Commit 07b93033 authored by Martin Clochard's avatar Martin Clochard

examples/in_progress(wip): 2wp_gen, cont'd

parent c8bbcd4b
(* TODO: complete. *)
module Base
meta compute_max_steps 0x1_000_000
function f (x:('a,'b)) : 'a = let (x,_) = x in x
meta rewrite_def function f
function s (x:('a,'b)) : 'b = let (_,x) = x in x
meta rewrite_def function s
end
(* Decomposition of quantification statements by destructuring
the argument structure. This is intended to be used by compute alone,
so the definitions/lemmas are kept away from the provers sight. *)
module Quant "W:non_conservative_extension:N"
use import HighOrd
type structure
predicate quant_structure bool structure (p:'a -> bool)
val ghost quant_structure_def (_:'a -> bool) : unit
ensures { forall b s,p:'a -> bool.
quant_structure b s p <-> if b then forall y. p y else exists y. p y }
constant def : structure
axiom forall_default : forall p:'a -> bool.
quant_structure true def p <-> forall y. p y
axiom exists_default : forall p:'a -> bool.
quant_structure false def p <-> exists y. p y
meta rewrite prop forall_default
meta rewrite prop exists_default
meta remove_prop prop forall_default
meta remove_prop prop exists_default
function pair structure structure : structure
axiom quant_structure_pair : forall b s1 s2,p:('a,'b) -> bool.
quant_structure b (pair s1 s2) p <->
quant_structure b s1 (\x. quant_structure b s2 (\y. p (x,y)))
meta rewrite prop quant_structure_pair
meta remove_prop prop quant_structure_pair
function cond structure structure : structure
axiom forall_cond : forall s1 s2,p:('a,bool) -> bool.
quant_structure true (cond s1 s2) p <->
quant_structure true s1 (\x. p (x,true)) /\
quant_structure true s2 (\x. p (x,false))
axiom exists_cond : forall s1 s2,p:('a,bool) -> bool.
quant_structure false (cond s1 s2) p <->
quant_structure false s1 (\x. p (x,true)) \/
quant_structure false s2 (\x. p (x,false))
meta rewrite prop forall_cond
meta rewrite prop exists_cond
meta remove_prop prop forall_cond
meta remove_prop prop exists_cond
end
module QuantImpl
use import HighOrd
type structure = int
constant def : int = 0
function pair 'a 'b : int = 0
predicate quant_structure (b:bool) 'b (p:'a -> bool) =
if b then forall x. p x else exists x. p x
let ghost quant_structure_def (_:'b) = ()
clone Quant with type structure = structure,
predicate quant_structure = quant_structure,
val quant_structure_def = quant_structure_def,
function def = def,
goal forall_default,
goal exists_default,
function pair = pair,
goal quant_structure_pair,
function cond = pair,
goal forall_cond,
goal exists_cond
end
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="1" name="Alt-Ergo" version="1.01" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../compute_elts.mlw" expanded="true">
<theory name="Base" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="Quant" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="QuantImpl" sum="345cdf6d746cb7346db087793c271275">
<goal name="WP_parameter quant_structure_def" expl="VC for quant_structure_def">
<proof prover="1"><result status="valid" time="0.00" steps="0"/></proof>
</goal>
<goal name="Quant.forall_default">
<proof prover="1"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
<goal name="Quant.exists_default">
<proof prover="1"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="Quant.quant_structure_pair">
<proof prover="0"><result status="valid" time="0.18"/></proof>
</goal>
<goal name="Quant.forall_cond">
<proof prover="0"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="Quant.exists_cond">
<proof prover="0"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="Quant.WP_parameter Quant quant_structure_def" expl="VC for Quant quant_structure_def">
<proof prover="1"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
</theory>
</file>
</why3session>
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -201,7 +201,7 @@
<goal name="chain_subchain_completion">
<transf name="split_goal_wp">
<goal name="chain_subchain_completion.1" expl="1.">
<proof prover="2"><result status="valid" time="0.05" steps="357"/></proof>
<proof prover="2"><result status="valid" time="0.16" steps="357"/></proof>
</goal>
<goal name="chain_subchain_completion.2" expl="2.">
<proof prover="2"><result status="valid" time="0.02" steps="28"/></proof>
......@@ -219,7 +219,7 @@
<proof prover="2"><result status="valid" time="0.02" steps="54"/></proof>
</goal>
<goal name="chain_subchain_completion.7" expl="7.">
<proof prover="2"><result status="valid" time="0.42" steps="1001"/></proof>
<proof prover="2"><result status="valid" time="0.74" steps="1001"/></proof>
</goal>
<goal name="chain_subchain_completion.8" expl="8.">
<proof prover="2"><result status="valid" time="0.04" steps="63"/></proof>
......@@ -283,7 +283,7 @@
<proof prover="2"><result status="valid" time="0.01" steps="18"/></proof>
</goal>
<goal name="order_product.2" expl="2.">
<proof prover="1"><result status="valid" time="0.31"/></proof>
<proof prover="1"><result status="valid" time="0.49"/></proof>
</goal>
<goal name="order_product.3" expl="3.">
<proof prover="1"><result status="valid" time="0.50"/></proof>
......@@ -295,13 +295,13 @@
<proof prover="2"><result status="valid" time="0.02" steps="8"/></proof>
</goal>
<goal name="order_product.6" expl="6.">
<proof prover="1"><result status="valid" time="0.30"/></proof>
<proof prover="1"><result status="valid" time="0.52"/></proof>
</goal>
<goal name="order_product.7" expl="7.">
<proof prover="2"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="order_product.8" expl="8.">
<proof prover="1"><result status="valid" time="0.38"/></proof>
<proof prover="1"><result status="valid" time="0.59"/></proof>
</goal>
<goal name="order_product.9" expl="9.">
<proof prover="2"><result status="valid" time="0.01" steps="10"/></proof>
......@@ -323,7 +323,7 @@
<proof prover="1"><result status="valid" time="0.45"/></proof>
</goal>
<goal name="prod_upper_bound.4" expl="4.">
<proof prover="1"><result status="valid" time="2.20"/></proof>
<proof prover="1"><result status="valid" time="2.59"/></proof>
</goal>
<goal name="prod_upper_bound.5" expl="5.">
<proof prover="2"><result status="valid" time="0.02" steps="31"/></proof>
......@@ -332,7 +332,7 @@
<proof prover="2"><result status="valid" time="0.03" steps="11"/></proof>
</goal>
<goal name="prod_upper_bound.7" expl="7.">
<proof prover="1"><result status="valid" time="3.55"/></proof>
<proof prover="1"><result status="valid" time="2.85"/></proof>
</goal>
<goal name="prod_upper_bound.8" expl="8.">
<proof prover="2"><result status="valid" time="0.02" steps="11"/></proof>
......@@ -366,7 +366,7 @@
<proof prover="1"><result status="valid" time="0.68"/></proof>
</goal>
<goal name="prod_lower_bound.4" expl="4.">
<proof prover="1"><result status="valid" time="5.60"/></proof>
<proof prover="1"><result status="valid" time="3.56"/></proof>
</goal>
<goal name="prod_lower_bound.5" expl="5.">
<proof prover="2"><result status="valid" time="0.02" steps="42"/></proof>
......@@ -375,41 +375,41 @@
<proof prover="1"><result status="valid" time="0.63"/></proof>
</goal>
<goal name="prod_lower_bound.7" expl="7.">
<proof prover="1"><result status="valid" time="6.07"/></proof>
<proof prover="1"><result status="valid" time="3.72"/></proof>
</goal>
<goal name="prod_lower_bound.8" expl="8.">
<proof prover="1"><result status="valid" time="1.01"/></proof>
<proof prover="1"><result status="valid" time="0.61"/></proof>
</goal>
<goal name="prod_lower_bound.9" expl="9.">
<proof prover="1"><result status="valid" time="0.67"/></proof>
</goal>
<goal name="prod_lower_bound.10" expl="10.">
<proof prover="1"><result status="valid" time="0.66"/></proof>
<proof prover="1"><result status="valid" time="0.72"/></proof>
</goal>
<goal name="prod_lower_bound.11" expl="11.">
<proof prover="1"><result status="valid" time="1.04"/></proof>
<proof prover="1"><result status="valid" time="0.55"/></proof>
</goal>
<goal name="prod_lower_bound.12" expl="12.">
<proof prover="1"><result status="valid" time="0.86"/></proof>
<proof prover="1"><result status="valid" time="0.37"/></proof>
</goal>
<goal name="prod_lower_bound.13" expl="13.">
<proof prover="1"><result status="valid" time="1.05"/></proof>
<proof prover="1"><result status="valid" time="0.65"/></proof>
</goal>
</transf>
</goal>
<goal name="prod_supremum">
<transf name="split_goal_wp">
<goal name="prod_supremum.1" expl="1.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.18" steps="143"/></proof>
<proof prover="2" steplimit="-1"><result status="valid" time="0.06" steps="143"/></proof>
</goal>
<goal name="prod_supremum.2" expl="2.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.24" steps="142"/></proof>
<proof prover="2" steplimit="-1"><result status="valid" time="0.08" steps="142"/></proof>
</goal>
<goal name="prod_supremum.3" expl="3.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="74"/></proof>
</goal>
<goal name="prod_supremum.4" expl="4.">
<proof prover="1" steplimit="-1"><result status="valid" time="1.02"/></proof>
<proof prover="1" steplimit="-1"><result status="valid" time="0.54"/></proof>
</goal>
<goal name="prod_supremum.5" expl="5.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.16" steps="166"/></proof>
......@@ -430,7 +430,7 @@
<proof prover="2"><result status="valid" time="0.03" steps="5"/></proof>
</goal>
<goal name="prod_supremum.11" expl="11.">
<proof prover="2"><result status="valid" time="0.92" steps="1436"/></proof>
<proof prover="2"><result status="valid" time="1.23" steps="1436"/></proof>
</goal>
</transf>
</goal>
......@@ -455,7 +455,7 @@
<proof prover="2" steplimit="-1"><result status="valid" time="0.07" steps="81"/></proof>
</goal>
<goal name="prod_infimum.7" expl="7.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.48"/></proof>
<proof prover="1" steplimit="-1"><result status="valid" time="0.72"/></proof>
</goal>
<goal name="prod_infimum.8" expl="8.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.06" steps="200"/></proof>
......@@ -467,7 +467,7 @@
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="5"/></proof>
</goal>
<goal name="prod_infimum.11" expl="11.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.86" steps="1504"/></proof>
<proof prover="2" steplimit="-1"><result status="valid" time="1.34" steps="1504"/></proof>
</goal>
</transf>
</goal>
......@@ -500,7 +500,7 @@
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="38"/></proof>
</goal>
<goal name="prod_chain.9" expl="9.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.25"/></proof>
<proof prover="1" steplimit="-1"><result status="valid" time="0.47"/></proof>
</goal>
<goal name="prod_chain.10" expl="10.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.02" steps="17"/></proof>
......@@ -526,22 +526,22 @@
<goal name="prod_q_chain_complete">
<transf name="split_goal_wp">
<goal name="prod_q_chain_complete.1" expl="1.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.49"/></proof>
<proof prover="1" steplimit="0"><result status="valid" time="0.52"/></proof>
</goal>
<goal name="prod_q_chain_complete.2" expl="2.">
<proof prover="1" steplimit="-1"><result status="valid" time="0.60"/></proof>
<proof prover="1" steplimit="0"><result status="valid" time="0.39"/></proof>
</goal>
<goal name="prod_q_chain_complete.3" expl="3.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="57"/></proof>
<proof prover="2" steplimit="0"><result status="valid" time="0.06" steps="57"/></proof>
</goal>
<goal name="prod_q_chain_complete.4" expl="4.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.05" steps="106"/></proof>
<proof prover="2" steplimit="0"><result status="valid" time="0.07" steps="106"/></proof>
</goal>
<goal name="prod_q_chain_complete.5" expl="5.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.02" steps="26"/></proof>
<proof prover="2" steplimit="0"><result status="valid" time="0.04" steps="26"/></proof>
</goal>
<goal name="prod_q_chain_complete.6" expl="6.">
<proof prover="2" steplimit="-1"><result status="valid" time="0.03" steps="36"/></proof>
<proof prover="2" steplimit="0"><result status="valid" time="0.04" steps="36"/></proof>
</goal>
</transf>
</goal>
......
......@@ -126,9 +126,6 @@ module IterateProof
predicate all_acc (o:'a -> 'a -> bool) (f:'a -> 'a) (x:'a) (y:'a) =
forall z. tr_reach o f x z /\ o z y ->
acc_on (lower o) (tr_reach o f x) z
(*predicate all_not_in (o:'a -> 'a -> bool) (f:'a -> 'a) (x:'a)
(s:'a -> bool) (y:'a) =
forall z. tr_reach o f x z /\ o z y -> not s z*)
lemma tr_reach_wf : forall o f,x:'a.
order o /\ inflationary o f ->
......@@ -174,19 +171,27 @@ end
module ChainExtensionCommon
use import option.Option
use import Iterates
use import ho_set.Set
use import ho_rel.Rel
use import order.Chain
predicate ub_builder (o:'a -> 'a -> bool) (f:('a -> bool) -> 'a) =
forall ch. chain o ch -> upper_bound o ch (f ch)
type ub_builder 'a = set 'a -> option 'a
function extends_ch (o:'a -> 'a -> bool) (f:('a -> bool) -> 'a)
(ch:'a -> bool) : 'a -> bool =
if chain o ch then add ch (f ch) else ch
predicate ub_builder (o:erel 'a) (f:ub_builder 'a) =
forall ch. chain o ch -> match f ch with
| None -> true
| Some u -> upper_bound o ch u
end
predicate reach_ch (o:'a -> 'a -> bool) (f:('a -> bool) -> 'a)
(x y:'a -> bool) =
function extends_ch (o:erel 'a) (f:ub_builder 'a) (ch:set 'a) : set 'a =
if chain o ch then match f ch with
| None -> ch
| Some u -> add ch u
end else ch
predicate reach_ch (o:erel 'a) (f:ub_builder 'a) (x y:set 'a) =
tr_reach (subchain o) (extends_ch o f) x y
end
......@@ -197,29 +202,30 @@ end
module ChainExtension "W:non_conservative_extension:N"
(* => ChainExtensionProof *)
use import ho_rel.Rel
use import order.SubChain
use export ChainExtensionCommon
axiom extends_inflationary : forall o:'a -> 'a -> bool,f.
axiom extends_inflationary : forall o:erel 'a,f.
ub_builder o f -> inflationary (subchain o) (extends_ch o f)
axiom extends_preserve_chains : forall o:'a -> 'a -> bool,f ch.
axiom extends_preserve_chains : forall o:erel 'a,f ch.
ub_builder o f /\ chain o ch /\ reflexive o ->
chain o (extends_ch o f ch)
axiom extends_preserve_wf_chains : forall o:'a -> 'a -> bool,f ch.
axiom extends_preserve_wf_chains : forall o:erel 'a,f ch.
ub_builder o f /\ wf_chain o ch /\ reflexive o ->
wf_chain o (extends_ch o f ch)
axiom reach_only_chains : forall o:'a -> 'a -> bool,f ch1 ch2.
axiom reach_only_chains : forall o:erel 'a,f ch1 ch2.
ub_builder o f /\ chain o ch1 /\ reach_ch o f ch1 ch2 /\
reflexive o -> chain o ch2
axiom reach_only_wf_chains : forall o:'a -> 'a -> bool,f ch1 ch2.
