Skip to content

GitLab

Commit 0a03ce52 authored by MARCHE Claude's avatar MARCHE Claude
Browse files

WP on expressions

parent af9d5d0b
Hide whitespace changes
Inline Side-by-side
examples/hoare_logic/wp2/why3session.xml
View file @ 0a03ce52
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session SYSTEM "/home/marche/why3/share/why3session.dtd">
<!DOCTYPE why3session SYSTEM "/usr/local/share/why3/why3session.dtd">
<why3session
name="hoare_logic/wp2/why3session.xml">
name="examples/hoare_logic/wp2/why3session.xml">
<prover
id="0"
name="Alt-Ergo"
......@@ -29,16 +29,16 @@
<file
name="../wp2.mlw"
verified="true"
expanded="false">
expanded="true">
<theory
name="Imp"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="6" loccnumb="7" loccnume="10"
verified="true"
expanded="false">
expanded="true">
<goal
name="eval_subst_term"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="99" loccnumb="6" loccnume="21"
sum="57686028d06a25fd21f0d145ae3c39cc"
proved="true"
......@@ -56,7 +56,7 @@
</goal>
<goal
name="eval_term_change_free"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="105" loccnumb="6" loccnume="27"
sum="bc8ecc8fa47f6b0378862b9ff6c140b4"
proved="true"
......@@ -74,7 +74,7 @@
</goal>
<goal
name="eval_subst"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="131" loccnumb="6" loccnume="16"
sum="e7187a74f15a81f5d32beb4c7e17ebd5"
proved="true"
......@@ -92,7 +92,7 @@
</goal>
<goal
name="eval_swap"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="137" loccnumb="6" loccnume="15"
sum="df0a3794f91d81e47b10e6e3cbb7ffd5"
proved="true"
......@@ -117,7 +117,7 @@
</goal>
<goal
name="eval_change_free"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="143" loccnumb="6" loccnume="22"
sum="d5dd6566baac671168e7b098cdc7b9d5"
proved="true"
......@@ -135,7 +135,7 @@
</goal>
<goal
name="check_skip"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="158" loccnumb="6" loccnume="16"
sum="d0110d5cf0e45b1a226959c69106f31e"
proved="true"
......@@ -184,7 +184,7 @@
</goal>
<goal
name="steps_non_neg"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="227" loccnumb="6" loccnume="19"
sum="6192ae6d220dcba9ed5131230fef77d7"
proved="true"
......@@ -202,11 +202,11 @@
</goal>
<goal
name="many_steps_seq"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="231" loccnumb="6" loccnume="20"
sum="701bc2e3c241588769058c0765a02a42"
proved="true"
expanded="false"
expanded="true"
shape="ainfix =V6ainfix +ainfix +c1V9V10Aamany_stepsV7V8V5V2V3aSskipV10Aamany_stepsV0V1V4V7V8aSskipV9EIamany_stepsV0V1aSseqV4V5V2V3aSskipV6F">
<proof
prover="3"
......@@ -221,13 +221,13 @@
</theory>
<theory
name="TestSemantics"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="262" loccnumb="7" loccnume="20"
verified="true"
expanded="false">
<goal
name="Test13"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="269" loccnumb="5" loccnume="11"
sum="5a2b877c54aa3fb4478e1df947c07a82"
proved="true"
......@@ -260,7 +260,7 @@
</goal>
<goal
name="Test42"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="272" loccnumb="5" loccnume="11"
sum="26b202b461b9dc6aa38c7c2b25add03f"
proved="true"
......@@ -293,7 +293,7 @@
</goal>
<goal
name="Test0"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="275" loccnumb="5" loccnume="10"
sum="d1efb52f7259cb2f1b22f16b0a97ea9c"
proved="true"
......@@ -326,7 +326,7 @@
</goal>
<goal
name="Test55"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="278" loccnumb="5" loccnume="11"
sum="7c6ef63d0bb6a469fe0d5b3879f63c4f"
proved="true"
......@@ -344,7 +344,7 @@
</goal>
<goal
name="Ass42"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="281" loccnumb="5" loccnume="10"
sum="31aeebca6b452917821f32f389b506bb"
proved="true"
......@@ -377,7 +377,7 @@
</goal>
<goal
name="If42"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="287" loccnumb="5" loccnume="9"
sum="bbc444c8bd41e9036d9ec951e0a915a1"
proved="true"
......@@ -396,17 +396,17 @@
</theory>
<theory
name="HoareLogic"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="302" loccnumb="7" loccnume="17"
verified="true"
expanded="false">
expanded="true">
<goal
name="consequence_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="309" loccnumb="6" loccnume="22"
sum="c1f5595ddd954b6361531a9cb635279b"
proved="true"
expanded="false"
expanded="true"
shape="avalid_tripleV1V4V3Iavalid_fmlaaFimpliesV2V3Iavalid_tripleV0V4V2Iavalid_fmlaaFimpliesV1V0F">
<proof
prover="4"
......@@ -427,7 +427,7 @@
</goal>
<goal
name="skip_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="316" loccnumb="6" loccnume="15"
sum="73e47f5d6901d2f852f0c089cfe9027d"
proved="true"
......@@ -445,7 +445,7 @@
</goal>
<goal
name="assign_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="319" loccnumb="6" loccnume="17"
