examples/in_progress(wip): 2wp_gen, cont'd

13028e76 · Martin Clochard · c35cfb8c · 13028e76 · 13028e76 · 13028e76
Commit 13028e76 authored Jul 04, 2016 by Martin Clochard
3 changed files
--- a/examples/in_progress/2wp_gen/game_wp.mlw
+++ b/examples/in_progress/2wp_gen/game_wp.mlw
@@ -86,6 +86,10 @@ module Wp "W:non_conservative_extension:N" (* Definitions in WpImpl *)
  function ctx_add (qstructure 'a) (enf_hyp 'a 'ig 'il 'o)
                   ('ig -> context 'a) : 'ig -> context 'a

+  (* A potentially useful postcondition for abstractions:
+     empty postcondition. *)
+  function empty_post : 'ig -> 'il -> 'a -> rel 'o 'a
+
  (* Abstraction combinator: replace the backward predicate
     transformer by an explicit interface triple
     (context,precondition,postcondition).
@@ -113,6 +117,18 @@ module Wp "W:non_conservative_extension:N" (* Definitions in WpImpl *)
      abstraction_transformer e.game_strct gf eh }
    ensures { game_sames result e }

+  (* Kontinuation combinator: take an enforcement record that
+     may use a continuation for the place right there as last
+     hypothesis, and send back one which does not need it.
+     Programming analogy: this is call/cc. *)
+  function kontinuation_transformer
+    (transformer 'a 'i 'o) : transformer 'a 'i 'o
+  val ghost ktrap (e:enforce 'a 'i 'o) : enforce 'a 'i 'o
+    requires { enforce_inv e }
+    ensures { enforce_inv result }
+    ensures { game_sames result e }
+    ensures { result.transformp --> kontinuation_transformer e.transformp }
+
  (* Hide away from main namespace definitions & axioms
     related to computation rules *)
  namespace LOCAL
@@ -254,6 +270,28 @@ module Wp "W:non_conservative_extension:N" (* Definitions in WpImpl *)
    meta rewrite prop abstraction_transformer_rule
    meta remove_prop prop abstraction_transformer_rule

+    axiom empty_post_rule :
+      forall xg:'ig,xl:'il,xs:'a,y:'o,ys.
+        empty_post xg xl xs y ys <-> false
+    meta rewrite prop empty_post_rule
+    meta remove_prop prop empty_post_rule
+
+    function kont_pre (q:rel 'o 'a) : 'i -> rel 'o 'a
+    axiom kont_pre_rule : forall q,xl:'i,y:'o,ys:'a.
+      kont_pre q xl y ys <-> q y ys
+    meta rewrite prop kont_pre_rule
+    meta remove_prop prop kont_pre_rule
+
+    axiom kontinuation_transformer_rule :
+      forall t:transformer 'a 'i 'o,ctx q x xs.
+        app_transformer (kontinuation_transformer t) ctx q x xs <->
+        let eh = { pre = kont_pre q; post = empty_post;
+                   pre_strct = q_def; post_strct = q_unit } in
+        let ctx' = ctx_cons (transf_hyp (enf_transf q_def x eh)) ctx in
+        app_transformer t ctx' q x xs
+    meta rewrite prop kontinuation_transformer_rule
+    meta remove_prop prop kontinuation_transformer_rule
+
  end

  (* TODO: erase those, they are harnesses. *)
@@ -726,6 +764,54 @@ module WpImpl
    };
    res

+  (* Second combinator: kontinuation trap. *)
+  function empty_post : 'a -> 'b -> 'c -> 'd -> 'e -> bool =
+    \_ _ _ _ _. false
+  function kontinuation_transformer
+    (t:transformer 'a 'i 'o) : transformer 'a 'i 'o =
+    \ctx q x xs.
+      let eh = { pre = const q; post = empty_post;
+                 pre_strct = q_def; post_strct = q_unit } in
+      t (Cons (enf_hyp x eh) ctx) q x xs
+
+  let ghost ktrap (e:enforce 'a 'i 'o) : enforce 'a 'i 'o
+    requires { enforce_inv e }
+    ensures { result.transformp = kontinuation_transformer e.transformp }
+    ensures { game_sames result e }
+    ensures { enforce_inv result }
+  = let res = { e with transformp = kontinuation_transformer e.transformp } in
+    assert { forall x q ctx.
+      let r = eqv e.game_valid in let o = e.game_order in
+      let cv = conj (vld_fmla r o o) (ordering o) in
+      let cx = hyp_fmla r (ctx_union ctx) in
+      let c = conj cx cv in
+      let p = res.transformp ctx q x in
+      let p2 = related r p in let q2 = related r (e_lift q) in
+      holds c (enforce p2 q2)
+      by is_fmla c
+      so let k = enforce q2 none in
+        holds (conj c k) (enforce p2 q2)
+      by let cx' = conj cx k in
+        let c' = conj cx' cv in
+        holds c' (enforce p2 q2)
+      by let eh = { pre = const q; post = empty_post;
+                    pre_strct = q_def; post_strct = q_unit } in
+        let h0 = enf_hyp x eh in
+        let ctx' = Cons h0 ctx in
+        let cx'' = hyp_fmla r (ctx_union ctx') in
+        (p = e.transformp ctx' q x by sext p (e.transformp ctx' q x))
+      so holds cx' cx''
+      by holds k (hyp_fmla r h0)
+      by let h1 = direct_enf_hyp x eh in
+        holds k (hyp_fmla r h1)
+      by forall pq. h1 pq -> holds k (pre_post_fmla r pq)
+      by let (p',q') = pq in
+        exists xl xs. p' = inter (q xl) ((=) xs)
+      so let p2' = related r p' in let q2' = related r q' in
+        holds k (enforce p2' q2')
+      by subset p2' q2 /\ holds k k
+    };
+    res



