Commit 13028e76 authored by Martin Clochard

examples/in_progress(wip): 2wp_gen, cont'd

parent c35cfb8c
......@@ -86,6 +86,10 @@ module Wp "W:non_conservative_extension:N" (* Definitions in WpImpl *)
function ctx_add (qstructure 'a) (enf_hyp 'a 'ig 'il 'o)
('ig -> context 'a) : 'ig -> context 'a
(* A potentially useful postcondition for abstractions:
empty postcondition. *)
function empty_post : 'ig -> 'il -> 'a -> rel 'o 'a
(* Abstraction combinator: replace the backward predicate
transformer by an explicit interface triple
......@@ -113,6 +117,18 @@ module Wp "W:non_conservative_extension:N" (* Definitions in WpImpl *)
abstraction_transformer e.game_strct gf eh }
ensures { game_sames result e }
(* Kontinuation combinator: take an enforcement record that
may use a continuation for the place right there as last
hypothesis, and send back one which does not need it.
Programming analogy: this is call/cc. *)
function kontinuation_transformer
(transformer 'a 'i 'o) : transformer 'a 'i 'o
val ghost ktrap (e:enforce 'a 'i 'o) : enforce 'a 'i 'o
requires { enforce_inv e }
ensures { enforce_inv result }
ensures { game_sames result e }
ensures { result.transformp --> kontinuation_transformer e.transformp }
(* Hide away from main namespace definitions & axioms
related to computation rules *)
namespace LOCAL
......@@ -254,6 +270,28 @@ module Wp "W:non_conservative_extension:N" (* Definitions in WpImpl *)
meta rewrite prop abstraction_transformer_rule
meta remove_prop prop abstraction_transformer_rule
axiom empty_post_rule :
forall xg:'ig,xl:'il,xs:'a,y:'o,ys.
empty_post xg xl xs y ys <-> false
meta rewrite prop empty_post_rule
meta remove_prop prop empty_post_rule
function kont_pre (q:rel 'o 'a) : 'i -> rel 'o 'a
axiom kont_pre_rule : forall q,xl:'i,y:'o,ys:'a.
kont_pre q xl y ys <-> q y ys
meta rewrite prop kont_pre_rule
meta remove_prop prop kont_pre_rule
axiom kontinuation_transformer_rule :
forall t:transformer 'a 'i 'o,ctx q x xs.
app_transformer (kontinuation_transformer t) ctx q x xs <->
let eh = { pre = kont_pre q; post = empty_post;
pre_strct = q_def; post_strct = q_unit } in
let ctx' = ctx_cons (transf_hyp (enf_transf q_def x eh)) ctx in
app_transformer t ctx' q x xs
meta rewrite prop kontinuation_transformer_rule
meta remove_prop prop kontinuation_transformer_rule
(* TODO: erase those, they are harnesses. *)
......@@ -726,6 +764,54 @@ module WpImpl
(* Second combinator: kontinuation trap. *)
function empty_post : 'a -> 'b -> 'c -> 'd -> 'e -> bool =
\_ _ _ _ _. false
function kontinuation_transformer
(t:transformer 'a 'i 'o) : transformer 'a 'i 'o =
\ctx q x xs.
let eh = { pre = const q; post = empty_post;
pre_strct = q_def; post_strct = q_unit } in
t (Cons (enf_hyp x eh) ctx) q x xs
let ghost ktrap (e:enforce 'a 'i 'o) : enforce 'a 'i 'o
requires { enforce_inv e }
ensures { result.transformp = kontinuation_transformer e.transformp }
ensures { game_sames result e }
ensures { enforce_inv result }
= let res = { e with transformp = kontinuation_transformer e.transformp } in
assert { forall x q ctx.
let r = eqv e.game_valid in let o = e.game_order in
let cv = conj (vld_fmla r o o) (ordering o) in
let cx = hyp_fmla r (ctx_union ctx) in
let c = conj cx cv in
let p = res.transformp ctx q x in
let p2 = related r p in let q2 = related r (e_lift q) in
holds c (enforce p2 q2)
by is_fmla c
so let k = enforce q2 none in
holds (conj c k) (enforce p2 q2)
by let cx' = conj cx k in
let c' = conj cx' cv in
holds c' (enforce p2 q2)
by let eh = { pre = const q; post = empty_post;
pre_strct = q_def; post_strct = q_unit } in
let h0 = enf_hyp x eh in
let ctx' = Cons h0 ctx in
let cx'' = hyp_fmla r (ctx_union ctx') in
(p = e.transformp ctx' q x by sext p (e.transformp ctx' q x))
so holds cx' cx''
by holds k (hyp_fmla r h0)
by let h1 = direct_enf_hyp x eh in
holds k (hyp_fmla r h1)
by forall pq. h1 pq -> holds k (pre_post_fmla r pq)
by let (p',q') = pq in
exists xl xs. p' = inter (q xl) ((=) xs)
so let p2' = related r p' in let q2' = related r q' in
holds k (enforce p2' q2')
by subset p2' q2 /\ holds k k
......@@ -807,15 +893,7 @@ module WpImpl
weaker_hypothesis h1 h2
predicate weaker_hypothesis_prelude (h1 h2:hyp 'a) =
not weaker_hypothesis h1 h2
(* TODO/FIXME: For some 'impossible' reason, defining ctx_nil run into
opaqueness problems !
Apparently, this have to do with ig/context 'a appearing
only in the output.
This can be fixed by putting extra 'dummy' arguments to mark 'a/'ig,
but this is rather inelegant. We will axiomatize it until Why3
bug is fixed. *)
constant ctx_nil : 'ig -> context 'a (* = \_. Nil *)
axiom ctx_nil_def : forall xg:'ig. ctx_nil xg = (Nil:context 'a)
constant ctx_nil : 'ig -> context 'a = \_. Nil
function ctx_add (qstructure 'a)
(eh:enf_hyp 'a 'ig 'il 'o)
(ctxf:'ig -> context 'a) : 'ig -> context 'a =
......@@ -833,8 +911,11 @@ module WpImpl
function ctx_nil = ctx_nil,
function ctx_add = ctx_add,
predicate proof_obligations = proof_obligations_ex,
function empty_post = empty_post,
function abstraction_transformer = abstraction_transformer_ex,
val abstraction = abstraction_ex,
function kontinuation_transformer = kontinuation_transformer,
val ktrap = ktrap,
predicate LOCAL.app_transformer = app_transformer,
type LOCAL.hyp = hyp,
type LOCAL.ftransformer = ftransformer,
......@@ -870,7 +951,11 @@ module WpImpl
goal LOCAL.sub_context_empty,
goal LOCAL.sub_context_add,
goal LOCAL.sub_context_refl,
goal LOCAL.abstraction_transformer_rule
goal LOCAL.abstraction_transformer_rule,
goal LOCAL.empty_post_rule,
function LOCAL.kont_pre = const,
goal LOCAL.kont_pre_rule,
goal LOCAL.kontinuation_transformer_rule
......@@ -7,7 +7,7 @@
<file name="../game_wp.mlw">
<theory name="WpCommon" sum="d41d8cd98f00b204e9800998ecf8427e">
<theory name="Wp" sum="464db0bf829547904ef2b83184b32175">
<theory name="Wp" sum="ab6d28b684a902b0017a25b19bb36a6f">
<goal name="WP_parameter test" expl="VC for test">
<transf name="split_goal_wp">
<goal name="WP_parameter test.1" expl="1. precondition">
......@@ -57,14 +57,14 @@
<theory name="WpImpl" sum="a65e4eab9e697b05be6478c179070f8a">
<theory name="WpImpl" sum="e7eb2ee4df032392f4a848f139a4c754">
<goal name="ctx_hyp_add_fmla">
<proof prover="0"><result status="valid" time="0.40" steps="740"/></proof>
<proof prover="0"><result status="valid" time="0.63" steps="740"/></proof>
<goal name="enf_transf_identical">
<transf name="split_goal_wp">
<goal name="enf_transf_identical.1" expl="1.">
<proof prover="1"><result status="valid" time="1.48"/></proof>
<proof prover="1"><result status="valid" time="1.97"/></proof>
<goal name="enf_transf_identical.2" expl="2.">
<proof prover="1"><result status="valid" time="1.87"/></proof>
......@@ -97,7 +97,7 @@
<proof prover="0"><result status="valid" time="0.09" steps="30"/></proof>
<goal name="enf_transf_identical.12" expl="12.">
<proof prover="1"><result status="valid" time="1.47"/></proof>
<proof prover="1"><result status="valid" time="2.44"/></proof>
<goal name="enf_transf_identical.13" expl="13.">
<proof prover="0"><result status="valid" time="0.24" steps="252"/></proof>
......@@ -197,7 +197,7 @@
<proof prover="0"><result status="valid" time="0.11" steps="95"/></proof>
<goal name="weaker_hypothesis_sufficient.5" expl="5.">
<proof prover="1"><result status="valid" time="0.74"/></proof>
<proof prover="1"><result status="valid" time="1.42"/></proof>
<goal name="weaker_hypothesis_sufficient.6" expl="6.">
<proof prover="0"><result status="valid" time="0.07" steps="39"/></proof>
......@@ -281,7 +281,7 @@
<proof prover="0"><result status="valid" time="0.10" steps="16"/></proof>
<goal name="enforce_inv_reinforced.7.3" expl="3.">
<proof prover="0"><result status="valid" time="0.93" steps="741"/></proof>
<proof prover="0"><result status="valid" time="0.71" steps="741"/></proof>
<goal name="enforce_inv_reinforced.7.4" expl="4.">
<proof prover="0"><result status="valid" time="0.15" steps="37"/></proof>
......@@ -290,7 +290,7 @@
<proof prover="0"><result status="valid" time="0.10" steps="29"/></proof>
<goal name="enforce_inv_reinforced.7.6" expl="6.">
<proof prover="0"><result status="valid" time="4.63" steps="2155"/></proof>
<proof prover="0"><result status="valid" time="5.40" steps="2155"/></proof>
......@@ -315,7 +315,7 @@
<proof prover="0"><result status="valid" time="0.35" steps="363"/></proof>
<goal name="enforce_inv_reinforced.8.7" expl="7.">
<proof prover="1"><result status="valid" time="5.46"/></proof>
<proof prover="1"><result status="valid" time="6.38"/></proof>
<goal name="enforce_inv_reinforced.8.8" expl="8.">
<proof prover="0"><result status="valid" time="0.40" steps="454"/></proof>
......@@ -327,7 +327,7 @@
<proof prover="0"><result status="valid" time="0.24" steps="286"/></proof>
<goal name="enforce_inv_reinforced.8.11" expl="11.">
<proof prover="0"><result status="valid" time="0.64" steps="640"/></proof>
<proof prover="0"><result status="valid" time="0.40" steps="640"/></proof>
<goal name="enforce_inv_reinforced.8.12" expl="12.">
<proof prover="0"><result status="valid" time="0.29" steps="286"/></proof>
......@@ -342,7 +342,7 @@
<proof prover="0"><result status="valid" time="0.45" steps="559"/></proof>
<goal name="enforce_inv_reinforced.8.16" expl="16.">
<proof prover="0"><result status="valid" time="4.72" steps="4189"/></proof>
<proof prover="0"><result status="valid" time="5.73" steps="4189"/></proof>
<goal name="enforce_inv_reinforced.8.17" expl="17.">
<proof prover="0"><result status="valid" time="0.10" steps="45"/></proof>
......@@ -351,7 +351,7 @@
<proof prover="0"><result status="valid" time="0.32" steps="359"/></proof>
<goal name="enforce_inv_reinforced.8.19" expl="19.">
<proof prover="0"><result status="valid" time="0.26" steps="347"/></proof>
<proof prover="0"><result status="valid" time="0.40" steps="347"/></proof>
......@@ -369,7 +369,7 @@
<goal name="enforce_inv_as_hyp_fmla">
<transf name="split_goal_wp">
<goal name="enforce_inv_as_hyp_fmla.1" expl="1.">
<proof prover="1"><result status="valid" time="1.09"/></proof>
<proof prover="1"><result status="valid" time="1.46"/></proof>
<goal name="enforce_inv_as_hyp_fmla.2" expl="2.">
<proof prover="0"><result status="valid" time="0.12" steps="7"/></proof>
......@@ -381,7 +381,7 @@
<proof prover="0"><result status="valid" time="0.10" steps="9"/></proof>
<goal name="enforce_inv_as_hyp_fmla.5" expl="5.">
<proof prover="0"><result status="valid" time="0.32" steps="341"/></proof>
<proof prover="0"><result status="valid" time="0.51" steps="341"/></proof>
......@@ -394,7 +394,7 @@
<proof prover="0"><result status="valid" time="0.14" steps="11"/></proof>
<goal name="enforce_inv_implies_abstraction_inv.3" expl="3.">
<proof prover="1"><result status="valid" time="2.97"/></proof>
<proof prover="1"><result status="valid" time="4.08"/></proof>
<goal name="enforce_inv_implies_abstraction_inv.4" expl="4.">
<proof prover="0"><result status="valid" time="0.17" steps="39"/></proof>
......@@ -428,7 +428,7 @@
<proof prover="0"><result status="valid" time="0.41" steps="223"/></proof>
<goal name="abstraction_inv_implies_enforce_inv.7" expl="7.">
<proof prover="0"><result status="valid" time="1.26" steps="1097"/></proof>
<proof prover="0"><result status="valid" time="1.49" steps="1097"/></proof>
<goal name="abstraction_inv_implies_enforce_inv.8" expl="8.">
<proof prover="0"><result status="valid" time="0.11" steps="11"/></proof>
......@@ -491,6 +491,59 @@
<goal name="WP_parameter ktrap" expl="VC for ktrap">
<transf name="split_goal_wp">
<goal name="WP_parameter ktrap.1" expl="1. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter ktrap.1.1" expl="1. assertion">
<proof prover="0"><result status="valid" time="2.03" steps="1516"/></proof>