sum="5ad7f36cb5982497693bbd3917b38dd5"
proved="true"
......@@ -463,7 +463,7 @@
</goal>
<goal
name="seq_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="324" loccnumb="6" loccnume="14"
sum="1a26088dc2dd29482c5092b6ac4ff809"
proved="true"
......@@ -488,7 +488,7 @@
</goal>
<goal
name="if_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="329" loccnumb="6" loccnume="13"
sum="3bebb0334fdf15d6238553f897994e1d"
proved="true"
......@@ -506,7 +506,7 @@
</goal>
<goal
name="assert_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="335" loccnumb="6" loccnume="17"
sum="b11afd1baac4615f908daadec96d093c"
proved="true"
......@@ -524,7 +524,7 @@
</goal>
<goal
name="assert_rule_ext"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="339" loccnumb="6" loccnume="21"
sum="189817af6b3e698754f066618e6681a5"
proved="true"
......@@ -542,7 +542,7 @@
</goal>
<goal
name="while_rule"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="343" loccnumb="6" loccnume="16"
sum="a1136f47e552feb3c79f635b836bda93"
proved="true"
......@@ -560,7 +560,7 @@
</goal>
<goal
name="while_rule_ext"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="348" loccnumb="6" loccnume="20"
sum="2b6ff464c6bc40e843b0c4d2e7536e09"
proved="true"
......@@ -579,13 +579,13 @@
</theory>
<theory
name="WP WP"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="360" loccnumb="7" loccnume="9"
verified="true"
expanded="false">
<goal
name="assigns_refl"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="370" loccnumb="6" loccnume="18"
sum="06b520020b55dcb7f4935d3d5c8e821a"
proved="true"
......@@ -602,7 +602,7 @@
</goal>
<goal
name="assigns_trans"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="373" loccnumb="6" loccnume="19"
sum="faf97b15d0c4bb4b055b5bf87b56bcac"
proved="true"
......@@ -619,7 +619,7 @@
</goal>
<goal
name="assigns_union_left"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="378" loccnumb="6" loccnume="24"
sum="66e032a193a387c492501dc3846056cb"
proved="true"
......@@ -636,7 +636,7 @@
</goal>
<goal
name="assigns_union_right"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="382" loccnumb="6" loccnume="25"
sum="1ed0b8be1cdffeff0d3796c96087a84d"
proved="true"
......@@ -653,7 +653,7 @@
</goal>
<goal
name="WP_parameter compute_writes"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="e1ad5edc34873eaa959f2469771f12b7"
......@@ -665,10 +665,10 @@
<transf
name="split_goal"
proved="true"
expanded="true">
expanded="false">
<goal
name="WP_parameter compute_writes.1"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="a531cd444b99055eef6fcad0ffae99ea"
......@@ -688,7 +688,7 @@
</goal>
<goal
name="WP_parameter compute_writes.2"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="7ad586ff4b17b7097a64232ad0e619f3"
......@@ -709,7 +709,7 @@
</goal>
<goal
name="WP_parameter compute_writes.3"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="1965fac020be25adfc5d4a8de7cd05d7"
......@@ -737,7 +737,7 @@
</goal>
<goal
name="WP_parameter compute_writes.4"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="58552f908345b33a9a5dd914446ddcfb"
......@@ -758,7 +758,7 @@
</goal>
<goal
name="WP_parameter compute_writes.5"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="f29d8147b569ed2a9a09989b7a3d8f40"
......@@ -779,7 +779,7 @@
</goal>
<goal
name="WP_parameter compute_writes.6"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="396" loccnumb="10" loccnume="24"
expl="parameter compute_writes"
sum="8692a4caadb055588117f3c66a461995"
......@@ -802,7 +802,7 @@
</goal>
<goal
name="WP_parameter wp"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="1c4c1bb9c160304e6e0411df18a765b0"
......@@ -814,10 +814,10 @@
<transf
name="split_goal"
proved="true"
expanded="true">
expanded="false">
<goal
name="WP_parameter wp.1"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="d3ca27059c5ec4c3a2403391d70c3d77"
......@@ -869,7 +869,7 @@
</goal>
<goal
name="WP_parameter wp.2"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="6910613be73da88fefc0e98306dc6a78"
......@@ -921,7 +921,7 @@
</goal>
<goal
name="WP_parameter wp.3"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="8f814b54733daa2438b60bae70bdc325"
......@@ -973,7 +973,7 @@
</goal>
<goal
name="WP_parameter wp.4"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="cdd6ff3e6b9b0147ba69efeb36077964"
......@@ -994,7 +994,7 @@
</goal>
<goal
name="WP_parameter wp.5"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="6eac56dea71edb9e615f1d5ae6644293"
......@@ -1046,7 +1046,7 @@
</goal>
<goal
name="WP_parameter wp.6"
locfile="hoare_logic/wp2/../wp2.mlw"
locfile="examples/hoare_logic/wp2/../wp2.mlw"
loclnum="432" loccnumb="10" loccnume="12"
expl="parameter wp"
sum="a445cc5a717592ffc477eb84413d83e4"
......
