Commit 5a6b6c7d authored by Martin Clochard's avatar Martin Clochard

in progress: formalization of why3 logic

parent ddaf081e
This diff is collapsed.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="5" memlimit="1000"/>
<file name="../logic_impl.mlw" expanded="true">
<theory name="Ident" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="Ty" sum="647747069782e1e4ffb5377c8643e469" expanded="true">
<goal name="WP_parameter tyl_inv" expl="VC for tyl_inv" expanded="true">
<proof prover="0"><result status="valid" time="0.06" steps="159"/></proof>
</goal>
</theory>
<theory name="Term" sum="17b5dd1ac03d587acacfe140e3923fef" expanded="true">
<goal name="WP_parameter ts_constr_env_inv" expl="VC for ts_constr_env_inv" expanded="true">
<proof prover="0"><result status="valid" time="0.05" steps="21"/></proof>
</goal>
</theory>
</file>
</why3session>
......@@ -19,9 +19,14 @@ module Env
tys_belong : ty_symbol -> bool;
(* Type symbol arities. *)
tys_arity : ty_symbol -> int;
(* Set of known constructors associated to the type.
If there is one, then the set is exhaustive. *)
(* Set of known constructors associated to the type. *)
tys_constr : ty_symbol -> lsymbol -> bool;
(* Is the set of constructors complete ?
Added because:
1) In Why3 internals an incomplete situation is perfectly possible !
2) It fit much better to an incremental framework where constructors are
likely to be added one by one anyway. *)
tys_constr_complete : ty_symbol -> bool;
(* Built-in type symbol for propositions. *)
tys_prop : ty_symbol;
(* Logical symbols belonging to the signature. *)
......@@ -34,6 +39,8 @@ module Env
ls_args : lsymbol -> list ty;
(* Types for logical symbols return values. *)
ls_ret : lsymbol -> ty;
(* Built-in logical symbol for equality. *)
ls_equ : lsymbol;
}
predicate tys_alg (sig:signature) (tys:ty_symbol) =
......@@ -63,6 +70,11 @@ module Env
| Cons x q -> ty_wf sig x /\ tyl_wf sig q
end
function ty_prop (sig:signature) : ty =
TyApp sig.tys_prop Nil
constant eq_args : list ty = Cons (TyVar 0) (Cons (TyVar 0) Nil)
(* Build the list of type variables [0;1;...;n-1].
Corresponds to the list of type arguments for polymorphic constructors. *)
function constr_ty_list (a b:int) : list ty
......@@ -102,7 +114,11 @@ module Env
ty_vars_in (range 0 n) sig.tys_belong (sig.ls_ret f) /\
tyl_vars_in (range 0 n) sig.tys_belong (sig.ls_args f) /\
ty_wf sig (sig.ls_ret f) /\
tyl_wf sig (sig.ls_args f))
tyl_wf sig (sig.ls_args f)) /\
(* Equality is a logical symbol with scheme 'a. 'a -> 'a -> prop *)
sig.ls_belong sig.ls_equ /\
sig.ls_ret sig.ls_equ = ty_prop sig /\
sig.ls_args sig.ls_equ = eq_args
predicate env_wf (sig:signature) (env:ty_env 'tv) =
forall x. env.tv_belong x -> ty_wf sig (env.tv_ty x)
......@@ -124,9 +140,6 @@ module Env
function ty_ret (sig:signature) (f:lsymbol) (tyl:list ty) : ty =
ty_subst_ret tyl (sig.ls_ret f)
function ty_prop (sig:signature) : ty =
TyApp sig.tys_prop Nil
(* Well-formedness dependencies. *)
predicate sig_ty_congruence (a:ty_symbol -> bool) (sig1 sig2:signature) =
forall x. a x -> (sig1.tys_belong x <-> sig2.tys_belong x) /\
......@@ -346,7 +359,7 @@ module Pattern
| Some _ , _ | _ , Some _ -> ("keep_on_simp" true) && false
| _ -> false end }
| Nil , Nil -> ()
| _ -> assert { "keep_on_simp" true }
| _ -> "keep_on_simp" ()
end
(* Types of collected variables are well-formed. *)
......@@ -396,8 +409,40 @@ module Pattern
(a skeleton pattern is a pattern containing only constructors and
wildcards).