@@ -807,15 +893,7 @@ module WpImpl
    weaker_hypothesis h1 h2
  predicate weaker_hypothesis_prelude (h1 h2:hyp 'a) =
    not weaker_hypothesis h1 h2
-  (* TODO/FIXME: For some 'impossible' reason, defining ctx_nil run into
-     opaqueness problems !
-     Apparently, this have to do with ig/context 'a appearing
-     only in the output.
-     This can be fixed by putting extra 'dummy' arguments to mark 'a/'ig,
-     but this is rather inelegant. We will axiomatize it until Why3
-     bug is fixed. *)
-  constant ctx_nil : 'ig -> context 'a (* = \_. Nil *)
-  axiom ctx_nil_def : forall xg:'ig. ctx_nil xg = (Nil:context 'a)
+  constant ctx_nil : 'ig -> context 'a = \_. Nil
  function ctx_add (qstructure 'a)
                   (eh:enf_hyp 'a 'ig 'il 'o)
                   (ctxf:'ig -> context 'a) : 'ig -> context 'a =
@@ -833,8 +911,11 @@ module WpImpl
    function ctx_nil = ctx_nil,
    function ctx_add = ctx_add,
    predicate proof_obligations = proof_obligations_ex,
+    function empty_post = empty_post,
    function abstraction_transformer = abstraction_transformer_ex,
    val abstraction = abstraction_ex,
+    function kontinuation_transformer = kontinuation_transformer,
+    val ktrap = ktrap,
    predicate LOCAL.app_transformer = app_transformer,
    type LOCAL.hyp = hyp,
    type LOCAL.ftransformer = ftransformer,
@@ -870,7 +951,11 @@ module WpImpl
    goal LOCAL.sub_context_empty,
    goal LOCAL.sub_context_add,
    goal LOCAL.sub_context_refl,
-    goal LOCAL.abstraction_transformer_rule
+    goal LOCAL.abstraction_transformer_rule,
+    goal LOCAL.empty_post_rule,
+    function LOCAL.kont_pre = const,
+    goal LOCAL.kont_pre_rule,
+    goal LOCAL.kontinuation_transformer_rule

 end

--- a/examples/in_progress/2wp_gen/game_wp/why3session.xml
+++ b/examples/in_progress/2wp_gen/game_wp/why3session.xml
@@ -7,7 +7,7 @@
 <file name="../game_wp.mlw">
 <theory name="WpCommon" sum="d41d8cd98f00b204e9800998ecf8427e">
 </theory>
-<theory name="Wp" sum="464db0bf829547904ef2b83184b32175">
+<theory name="Wp" sum="ab6d28b684a902b0017a25b19bb36a6f">
 <goal name="WP_parameter test" expl="VC for test">
 <transf name="split_goal_wp">
  <goal name="WP_parameter test.1" expl="1. precondition">
@@ -57,14 +57,14 @@
 </transf>
 </goal>
 </theory>
-<theory name="WpImpl" sum="a65e4eab9e697b05be6478c179070f8a">
+<theory name="WpImpl" sum="e7eb2ee4df032392f4a848f139a4c754">
 <goal name="ctx_hyp_add_fmla">
- <proof prover="0"><result status="valid" time="0.40" steps="740"/></proof>
+ <proof prover="0"><result status="valid" time="0.63" steps="740"/></proof>
 </goal>
 <goal name="enf_transf_identical">
 <transf name="split_goal_wp">
  <goal name="enf_transf_identical.1" expl="1.">
-  <proof prover="1"><result status="valid" time="1.48"/></proof>
+  <proof prover="1"><result status="valid" time="1.97"/></proof>
  </goal>
  <goal name="enf_transf_identical.2" expl="2.">
  <proof prover="1"><result status="valid" time="1.87"/></proof>
@@ -97,7 +97,7 @@
  <proof prover="0"><result status="valid" time="0.09" steps="30"/></proof>
  </goal>
  <goal name="enf_transf_identical.12" expl="12.">
-  <proof prover="1"><result status="valid" time="1.47"/></proof>
+  <proof prover="1"><result status="valid" time="2.44"/></proof>
  </goal>
  <goal name="enf_transf_identical.13" expl="13.">
  <proof prover="0"><result status="valid" time="0.24" steps="252"/></proof>
@@ -197,7 +197,7 @@
  <proof prover="0"><result status="valid" time="0.11" steps="95"/></proof>
  </goal>
  <goal name="weaker_hypothesis_sufficient.5" expl="5.">
-  <proof prover="1"><result status="valid" time="0.74"/></proof>
+  <proof prover="1"><result status="valid" time="1.42"/></proof>
  </goal>
  <goal name="weaker_hypothesis_sufficient.6" expl="6.">
  <proof prover="0"><result status="valid" time="0.07" steps="39"/></proof>
@@ -281,7 +281,7 @@
   <proof prover="0"><result status="valid" time="0.10" steps="16"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.7.3" expl="3.">
-   <proof prover="0"><result status="valid" time="0.93" steps="741"/></proof>
+   <proof prover="0"><result status="valid" time="0.71" steps="741"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.7.4" expl="4.">
   <proof prover="0"><result status="valid" time="0.15" steps="37"/></proof>
@@ -290,7 +290,7 @@
   <proof prover="0"><result status="valid" time="0.10" steps="29"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.7.6" expl="6.">
-   <proof prover="0"><result status="valid" time="4.63" steps="2155"/></proof>
+   <proof prover="0"><result status="valid" time="5.40" steps="2155"/></proof>
   </goal>
  </transf>
  </goal>
@@ -315,7 +315,7 @@
   <proof prover="0"><result status="valid" time="0.35" steps="363"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.7" expl="7.">
-   <proof prover="1"><result status="valid" time="5.46"/></proof>
+   <proof prover="1"><result status="valid" time="6.38"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.8" expl="8.">
   <proof prover="0"><result status="valid" time="0.40" steps="454"/></proof>
@@ -327,7 +327,7 @@
   <proof prover="0"><result status="valid" time="0.24" steps="286"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.11" expl="11.">
-   <proof prover="0"><result status="valid" time="0.64" steps="640"/></proof>
+   <proof prover="0"><result status="valid" time="0.40" steps="640"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.12" expl="12.">
   <proof prover="0"><result status="valid" time="0.29" steps="286"/></proof>
@@ -342,7 +342,7 @@
   <proof prover="0"><result status="valid" time="0.45" steps="559"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.16" expl="16.">
-   <proof prover="0"><result status="valid" time="4.72" steps="4189"/></proof>
+   <proof prover="0"><result status="valid" time="5.73" steps="4189"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.17" expl="17.">
   <proof prover="0"><result status="valid" time="0.10" steps="45"/></proof>
@@ -351,7 +351,7 @@
   <proof prover="0"><result status="valid" time="0.32" steps="359"/></proof>
   </goal>
   <goal name="enforce_inv_reinforced.8.19" expl="19.">
-   <proof prover="0"><result status="valid" time="0.26" steps="347"/></proof>
+   <proof prover="0"><result status="valid" time="0.40" steps="347"/></proof>
   </goal>
  </transf>
  </goal>
@@ -369,7 +369,7 @@
 <goal name="enforce_inv_as_hyp_fmla">
 <transf name="split_goal_wp">
  <goal name="enforce_inv_as_hyp_fmla.1" expl="1.">
-  <proof prover="1"><result status="valid" time="1.09"/></proof>
+  <proof prover="1"><result status="valid" time="1.46"/></proof>
  </goal>
  <goal name="enforce_inv_as_hyp_fmla.2" expl="2.">
  <proof prover="0"><result status="valid" time="0.12" steps="7"/></proof>
@@ -381,7 +381,7 @@
  <proof prover="0"><result status="valid" time="0.10" steps="9"/></proof>
  </goal>
  <goal name="enforce_inv_as_hyp_fmla.5" expl="5.">
-  <proof prover="0"><result status="valid" time="0.32" steps="341"/></proof>
+  <proof prover="0"><result status="valid" time="0.51" steps="341"/></proof>
  </goal>
 </transf>
 </goal>
@@ -394,7 +394,7 @@
  <proof prover="0"><result status="valid" time="0.14" steps="11"/></proof>
  </goal>
  <goal name="enforce_inv_implies_abstraction_inv.3" expl="3.">
-  <proof prover="1"><result status="valid" time="2.97"/></proof>
+  <proof prover="1"><result status="valid" time="4.08"/></proof>
  </goal>
  <goal name="enforce_inv_implies_abstraction_inv.4" expl="4.">
  <proof prover="0"><result status="valid" time="0.17" steps="39"/></proof>
@@ -428,7 +428,7 @@
  <proof prover="0"><result status="valid" time="0.41" steps="223"/></proof>
  </goal>
  <goal name="abstraction_inv_implies_enforce_inv.7" expl="7.">
-  <proof prover="0"><result status="valid" time="1.26" steps="1097"/></proof>
+  <proof prover="0"><result status="valid" time="1.49" steps="1097"/></proof>
  </goal>
  <goal name="abstraction_inv_implies_enforce_inv.8" expl="8.">
  <proof prover="0"><result status="valid" time="0.11" steps="11"/></proof>
@@ -491,6 +491,59 @@
  </goal>
 </transf>
 </goal>
+ <goal name="WP_parameter ktrap" expl="VC for ktrap">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter ktrap.1" expl="1. assertion">
+  <transf name="split_goal_wp">
+   <goal name="WP_parameter ktrap.1.1" expl="1. assertion">
+   <proof prover="0"><result status="valid" time="2.03" steps="1516"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.2" expl="2. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.08" steps="61"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.3" expl="3. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.18" steps="50"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.4" expl="4. VC for ktrap">
+   <proof prover="1"><result status="valid" time="4.34"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.5" expl="5. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.17" steps="194"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.6" expl="6. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.10" steps="7"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.7" expl="7. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.09" steps="39"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.8" expl="8. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.12" steps="12"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.9" expl="9. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.13" steps="189"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.10" expl="10. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.15" steps="50"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.11" expl="11. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.10" steps="65"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.12" expl="12. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.89" steps="718"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.13" expl="13. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.44" steps="340"/></proof>
+   </goal>
+   <goal name="WP_parameter ktrap.1.14" expl="14. VC for ktrap">
+   <proof prover="0"><result status="valid" time="0.16" steps="84"/></proof>
+   </goal>
+  </transf>
+  </goal>
+  <goal name="WP_parameter ktrap.2" expl="2. postcondition">
+  <proof prover="0"><result status="valid" time="0.12" steps="4"/></proof>
+  </goal>
+ </transf>
+ </goal>
 <goal name="WP_parameter expose_quant_structure_def" expl="VC for expose_quant_structure_def">
 <proof prover="0"><result status="valid" time="0.06" steps="5"/></proof>
 </goal>
@@ -500,10 +553,10 @@
  <proof prover="0"><result status="valid" time="0.10" steps="8"/></proof>
  </goal>
  <goal name="enf_transf_match_other_def.2" expl="2.">
-  <proof prover="1"><result status="valid" time="1.38"/></proof>
+  <proof prover="1"><result status="valid" time="1.35"/></proof>
  </goal>
  <goal name="enf_transf_match_other_def.3" expl="3.">
-  <proof prover="1"><result status="valid" time="1.55"/></proof>
+  <proof prover="1"><result status="valid" time="1.28"/></proof>
  </goal>
 </transf>
 </goal>
@@ -513,7 +566,7 @@
 <goal name="enf_transf_other_def">
 <transf name="split_goal_wp">
  <goal name="enf_transf_other_def.1" expl="1.">
-  <proof prover="1"><result status="valid" time="0.63"/></proof>
+  <proof prover="1"><result status="valid" time="1.04"/></proof>
  </goal>
  <goal name="enf_transf_other_def.2" expl="2.">
  <proof prover="0"><result status="valid" time="0.09" steps="29"/></proof>
@@ -596,9 +649,21 @@
 <goal name="Wp.LOCAL.abstraction_transformer_rule">
 <proof prover="0"><result status="valid" time="0.09" steps="45"/></proof>
 </goal>
+ <goal name="Wp.LOCAL.empty_post_rule">
+ <proof prover="0"><result status="valid" time="0.08" steps="1"/></proof>
+ </goal>
+ <goal name="Wp.LOCAL.kont_pre_rule">
+ <proof prover="0"><result status="valid" time="0.13" steps="4"/></proof>
+ </goal>
+ <goal name="Wp.LOCAL.kontinuation_transformer_rule">
+ <proof prover="0"><result status="valid" time="0.11" steps="30"/></proof>
+ </goal>
 <goal name="Wp.WP_parameter   Wp  abstraction" expl="VC for   Wp  abstraction">
 <proof prover="0"><result status="valid" time="0.06" steps="2"/></proof>
 </goal>
+ <goal name="Wp.WP_parameter   Wp  ktrap" expl="VC for   Wp  ktrap">
+ <proof prover="0"><result status="valid" time="0.09" steps="6"/></proof>
+ </goal>
 </theory>
 </file>
 </why3session>
--- a/examples/in_progress/2wp_gen/game_wp/why3shapes.gz
+++ b/examples/in_progress/2wp_gen/game_wp/why3shapes.gz