<goal name="WP_parameter ktrap.1.2" expl="2. VC for ktrap">
<proof prover="0"><result status="valid" time="0.08" steps="61"/></proof>
<goal name="WP_parameter ktrap.1.3" expl="3. VC for ktrap">
<proof prover="0"><result status="valid" time="0.18" steps="50"/></proof>
<goal name="WP_parameter ktrap.1.4" expl="4. VC for ktrap">
<proof prover="1"><result status="valid" time="4.34"/></proof>
<goal name="WP_parameter ktrap.1.5" expl="5. VC for ktrap">
<proof prover="0"><result status="valid" time="0.17" steps="194"/></proof>
<goal name="WP_parameter ktrap.1.6" expl="6. VC for ktrap">
<proof prover="0"><result status="valid" time="0.10" steps="7"/></proof>
<goal name="WP_parameter ktrap.1.7" expl="7. VC for ktrap">
<proof prover="0"><result status="valid" time="0.09" steps="39"/></proof>
<goal name="WP_parameter ktrap.1.8" expl="8. VC for ktrap">
<proof prover="0"><result status="valid" time="0.12" steps="12"/></proof>
<goal name="WP_parameter ktrap.1.9" expl="9. VC for ktrap">
<proof prover="0"><result status="valid" time="0.13" steps="189"/></proof>
<goal name="WP_parameter ktrap.1.10" expl="10. VC for ktrap">
<proof prover="0"><result status="valid" time="0.15" steps="50"/></proof>
<goal name="WP_parameter ktrap.1.11" expl="11. VC for ktrap">
<proof prover="0"><result status="valid" time="0.10" steps="65"/></proof>
<goal name="WP_parameter ktrap.1.12" expl="12. VC for ktrap">
<proof prover="0"><result status="valid" time="0.89" steps="718"/></proof>
<goal name="WP_parameter ktrap.1.13" expl="13. VC for ktrap">
<proof prover="0"><result status="valid" time="0.44" steps="340"/></proof>
<goal name="WP_parameter ktrap.1.14" expl="14. VC for ktrap">
<proof prover="0"><result status="valid" time="0.16" steps="84"/></proof>
<goal name="WP_parameter ktrap.2" expl="2. postcondition">
<proof prover="0"><result status="valid" time="0.12" steps="4"/></proof>
<goal name="WP_parameter expose_quant_structure_def" expl="VC for expose_quant_structure_def">
<proof prover="0"><result status="valid" time="0.06" steps="5"/></proof>
......@@ -500,10 +553,10 @@
<proof prover="0"><result status="valid" time="0.10" steps="8"/></proof>
<goal name="enf_transf_match_other_def.2" expl="2.">
<proof prover="1"><result status="valid" time="1.38"/></proof>
<proof prover="1"><result status="valid" time="1.35"/></proof>
<goal name="enf_transf_match_other_def.3" expl="3.">
<proof prover="1"><result status="valid" time="1.55"/></proof>
<proof prover="1"><result status="valid" time="1.28"/></proof>
......@@ -513,7 +566,7 @@
<goal name="enf_transf_other_def">
<transf name="split_goal_wp">
<goal name="enf_transf_other_def.1" expl="1.">
<proof prover="1"><result status="valid" time="0.63"/></proof>
<proof prover="1"><result status="valid" time="1.04"/></proof>
<goal name="enf_transf_other_def.2" expl="2.">
<proof prover="0"><result status="valid" time="0.09" steps="29"/></proof>
......@@ -596,9 +649,21 @@
<goal name="Wp.LOCAL.abstraction_transformer_rule">
<proof prover="0"><result status="valid" time="0.09" steps="45"/></proof>
<goal name="Wp.LOCAL.empty_post_rule">
<proof prover="0"><result status="valid" time="0.08" steps="1"/></proof>
<goal name="Wp.LOCAL.kont_pre_rule">
<proof prover="0"><result status="valid" time="0.13" steps="4"/></proof>
<goal name="Wp.LOCAL.kontinuation_transformer_rule">
<proof prover="0"><result status="valid" time="0.11" steps="30"/></proof>
<goal name="Wp.WP_parameter Wp abstraction" expl="VC for Wp abstraction">
<proof prover="0"><result status="valid" time="0.06" steps="2"/></proof>
<goal name="Wp.WP_parameter Wp ktrap" expl="VC for Wp ktrap">
<proof prover="0"><result status="valid" time="0.09" steps="6"/></proof>