axiom reach_only_wf_chains : forall o:erel 'a,f ch1 ch2.
ub_builder o f /\ wf_chain o ch1 /\ reach_ch o f ch1 ch2 /\
reflexive o -> wf_chain o ch2
axiom reach_ch_interval : forall o:'a -> 'a -> bool,f ch1 chm ch2.
axiom reach_ch_interval : forall o:erel 'a,f ch1 chm ch2.
ub_builder o f /\ reach_ch o f ch1 ch2 /\ order o /\
subchain o ch1 chm /\ subchain o chm ch2 ->
reach_ch o f ch1 chm
......@@ -228,18 +234,24 @@ end
module ChainExtensionProof
use import option.Option
use import ho_set.SubsetOrder
use import ho_rel.Rel
use import order.SubChain
use import order.WfChain
use import choice.Choice
use import Iterates
use import ChainExtensionCommon
lemma extends_preserve_chains : forall o:'a -> 'a -> bool,f ch.
lemma extends_inflationary : forall o:erel 'a,f.
let xt = extends_ch o f in
ub_builder o f -> inflationary (subchain o) xt
lemma extends_preserve_chains : forall o:erel 'a,f ch.
ub_builder o f /\ chain o ch /\ reflexive o ->
chain o (extends_ch o f ch)
lemma extends_preserve_wf_chains : forall o:'a -> 'a -> bool,f ch.
lemma extends_preserve_wf_chains : forall o:erel 'a,f ch.
ub_builder o f /\ wf_chain o ch /\ reflexive o ->
wf_chain o (extends_ch o f ch)
by let nx = extends_ch o f ch in
......@@ -252,13 +264,16 @@ module ChainExtensionProof
so exists z. ch z /\ not o u z /\ o z u so s2 z)
so (forall x y. ch x /\ ch y /\ not o x y /\ not o y x -> false
by s2 x)
) so nx = add ch (f ch)
so (exists z. s2 z /\ z <> f ch
) so match f ch with
| None -> nx = ch
| Some u -> nx = add ch u
so (exists z. s2 z /\ z <> u
so let s3 = inter s2 ch in
subset s3 ch /\ s3 z
so exists z. minimum o s3 z
so minimum o s2 z
) || (y = f ch so minimum o s2 y)
) || (y = u so minimum o s2 y)
end
lemma reach_only_chains : forall o f,ch1 ch2:'a -> bool.
ub_builder o f /\ reflexive o /\ chain o ch1 /\ reach_ch o f ch1 ch2 ->
......@@ -287,18 +302,21 @@ module ChainExtensionProof
so (forall ch0. reach_ch o f ch1 ch0 /\ sb ch0 chm ->
sb (xt ch0) chm
by if sb (xt ch0) chm then true else
xt ch0 = add ch0 (f ch0)
match f ch0 with
| None -> false
| Some f0 -> xt ch0 = add ch0 f0
so reach_ch o f ch1 (xt ch0)
so (if sb (xt ch0) ch2 then true else
false by separator sb xt ch0 ch2 so sb ch2 ch0
so order sb so sb ch2 ch0)
so (if not chm (f ch0) then true else
so (if not chm f0 then true else
false by subset (xt ch0) chm so
forall a b. xt ch0 a /\ chm b /\ not xt ch0 b -> o a b)
so sext ch0 chm
by forall x. chm x -> if ch0 x then true else
false by ch2 x so not xt ch0 x so xt ch0 (f ch0)
so ch2 (f ch0) so o (f ch0) x so o x (f ch0))
false by ch2 x so not xt ch0 x so xt ch0 f0
so ch2 f0 so o f0 x so o x f0
end)
/\ (forall chh y. (forall x. chh x -> sb x chm) /\
supremum sb chh y -> sb y chm by upper_bound sb chh chm))
......