examples/hoare_logic/wp3.mlw 0 → 100644
View file @ 0a03ce52
(** {1 A certified WP calculus} *)
(** {2 A simple imperative language with expressions, syntax and semantics} *)
theory ImpExpr
use import int.Int
use import bool.Bool
(** types and values *)
type datatype = TYunit | TYint | TYbool
type value = Vvoid | Vint int | Vbool bool
(** terms and formulas *)
type operator = Oplus | Ominus | Omult | Ole
type ident = int
constant result : ident = (-1)
type term =
| Tvalue value
| Tvar ident
| Tderef ident
| Tbin term operator term
type fmla =
| Fterm term
| Fand fmla fmla
| Fnot fmla
| Fimplies fmla fmla
| Flet ident term fmla
| Fforall ident datatype fmla
use map.Map as IdMap
type env = IdMap.map ident value
(** semantics of formulas *)
function eval_bin (x:value) (op:operator) (y:value) : value =
match x,y with
| Vint x,Vint y ->
match op with
| Oplus -> Vint (x+y)
| Ominus -> Vint (x-y)
| Omult -> Vint (x*y)
| Ole -> Vbool (if x <= y then True else False)
end
| _,_ -> Vbool False
end
function get_env (i:ident) (e:env) : value = IdMap.get e i
function eval_term (sigma:env) (pi:env) (t:term) : value =
match t with
| Tvalue v -> v
| Tvar id -> get_env id pi
| Tderef id -> get_env id sigma
| Tbin t1 op t2 ->
eval_bin (eval_term sigma pi t1) op (eval_term sigma pi t2)
end
predicate eval_fmla (sigma:env) (pi:env) (f:fmla) =
match f with
| Fterm t -> eval_term sigma pi t = Vbool True
| Fand f1 f2 -> eval_fmla sigma pi f1 /\ eval_fmla sigma pi f2
| Fnot f -> not (eval_fmla sigma pi f)
| Fimplies f1 f2 -> eval_fmla sigma pi f1 -> eval_fmla sigma pi f2
| Flet x t f ->
eval_fmla sigma (IdMap.set pi x (eval_term sigma pi t)) f
| Fforall x TYint f ->
forall n:int. eval_fmla sigma (IdMap.set pi x (Vint n)) f
| Fforall x TYbool f ->
forall b:bool.
eval_fmla sigma (IdMap.set pi x (Vbool b)) f
| Fforall x TYunit f ->
eval_fmla sigma (IdMap.set pi x Vvoid) f
end
(** substitution of a reference [r] by a logic variable [v]
warning: proper behavior only guaranted if [v] is fresh *)
function subst_term (e:term) (r:ident) (v:ident) : term =
match e with
| Tvalue _ | Tvar _ -> e
| Tderef x -> if r=x then Tvar v else e
| Tbin e1 op e2 -> Tbin (subst_term e1 r v) op (subst_term e2 r v)
end
predicate fresh_in_term (id:ident) (t:term) =
match t with
| Tvalue _ -> true
| Tvar v -> id <> v
| Tderef _ -> true
| Tbin t1 _ t2 -> fresh_in_term id t1 /\ fresh_in_term id t2
end
lemma eval_subst_term:
forall sigma pi:env, e:term, x:ident, v:ident.
fresh_in_term v e ->
eval_term sigma pi (subst_term e x v) =
eval_term (IdMap.set sigma x (IdMap.get pi v)) pi e
lemma eval_term_change_free :
forall t:term, sigma pi:env, id:ident, v:value.
fresh_in_term id t ->
eval_term sigma (IdMap.set pi id v) t = eval_term sigma pi t
predicate fresh_in_fmla (id:ident) (f:fmla) =
match f with
| Fterm e -> fresh_in_term id e
| Fand f1 f2 | Fimplies f1 f2 ->
fresh_in_fmla id f1 /\ fresh_in_fmla id f2
| Fnot f -> fresh_in_fmla id f
| Flet y t f -> id <> y /\ fresh_in_term id t /\ fresh_in_fmla id f
| Fforall y ty f -> id <> y /\ fresh_in_fmla id f
end
function subst (f:fmla) (x:ident) (v:ident) : fmla =
match f with
| Fterm e -> Fterm (subst_term e x v)
| Fand f1 f2 -> Fand (subst f1 x v) (subst f2 x v)
| Fnot f -> Fnot (subst f x v)
| Fimplies f1 f2 -> Fimplies (subst f1 x v) (subst f2 x v)
| Flet y t f -> Flet y (subst_term t x v) (subst f x v)
| Fforall y ty f -> Fforall y ty (subst f x v)
end
lemma eval_subst:
forall f:fmla, sigma pi:env, x:ident, v:ident.
fresh_in_fmla v f ->
(eval_fmla sigma pi (subst f x v) <->
eval_fmla (IdMap.set sigma x (IdMap.get pi v)) pi f)
lemma eval_swap:
forall f:fmla, sigma pi:env, id1 id2:ident, v1 v2:value.
id1 <> id2 ->
(eval_fmla sigma (IdMap.set (IdMap.set pi id1 v1) id2 v2) f <->
eval_fmla sigma (IdMap.set (IdMap.set pi id2 v2) id1 v1) f)
lemma eval_change_free :
forall f:fmla, sigma pi:env, id:ident, v:value.
fresh_in_fmla id f ->
(eval_fmla sigma (IdMap.set pi id v) f <-> eval_fmla sigma pi f)
(* expressions *)
type expr =
| Evalue value
| Ebin expr operator expr
| Evar ident
| Ederef ident
| Eassign ident expr
| Eseq expr expr
| Elet ident expr expr
| Eif expr expr expr
| Eassert fmla
| Ewhile expr fmla expr
constant void : expr = Evalue Vvoid
(*
lemma check_skip:
forall s:stmt. s=Sskip \/s<>Sskip
*)
(** small-steps semantics for statements *)
inductive one_step env env expr env env expr =
| one_step_assign_ctxt:
forall sigma pi sigma' pi':env, x:ident, e e':expr.
one_step sigma pi e sigma' pi' e' ->
one_step sigma pi (Eassign x e)
sigma' pi' (Eassign x e')
| one_step_assign_value:
forall sigma pi:env, x:ident, v:value, e:term.
one_step sigma pi (Eassign x (Evalue v))
(IdMap.set sigma x v) pi void
| one_step_seq_ctxt:
forall sigma pi sigma' pi':env, e1 e1' e2:expr.
one_step sigma pi e1 sigma' pi' e1' ->
one_step sigma pi (Eseq e1 e2) sigma' pi' (Eseq e1' e2)
| one_step_seq_value:
forall sigma pi:env, id:ident, e:expr.
one_step sigma pi (Eseq void e) sigma pi e
| one_step_let_ctxt:
forall sigma pi sigma' pi':env, id:ident, e1 e1' e2:expr.
one_step sigma pi e1 sigma' pi' e1' ->
one_step sigma pi (Elet id e1 e2) sigma' pi' (Elet id e1' e2)
| one_step_let_value:
forall sigma pi:env, id:ident, v:value, e:expr.
one_step sigma pi (Elet id (Evalue v) e) sigma (IdMap.set pi id v) e
| one_step_if_ctxt:
forall sigma pi sigma' pi':env, id:ident, e1 e1' e2 e3:expr.
one_step sigma pi e1 sigma' pi' e1' ->
one_step sigma pi (Eif e1 e2 e3) sigma' pi' (Eif e1' e2 e3)
| one_step_if_true:
forall sigma pi:env, e:term, e1 e2:expr.
one_step sigma pi (Eif (Evalue (Vbool True)) e1 e2) sigma pi e1
| one_step_if_false:
forall sigma pi:env, e:term, e1 e2:expr.
one_step sigma pi (Eif (Evalue (Vbool False)) e1 e2) sigma pi e2
| one_step_assert:
forall sigma pi:env, f:fmla.
eval_fmla sigma pi f ->
one_step sigma pi (Eassert f) sigma pi void
| one_step_while:
forall sigma pi:env, e:expr, inv:fmla, e':expr.
one_step sigma pi (Ewhile e inv e') sigma pi
(Eif e (Eseq e' (Ewhile e inv e')) void)
(***
lemma progress:
forall s:state, i:expr.
i <> Sskip ->
exists s':state, i':expr. one_step s i s' i'
*)
(** many steps of execution *)
inductive many_steps env env expr env env expr int =
| many_steps_refl:
forall sigma pi:env, i:expr. many_steps sigma pi i sigma pi i 0