Commit d5943585 authored by MARCHE Claude's avatar MARCHE Claude

update proofs

parent a815ce53
......@@ -477,12 +477,26 @@ id1 <> id2 ->
(eval_term sigma (l++(Cons (id1,v1) (Cons (id2,v2) pi))) t =
eval_term sigma (l++(Cons (id2,v2) (Cons (id1,v1) pi))) t)
lemma eval_swap:
lemma eval_swap_gen:
forall f:fmla, sigma:env, pi l:stack, id1 id2:ident, v1 v2:value.
id1 <> id2 ->
(eval_fmla sigma (l++(Cons (id1,v1) (Cons (id2,v2) pi))) f <->
eval_fmla sigma (l++(Cons (id2,v2) (Cons (id1,v1) pi))) f)
(*
lemma eval_swap_term_2:
forall t:term, sigma:env, pi:stack, id1 id2:ident, v1 v2:value.
id1 <> id2 ->
(eval_term sigma (Cons (id1,v1) (Cons (id2,v2) pi)) t =
eval_term sigma (Cons (id2,v2) (Cons (id1,v1) pi)) t)
*)
lemma eval_swap:
forall f:fmla, sigma:env, pi:stack, id1 id2:ident, v1 v2:value.
id1 <> id2 ->
(eval_fmla sigma (Cons (id1,v1) (Cons (id2,v2) pi)) f <->
eval_fmla sigma (Cons (id2,v2) (Cons (id1,v1) pi)) f)
lemma eval_term_change_free :
forall t:term, sigma:env, pi:stack, id:ident, v:value.
fresh_in_term id t ->
......
......@@ -358,6 +358,10 @@ Axiom eval_term_change_free : forall (t:term) (sigma:(map mident value))
(pi:(list (ident* value)%type)) (id:ident) (v:value), (fresh_in_term id
t) -> ((eval_term sigma (Cons (id, v) pi) t) = (eval_term sigma pi t)).
Require Import Why3.
Ltac ae := why3 "alt-ergo" timelimit 3.
(* Why3 goal *)
Theorem eval_change_free : forall (f:fmla),
match f with
......@@ -376,7 +380,8 @@ Theorem eval_change_free : forall (f:fmla),
destruct f; auto.
simpl; intros H sigma pi id v (h1 & h2 & h3).
rewrite eval_term_change_free; auto.
pattern (Cons (i, eval_term sigma pi t) (Cons (id, v) pi)); rewrite <- Append_nil_l.
pattern (Cons (i, eval_term sigma pi t) (Cons (id, v) pi)).
rewrite <- Append_nil_l.
rewrite eval_swap; auto.
apply H; auto.
Qed.
......
......@@ -348,16 +348,25 @@ Axiom eval_swap_term : forall (t:term) (sigma:(map mident value)) (pi:(list
(infix_plpl l (Cons (id1, v1) (Cons (id2, v2) pi))) t) = (eval_term sigma
(infix_plpl l (Cons (id2, v2) (Cons (id1, v1) pi))) t)).
Axiom eval_swap : forall (f:fmla) (sigma:(map mident value)) (pi:(list
Axiom eval_swap_gen : forall (f:fmla) (sigma:(map mident value)) (pi:(list
(ident* value)%type)) (l:(list (ident* value)%type)) (id1:ident)
(id2:ident) (v1:value) (v2:value), (~ (id1 = id2)) -> ((eval_fmla sigma
(infix_plpl l (Cons (id1, v1) (Cons (id2, v2) pi))) f) <-> (eval_fmla sigma
(infix_plpl l (Cons (id2, v2) (Cons (id1, v1) pi))) f)).
Axiom eval_swap : forall (f:fmla) (sigma:(map mident value)) (pi:(list
(ident* value)%type)) (id1:ident) (id2:ident) (v1:value) (v2:value),
(~ (id1 = id2)) -> ((eval_fmla sigma (Cons (id1, v1) (Cons (id2, v2) pi))
f) <-> (eval_fmla sigma (Cons (id2, v2) (Cons (id1, v1) pi)) f)).
Axiom eval_term_change_free : forall (t:term) (sigma:(map mident value))
(pi:(list (ident* value)%type)) (id:ident) (v:value), (fresh_in_term id
t) -> ((eval_term sigma (Cons (id, v) pi) t) = (eval_term sigma pi t)).
Require Import Why3.
Ltac ae := why3 "alt-ergo" timelimit 3.
(* Why3 goal *)
Theorem eval_change_free : forall (f:fmla),
match f with
......@@ -374,6 +383,8 @@ Theorem eval_change_free : forall (f:fmla),
((eval_fmla sigma pi f) -> (eval_fmla sigma (Cons (id, v) pi) f))
end.
destruct f; auto.
ae.
(*
simpl.
intros H sigma pi id v (H1 & H2) H3.
destruct d.
......@@ -403,6 +414,7 @@ intro b.
pattern (Cons (i, Vbool b) (Cons (id, v) pi)); rewrite <- Append_nil_l.
rewrite eval_swap; auto.
simpl; apply H; auto.
*)
Qed.
......@@ -354,10 +354,24 @@ Axiom eval_swap : forall (f:fmla) (sigma:(map mident value)) (pi:(list
(infix_plpl l (Cons (id1, v1) (Cons (id2, v2) pi))) f) <-> (eval_fmla sigma
(infix_plpl l (Cons (id2, v2) (Cons (id1, v1) pi))) f)).
Axiom eval_swap_term_2 : forall (t:term) (sigma:(map mident value)) (pi:(list
(ident* value)%type)) (id1:ident) (id2:ident) (v1:value) (v2:value),
(~ (id1 = id2)) -> ((eval_term sigma (Cons (id1, v1) (Cons (id2, v2) pi))
t) = (eval_term sigma (Cons (id2, v2) (Cons (id1, v1) pi)) t)).
Axiom eval_swap_2 : forall (f:fmla) (sigma:(map mident value)) (pi:(list
(ident* value)%type)) (id1:ident) (id2:ident) (v1:value) (v2:value),
(~ (id1 = id2)) -> ((eval_fmla sigma (Cons (id1, v1) (Cons (id2, v2) pi))
f) <-> (eval_fmla sigma (Cons (id2, v2) (Cons (id1, v1) pi)) f)).
Axiom eval_term_change_free : forall (t:term) (sigma:(map mident value))
(pi:(list (ident* value)%type)) (id:ident) (v:value), (fresh_in_term id
t) -> ((eval_term sigma (Cons (id, v) pi) t) = (eval_term sigma pi t)).
Require Import Why3.
Ltac ae := why3 "alt-ergo" timelimit 3.
(* Why3 goal *)
Theorem eval_change_free : forall (f:fmla),
match f with
......@@ -374,35 +388,8 @@ Theorem eval_change_free : forall (f:fmla),
((eval_fmla sigma (Cons (id, v) pi) f) -> (eval_fmla sigma pi f))
end.
destruct f; auto.
simpl; intros.
destruct H0.
destruct d.
(* Vvoid *)
assert
(eval_fmla sigma (infix_plpl (Nil : (list (ident*value)))
(Cons (i, Vvoid) (Cons (id, v) pi))) f =
eval_fmla sigma (Cons (i, Vvoid) (Cons (id, v) pi)) f); auto.
rewrite <- H3 in H1.
rewrite eval_swap in H1; auto.
simpl in H1.
rewrite H in H1; auto.
(* Vint *)
intro n.
rewrite <- (H _ _ id v); auto.
replace (Cons (id, v) (Cons (i, Vint n) pi)) with
(infix_plpl (Nil : (list (ident*value)))
(Cons (id, v) (Cons (i, Vint n) pi))) by auto.
rewrite eval_swap; auto.
apply H1.
(* Vbool *)
intro b.
rewrite <- (H _ _ id v); auto.
pattern (Cons (id, v) (Cons (i, Vbool b) pi)); rewrite <- Append_nil_l.
rewrite eval_swap; auto.
apply H1.
simpl; intros H sigma pi id v (h1 & h2).
destruct d; intros; rewrite <- (H _ _ id v); ae.
Qed.
......@@ -286,8 +286,8 @@ Axiom Cons_append : forall {a:Type} {a_WT:WhyType a}, forall (a1:a) (l1:(list
a)) (l2:(list a)), ((Cons a1 (infix_plpl l1 l2)) = (infix_plpl (Cons a1 l1)
l2)).
Axiom Append_l_nil1 : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)),
((infix_plpl l (Nil :(list a))) = l).
Axiom Append_nil_l : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)),
((infix_plpl (Nil :(list a)) l) = l).
Parameter msubst_term: term -> mident -> ident -> term.
......@@ -374,13 +374,7 @@ Theorem eval_swap : forall (f:fmla),
end.
destruct f; auto.
simpl; intros.
destruct d.
(* Void *)
ae.
(* Int *)
intro; rewrite Cons_append; ae.
(* Bool *)
intro; rewrite Cons_append; ae.
destruct d; intros; rewrite Cons_append; ae.
Qed.
......@@ -286,8 +286,8 @@ Axiom Cons_append : forall {a:Type} {a_WT:WhyType a}, forall (a1:a) (l1:(list
a)) (l2:(list a)), ((Cons a1 (infix_plpl l1 l2)) = (infix_plpl (Cons a1 l1)
l2)).
Axiom Append_l_nil1 : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)),
((infix_plpl l (Nil :(list a))) = l).
Axiom Append_nil_l : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)),
((infix_plpl (Nil :(list a)) l) = l).
Parameter msubst_term: term -> mident -> ident -> term.
......@@ -373,14 +373,8 @@ Theorem eval_swap : forall (f:fmla),
f))
end.
destruct f; auto.
intros.
destruct d; simpl.
(* Void *)
ae.
(* Int *)
intro; rewrite Cons_append; ae.
(* Bool *)
intro; rewrite Cons_append; ae.
simpl; intros.
destruct d; intros; rewrite Cons_append; ae.
Qed.
......@@ -406,6 +406,13 @@ Axiom mem_decomp : forall {a:Type} {a_WT:WhyType a}, forall (x:a) (l:(list
a)), (mem x l) -> exists l1:(list a), exists l2:(list a),
(l = (infix_plpl l1 (Cons x l2))).
Axiom Cons_append : forall {a:Type} {a_WT:WhyType a}, forall (a1:a) (l1:(list
a)) (l2:(list a)), ((Cons a1 (infix_plpl l1 l2)) = (infix_plpl (Cons a1 l1)
l2)).
Axiom Append_nil_l : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)),
((infix_plpl (Nil :(list a)) l) = l).
Parameter msubst_term: term -> mident -> ident -> term.
Axiom msubst_term_def : forall (t:term) (x:mident) (v:ident),
......@@ -471,6 +478,16 @@ Axiom eval_swap : forall (f:fmla) (sigma:(map mident value)) (pi:(list
(infix_plpl l (Cons (id1, v1) (Cons (id2, v2) pi))) f) <-> (eval_fmla sigma
(infix_plpl l (Cons (id2, v2) (Cons (id1, v1) pi))) f)).
Axiom eval_swap_term_2 : forall (t:term) (sigma:(map mident value)) (pi:(list
(ident* value)%type)) (id1:ident) (id2:ident) (v1:value) (v2:value),
(~ (id1 = id2)) -> ((eval_term sigma (Cons (id1, v1) (Cons (id2, v2) pi))
t) = (eval_term sigma (Cons (id2, v2) (Cons (id1, v1) pi)) t)).
Axiom eval_swap_2 : forall (f:fmla) (sigma:(map mident value)) (pi:(list
(ident* value)%type)) (id1:ident) (id2:ident) (v1:value) (v2:value),
(~ (id1 = id2)) -> ((eval_fmla sigma (Cons (id1, v1) (Cons (id2, v2) pi))
f) <-> (eval_fmla sigma (Cons (id2, v2) (Cons (id1, v1) pi)) f)).
Axiom eval_term_change_free : forall (t:term) (sigma:(map mident value))
(pi:(list (ident* value)%type)) (id:ident) (v:value), (fresh_in_term id
t) -> ((eval_term sigma (Cons (id, v) pi) t) = (eval_term sigma pi t)).
......@@ -485,7 +502,7 @@ Axiom fresh_from_fmla : forall (f:fmla), (fresh_in_fmla (fresh_from f) f).
Parameter abstract_effects: stmt -> fmla -> fmla.
Axiom abstract_effects_generalize : forall (sigma:(map mident value))
Axiom abstract_effects_specialize : forall (sigma:(map mident value))
(pi:(list (ident* value)%type)) (s:stmt) (f:fmla), (eval_fmla sigma pi
(abstract_effects s f)) -> (eval_fmla sigma pi f).
......@@ -541,10 +558,10 @@ induction h1; try (simpl; intro; ae).
simpl; intros q (_ & h).
(* need to keep a copy of h *)
generalize h; intro h'.
apply abstract_effects_generalize in h'; simpl in h'; ae.
apply abstract_effects_specialize in h'; simpl in h'; ae.
(* case while false do ... *)
simpl; intros q (_ & h).
apply abstract_effects_generalize in h; simpl in h; ae.
apply abstract_effects_specialize in h; simpl in h; ae.
Qed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment