update examples/hoare_logic/

blocking_semantics3.mlw blocking_semantics4.mlw wp2.mlw wp_total.mlw

update examples/hoare_logic/
blocking_semantics3.mlw blocking_semantics4.mlw wp2.mlw wp_total.mlw
7497d447 · Andrei Paskevich · 03d1c7b2 · 7497d447 · 7497d447 · 7497d447
Commit 7497d447 authored Oct 13, 2012 by Andrei Paskevich
4 changed files
--- a/examples/hoare_logic/blocking_semantics3.mlw
+++ b/examples/hoare_logic/blocking_semantics3.mlw
@@ -28,7 +28,7 @@ lemma mident_decide :
  forall m1 m2: mident. m1 = m2 \/ m1 <> m2

 (** ident for immutable variables *)
-type ident = {| ident_index : int |}
+type ident = { ident_index : int }

 lemma ident_decide :
  forall m1 m2: ident. m1 = m2 \/ m1 <> m2

--- a/examples/hoare_logic/blocking_semantics4.mlw
+++ b/examples/hoare_logic/blocking_semantics4.mlw
@@ -29,7 +29,7 @@ axiom mident_decide :
  forall m1 m2: mident. m1 = m2 \/ m1 <> m2

 (** ident for immutable variables *)
-type ident = {| ident_index : int |}
+type ident = { ident_index : int }
 
 constant result : ident


--- a/examples/hoare_logic/wp2.mlw
+++ b/examples/hoare_logic/wp2.mlw
@@ -393,9 +393,12 @@ predicate stmt_writes (i:stmt) (w:Set.set ident) =
  end


-  let rec compute_writes (s:stmt) : Set.set ident =
-   { }
-    match s with
+  let rec compute_writes (s:stmt) : Set.set ident
+   ensures {
+     forall sigma pi sigma' pi':env, n:int.
+       many_steps sigma pi s sigma' pi' Sskip n ->
+       assigns sigma result sigma' }
+  = match s with
    | Sskip -> Set.empty
    | Sassign i _ -> Set.singleton i
    | Sseq s1 s2 -> Set.union (compute_writes s1) (compute_writes s2)
@@ -403,19 +406,12 @@ predicate stmt_writes (i:stmt) (w:Set.set ident) =
    | Swhile _ _ s -> compute_writes s
    | Sassert _ -> Set.empty
    end
-   { forall sigma pi sigma' pi':env, n:int.
-       many_steps sigma pi s sigma' pi' Sskip n ->
-       assigns sigma result sigma' }

-  val fresh_from_fmla (q:fmla) :
-     { }
-     ident
-     { fresh_in_fmla result q }
+  val fresh_from_fmla (q:fmla) : ident
+    ensures { fresh_in_fmla result q }

-  val abstract_effects (i:stmt) (f:fmla) :
-    { }
-    fmla
-    { forall sigma pi:env. eval_fmla sigma pi result ->
+  val abstract_effects (i:stmt) (f:fmla) : fmla
+    ensures { forall sigma pi:env. eval_fmla sigma pi result ->
        eval_fmla sigma pi f /\
 (***
        forall sigma':env, w:Set.set ident.
@@ -429,9 +425,9 @@ predicate stmt_writes (i:stmt) (w:Set.set ident) =

  use HoareLogic

-  let rec wp (i:stmt) (q:fmla) =
-    { true }
-    match i with
+  let rec wp (i:stmt) (q:fmla)
+    ensures { valid_triple result i q }
+  = match i with
    | Sskip -> q
    | Sseq i1 i2 -> wp i1 (wp i2 q)
    | Sassign x e ->
@@ -450,7 +446,6 @@ predicate stmt_writes (i:stmt) (w:Set.set ident) =
                (Fimplies (Fand (Fnot (Fterm e)) inv) q))) 

    end
-    { valid_triple result i q }


 end

--- a/examples/hoare_logic/wp_total.mlw
+++ b/examples/hoare_logic/wp_total.mlw
@@ -38,7 +38,7 @@ type env = IdMap.map ident value
 type var_env = env
 type ref_env = env

-type state = {| var_env : var_env; ref_env: ref_env |}
+type state = { var_env : var_env; ref_env: ref_env }

 (* semantics of formulas *)

@@ -66,8 +66,8 @@ function eval_term (s:state) (t:term) : value =
  end

 function my_state :state =
-    {| var_env = IdMap.const (Vint 42);
-       ref_env = IdMap.const (Vint 0) |}
+    { var_env = IdMap.const (Vint 42);
+      ref_env = IdMap.const (Vint 0) }

 goal Test13 :
  eval_term my_state (Tconst 13) = Vint 13
@@ -89,20 +89,20 @@ predicate eval_fmla (s:state) (f:fmla) =
  | Fimplies f1 f2 -> eval_fmla s f1 -> eval_fmla s f2
  | Flet x t f ->
      eval_fmla
-        {| var_env = IdMap.set s.var_env x (eval_term s t) ;
-           ref_env = s.ref_env |}
+        { var_env = IdMap.set s.var_env x (eval_term s t) ;
+          ref_env = s.ref_env }
        f
  | Fforall x Tint f ->
     forall n:int.
        eval_fmla
-          {| var_env = IdMap.set s.var_env x (Vint n);
-             ref_env = s.ref_env |}
+          { var_env = IdMap.set s.var_env x (Vint n);
+            ref_env = s.ref_env }
          f
  | Fforall x Tbool f ->
     forall b:bool.
        eval_fmla
-          {| var_env = IdMap.set s.var_env x (Vbool b);
-             ref_env = s.ref_env |}
+          { var_env = IdMap.set s.var_env x (Vbool b);
+            ref_env = s.ref_env }
          f
  end

@@ -119,8 +119,8 @@ function subst_term (e:term) (x:ident) (t:term) : term =
 lemma eval_subst_term:
  forall s:state, e:term, x:ident, t:term.
    eval_term s (subst_term e x t) =
-    eval_term {| var_env = s.var_env;
-                 ref_env = (IdMap.set s.ref_env x (eval_term s t)) |}
+    eval_term { var_env = s.var_env;
+                ref_env = (IdMap.set s.ref_env x (eval_term s t)) }
              e

 function subst (f:fmla) (x:ident) (t:term) : fmla =
@@ -137,8 +137,8 @@ function subst (f:fmla) (x:ident) (t:term) : fmla =
 lemma eval_subst:
  forall f:fmla, s:state, x:ident, t:term.
    eval_fmla s (subst f x t) <->
-    eval_fmla {| var_env = s.var_env;
-                 ref_env = (IdMap.set s.ref_env x (eval_term s t)) |}
+    eval_fmla { var_env = s.var_env;
+                ref_env = (IdMap.set s.ref_env x (eval_term s t)) }
              f

 (* statements *)
@@ -161,8 +161,8 @@ inductive one_step state stmt state stmt =
  | one_step_assign:
      forall s:state, x:ident, e:term.
        one_step s (Sassign x e)
-                 {| var_env = s.var_env;
-                    ref_env = (IdMap.set s.ref_env x (eval_term s e)) |}
+                 { var_env = s.var_env;
+                   ref_env = (IdMap.set s.ref_env x (eval_term s e)) }
                 Sskip

  | one_step_seq:
@@ -340,9 +340,9 @@ module WP

  use import Imp

-  let rec wp (i:stmt) (q:fmla) =
-    { true }
-    match i with
+  let rec wp (i:stmt) (q:fmla)
+    ensures { valid_triple result i q }
+  = match i with
    | Sskip -> q
    | Sseq i1 i2 -> wp i1 (wp i2 q)
    | Sassign x e ->
@@ -363,7 +363,6 @@ module WP
                     (Fimplies (Fand (Fnot (Fterm e)) inv) q))) 

    end
-    { valid_triple result i q }

 end