt ch0) ch2 then true else
so (if not chm (f ch0) then true else false by separator sb xt ch0 ch2 so sb ch2 ch0
false by subset (xt ch0) chm so so order sb so sb ch2 ch0)
forall a b. xt ch0 a /\ chm b /\ not xt ch0 b -> o a b) so (if not chm f0 then true else
so sext ch0 chm false by subset (xt ch0) chm so
by forall x. chm x -> if ch0 x then true else forall a b. xt ch0 a /\ chm b /\ not xt ch0 b -> o a b)
false by ch2 x so not xt ch0 x so xt ch0 (f ch0) so sext ch0 chm
so ch2 (f ch0) so o (f ch0) x so o x (f ch0)) by forall x. chm x -> if ch0 x then true else
/\ (forall chh y. (forall x. chh x -> sb x chm) /\ false by ch2 x so not xt ch0 x so xt ch0 f0
supremum sb chh y -> sb y chm by upper_bound sb chh chm)) so ch2 f0 so o f0 x so o x f0
end)
/\ (forall chh y. (forall x. chh x -> sb x chm) /\
supremum sb chh y -> sb y chm by upper_bound sb chh chm))
clone ChainExtension with clone ChainExtension with
goal extends_inflationary, goal extends_inflationary,
......
...@@ -195,8 +195,6 @@ module TransWf "W:non_conservative_extension:N" (* => TransProof *) ...@@ -195,8 +195,6 @@ module TransWf "W:non_conservative_extension:N" (* => TransProof *)
supremum (gprogress sys) ch sp -> supremum (gprogress sys) ch sp ->
supremum (lprogress sys) (image (local_repr sys) ch) (local_repr sys sp) supremum (lprogress sys) (image (local_repr sys) ch) (local_repr sys sp)
(* Missing: validity is continuous. *)
axiom egame_wf : forall sys:system 'a 'o. axiom egame_wf : forall sys:system 'a 'o.
system_wf sys -> game_wf (egame sys) system_wf sys -> game_wf (egame sys)
...@@ -208,6 +206,7 @@ end ...@@ -208,6 +206,7 @@ end
module Bridge "W:non_conservative_extension:N" (* => TransProof *) module Bridge "W:non_conservative_extension:N" (* => TransProof *)
use import game_fmla.Fmla use import game_fmla.Fmla
use import ho_set.Set
use import Trans use import Trans
axiom egame_enforce : forall sys:system 'a 'o,p qn ql. axiom egame_enforce : forall sys:system 'a 'o,p qn ql.
...@@ -219,15 +218,15 @@ module Bridge "W:non_conservative_extension:N" (* => TransProof *) ...@@ -219,15 +218,15 @@ module Bridge "W:non_conservative_extension:N" (* => TransProof *)
(enforce (st_pre sys p) (st_post sys qn ql) (ugame sys) <-> (enforce (st_pre sys p) (st_post sys qn ql) (ugame sys) <->
forall lg. p (lg 0) -> correct sys qn ql lg) forall lg. p (lg 0) -> correct sys qn ql lg)
(* TODO: correct those axioms, they can't work through st_pre/st_post *) axiom egame_trans : forall sys:system 'a 'o,x y.
axiom egame_trans : false (*forall sys:system 'a 'o,n x y. system_wf sys /\ sys.transition x y ->
let p = st_pre sys ((=) x) in enforce (st_pre sys ((=) x)) (st_post sys ((=) y) none) (egame sys)