Any other way would requires some form of pattern compilation,
which we want to avoid. *)
which we want to avoid.
NOTE: Since we now have to handle incomplete patterns, we now
have a missing skeleton: a pattern matching absolutely nothing known
(can be easily coded using some PVar).
However, such pattern can only be allowed iff the signature say that
the type being matched has incomplete constructors, e.g values that
cannot be decomposed.
=> We have to switch from skeleton patterns to skeleton patterns for
a given type. *)
(* Well-typed skeletons. *)
predicate skeleton_wty (sig:signature) (pat:pattern) (ty:ty) =
match pat with
| PWild -> true
| PVar _ -> match ty with
| TyApp tys _ -> not sig.tys_constr_complete tys
| _ -> true
end
| PApp f tyl pl -> tyl_wf sig tyl /\
sig.ls_ty_arity f = length tyl /\
sig.ls_constr f /\ ty_ret sig f tyl = ty /\
skeleton_l_wty sig pl (ty_args sig f tyl)
| _ -> false
end
with skeleton_l_wty (sig:signature) (patl:list pattern) (tyl:list ty) =
match patl , tyl with
| Cons p q , Cons typ tyq -> skeleton_wty sig p typ /\
skeleton_l_wty sig q tyq
| Nil , Nil -> true
| _ -> false
end
(*
predicate pat_skeleton (pat:pattern) =
match pat with
| PWild -> true
......@@ -409,7 +454,7 @@ module Pattern
match patl with
| Nil -> true
| Cons x q -> pat_skeleton x /\ patl_skeleton q
end
end*)
predicate pat_skeleton_match (p1 p2:pattern) =
match p1 , p2 with
......@@ -435,8 +480,7 @@ module Pattern
end
predicate exhaustive (sig:signature) (brl:list (branch 'tv)) (ty:ty) =
forall pat. pat_skeleton pat /\ pat_wty sig pat ty ->
case_skeleton_match pat brl
forall pat. skeleton_wty sig pat ty -> case_skeleton_match pat brl
end
......
......@@ -171,4 +171,25 @@ module Choice
end
module Finite
use import HO
use import int.Int
predicate finite ('a -> bool)
function cardinal ('a -> bool) : int
axiom finite_empty : finite (none:'a -> bool)
axiom finite_add : forall x,y:'a. finite x -> finite (update x y true)
axiom finite_remove : forall x,y:'a. finite x -> finite (update x y false)
axiom cardinal_empty : cardinal (none:'a -> bool) = 0
axiom cardinal_positive : forall x:'a -> bool. finite x -> cardinal x >= 0
axiom cardinal_add : forall x,y:'a.
finite x -> not x y -> cardinal (update x y true) = cardinal x + 1
let lemma cardinal_remove (x:'a -> bool) (y:'a)
requires { finite x /\ x y }
ensures { cardinal (update x y false) = cardinal x - 1 }
= assert { extensional_equal (update (update x y false) y true) x }
end
......@@ -85,5 +85,17 @@
<proof prover="0"><result status="valid" time="0.01" steps="2"/></proof>
</goal>
</theory>
<theory name="Finite" sum="7bd24662c8f9c694425089ee7fd83fb5" expanded="true">
<goal name="WP_parameter cardinal_remove" expl="VC for cardinal_remove">
<transf name="split_goal_wp">
<goal name="WP_parameter cardinal_remove.1" expl="1. assertion">
<proof prover="0"><result status="valid" time="0.02" steps="26"/></proof>
</goal>
<goal name="WP_parameter cardinal_remove.2" expl="2. postcondition">
<proof prover="0"><result status="valid" time="0.02" steps="12"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
</why3session>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment