-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make WeakestPrecondition.cmd complete wrt Semantics.exec
#361
Merged
Merged
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
9f6b294
define a WP.cmd' in terms of exec, might soon replace WP.cmd
samuelgruetter aa6b219
dead simple `call` based on `map.get`
samuelgruetter 18d9e85
convert from "fs everywhere" to "env everywhere"
samuelgruetter b83d340
instead of unfold1_cmd_goal, eapply lemma_corresponding_to_command
samuelgruetter 069a89d
wip "env everywhere" approach
samuelgruetter 88c5d5e
make WeakestPrecondition.cmd complete wrt exec
samuelgruetter 8fa2cc3
hardcode env implementation in bedrock2.Semantics,
samuelgruetter a20ca4d
add back program/Proper_program because it's used by rupicola
samuelgruetter 54e32e1
cp Semantics.v MetricSemantics.v
samuelgruetter 4eed032
bedrock2.Semantics is now metrics-free, and metrics are in MetricSema…
samuelgruetter c0efbad
refinement lemmas for induction over command syntax
samuelgruetter 6faf7a0
delete WP.v (opaque Module), only LAN9250 needed fixing
samuelgruetter fb4def2
LiveVerif: wp_cmd is exec instead of WeakestPrecondition.cmd
samuelgruetter 5ff215e
env doesn't really need to be an Instance, it seems
samuelgruetter 535eec4
fix argument order in refinement
samuelgruetter File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| (* These lemmas can be useful when proving a refinement and induction over the | ||
| statement rather than over its exec derivation is preferred *) | ||
|
|
||
| Require Import Coq.ZArith.ZArith. | ||
| Require Import coqutil.Word.Bitwidth. | ||
| Require Import coqutil.Map.Interface. | ||
| Require Import bedrock2.Syntax bedrock2.Semantics. | ||
|
|
||
| Section WithParams. | ||
| Context {width: Z} {BW: Bitwidth width} {word: word.word width}. | ||
| Context {mem: map.map word Byte.byte}. | ||
| Context {locals: map.map String.string word}. | ||
| Context {ext_spec: bedrock2.Semantics.ExtSpec}. | ||
|
|
||
| Definition refinement(c1 c2: cmd) := forall functions t m l post, | ||
| Semantics.exec.exec functions c1 t m l post -> | ||
| Semantics.exec.exec functions c2 t m l post. | ||
|
|
||
| Lemma refinement_while: forall test body1 body2, | ||
| refinement body1 body2 -> | ||
| refinement (cmd.while test body1) (cmd.while test body2). | ||
| Proof. | ||
| unfold refinement. intros * R *. | ||
| remember (cmd.while test body1) as c1. intros. revert Heqc1. | ||
| induction H; intros; subst; inversion Heqc1; subst. | ||
| - eapply Semantics.exec.while_false; eassumption. | ||
| - eapply Semantics.exec.while_true; try eassumption. | ||
| { unfold refinement in R. | ||
| eapply R. eassumption. } | ||
| intros. | ||
| eapply H3; eauto. | ||
| Qed. | ||
|
|
||
| Lemma refinement_seq: forall c1 c2 c1' c2', | ||
| refinement c1 c1' -> | ||
| refinement c2 c2' -> | ||
| refinement (cmd.seq c1 c2) (cmd.seq c1' c2'). | ||
| Proof. | ||
| intros * R1 R2 functions t m l post H. | ||
| unfold refinement in *. | ||
| inversion H. subst. clear H. | ||
| eapply Semantics.exec.seq. | ||
| - eapply R1. eassumption. | ||
| - intros * Hmid. eapply R2. eauto. | ||
| Qed. | ||
| End WithParams. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps let's flip the arguments to match
c1 <= c2and "refines" pronounciation.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good point, done in 535eec4