......@@ -195,8 +195,6 @@ module TransWf "W:non_conservative_extension:N" (* => TransProof *)
supremum (gprogress sys) ch sp ->
supremum (lprogress sys) (image (local_repr sys) ch) (local_repr sys sp)
(* Missing: validity is continuous. *)
axiom egame_wf : forall sys:system 'a 'o.
system_wf sys -> game_wf (egame sys)
......@@ -208,6 +206,7 @@ end
module Bridge "W:non_conservative_extension:N" (* => TransProof *)
use import game_fmla.Fmla
use import ho_set.Set
use import Trans
axiom egame_enforce : forall sys:system 'a 'o,p qn ql.
......@@ -219,15 +218,15 @@ module Bridge "W:non_conservative_extension:N" (* => TransProof *)
(enforce (st_pre sys p) (st_post sys qn ql) (ugame sys) <->
forall lg. p (lg 0) -> correct sys qn ql lg)
(* TODO: correct those axioms, they can't work through st_pre/st_post *)
axiom egame_trans : false (*forall sys:system 'a 'o,n x y.
let p = st_pre sys ((=) x) in
let q = st_post sys ((=) y) in
system_wf sys -> enforce p q (egame sys)*)
axiom ugame_trans : false (*forall sys:system 'a 'o,n x.
let p = st_pre sys ((=) x) in
let q = st_post sys (* TODO: incorrect for post here. *)none none in
system_wf sys -> enforce p q (ugame sys)*)
axiom egame_trans : forall sys:system 'a 'o,x y.
system_wf sys /\ sys.transition x y ->
enforce (st_pre sys ((=) x)) (st_post sys ((=) y) none) (egame sys)
axiom ugame_trans : forall sys:system 'a 'o,x.
system_wf sys /\ (exists y. sys.transition x y) ->
enforce (st_pre sys ((=) x))
(st_post sys (sys.transition x) none)
(ugame sys)
end
......@@ -466,6 +465,7 @@ module TransProof
use import order.SubChain
use import order.LimUniq
use import fn.Fun
use import game.StratProps
use import game_fmla.Fmla
use import transfinite.Iterates
use import transfinite.ChainExtension
......@@ -495,13 +495,16 @@ module TransProof
"induction" tr_reach o1 f1 b1 ch -> transit sys ch)
by (forall ch. reach_ch og st ((=) sx) ch /\ transit sys ch ->
let nch = extends_ch og st ch in
transit sys nch by let nst = st ch in
forall n. n >= 0 /\ urange nst.time (n+1) ->
transit sys nch by "case_split" match st ch with
| None -> true
| Some nst -> nch = add ch nst
so forall n. n >= 0 /\ urange nst.time (n+1) ->
sys.transition (nst.log n) (nst.log (n+1))
by let sp0 = sup og ch in
let a = ang sp0 ch in
let d = dmn a in
"case_split" if ch sp0 /\ g.G.transition sp0 a /\ a d
supremum og ch sp0
so "case_split" if ch sp0 /\ g.G.transition sp0 a /\ a d
then (if sp0 = d then true else
match sp0.time with
| None -> false
......@@ -515,13 +518,15 @@ module TransProof
end by successor sys stc sp0.log d
end by osucc sys sp0 d) by nst = d so og sp0 d
else (ch sx by subset ((=) sx) ch by sbg ((=) sx) ch)
so (supremum og ch nst by chain og ch so exists sp. supremum og ch sp)
so (supremum og ch nst by chain og ch
so exists sp. supremum og ch sp)
so "case_split" if ch sp0 then true else
maxless og ch
so go_beyond ch (n+1)
so exists s0. ch s0 /\ urange s0.time (n+1)
so og s0 nst so urange s0.time n
so s0.log n = nst.log n /\ s0.log (n+1) = nst.log (n+1)
end
) /\ (forall chh sp. chain (subchain og) chh /\ chh ((=) sx) /\
(forall ch. chh ch -> transit sys ch) /\
supremum (subchain og) chh sp -> transit sys sp
......@@ -558,6 +563,8 @@ module TransProof
let og = eg.G.progress in
exists ch. reach_ch og st ((=) sx) ch /\
win_at eg ps ang dmn ch
so not (supless og ch so subchain og ((=) sx) ch so ch sx
so q_chain_complete og)
so exists sy. (maximum og ch sy
so (ch sx by subset ((=) sx) ch by subchain og ((=) sx) ch
by order (subchain og) by order og)
......@@ -614,21 +621,27 @@ module TransProof
(forall o1 f1 b1 ch. o1 = sbg /\ f1 = xt /\ b1 = (=) sx ->
"induction" tr_reach o1 f1 b1 ch -> all_log_coh lg ch)
by (forall ch. reach_ch og st ((=) sx) ch /\ all_log_coh lg ch ->
all_log_coh lg (xt ch) by let nst = st ch in log_coh lg 0 nst
all_log_coh lg (xt ch) by "case_split" match st ch with
| None -> xt ch = ch
| Some nst -> (xt ch = add ch nst by chain og ch)
so log_coh lg 0 nst
by let sp0 = sup og ch in
let a = ang sp0 ch in
let d = dmn a in
if ch sp0 /\ ug.G.transition sp0 a /\ a d
then log_coh lg 0 d by let x = choice (inter a (log_coh lg 0)) in
supremum og ch sp0
so if ch sp0 /\ ug.G.transition sp0 a /\ a d
then d = nst so log_coh lg 0 d
by let x = choice (inter a (log_coh lg 0)) in
log_coh lg 0 x || log_coh lg 0 d
else (ch sx by subset ((=) sx) ch by sbg ((=) sx) ch by order sbg)
so (supremum og ch nst by chain og ch so exists sp. supremum og ch sp)
so nst = sp0
so if ch sp0 then true else maxless og ch
so forall n. 0 <= n -> nst.log n = lg n
by go_beyond ch (n+1)
so exists s0. ch s0 /\ urange s0.time (n+1)
so og s0 nst so urange s0.time n
so lg n = s0.log (n+0) = nst.log n
end
) /\ (forall chh sp. chain sbg chh /\ supremum sbg chh sp /\
(forall ch. chh ch -> all_log_coh lg ch) ->
all_log_coh lg sp by sp = bigunion chh)
......@@ -652,6 +665,8 @@ module TransProof
exists ch. reach_ch og st ((=) sx) ch /\
win_at ug ps ang dmn ch
so transit sys ch
so not (supless og ch so subchain og ((=) sx) ch so ch sx
so q_chain_complete og)
so exists sy.
(maximum og ch sy
so ch sy so (log_coh lg 0 sy by all_log_coh lg ch)
......@@ -733,7 +748,6 @@ module TransProof
end
))
use import game_fmla.Subgame
use import game_fmla.FmlaRules
function nlog (tm:int) (lg:int -> 'a) (z:'a) : int -> 'a =
......@@ -977,6 +991,25 @@ module TransProof
)
end
(* Immediate application: translate transition steps into enforcements
properties. *)
lemma egame_trans : forall sys:system 'a 'o,x y.
system_wf sys /\ sys.transition x y ->
let eg = egame sys in
let p = (=) x in let q = (=) y in
enforce (st_pre sys p) (st_post sys q none) eg
by forall x. p x -> (exists lg. x = lg 0 /\ reach sys q none lg)
by let lg = \n. if n <= 0 then x else y in
reach sys q none lg by fin_reach sys q lg 1
lemma ugame_trans : forall sys:system 'a 'o,x y.
system_wf sys /\ sys.transition x y ->
let ug = ugame sys in
let p = (=) x in let q = sys.transition x in
enforce (st_pre sys p) (st_post sys q none) ug
by forall lg. p (lg 0) -> correct sys q none lg
by fin_correct sys q lg 0 \/ fin_correct sys q lg 1
clone TransWf with
goal q_chain_complete_countable_complete,
goal gprogress_order,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment