Members/ryokka/HoareLogic: whileTestPrim.agda comparison

comparison whileTestPrim.agda @ 3:6be8ee856666

add simple Hoare logic example

author	Shinji KONO <kono@ie.u-ryukyu.ac.jp>
date	Fri, 14 Dec 2018 16:26:49 +0900
parents
children	64bd5c236002

comparison

equal deleted inserted replaced

-:b05a4156da01
+:6be8ee856666
+module whileTestPrim where
+open import Function
+open import Data.Nat
+open import Data.Bool hiding ( _≟_ )
+open import Level renaming ( suc to succ ; zero to Zero )
+open import Relation.Nullary using (¬_; Dec; yes; no)
+open import Relation.Binary.Core
+record Env : Set where
+field
+varn : ℕ
+vari : ℕ
+open Env
+PrimComm : Set
+PrimComm = Env → Env
+Cond : Set
+Cond = (Env → Bool)
+data Comm : Set where
+Skip  : Comm
+Abort : Comm
+PComm : PrimComm -> Comm
+Seq   : Comm -> Comm -> Comm
+If    : Cond -> Comm -> Comm -> Comm
+While : Cond -> Comm -> Comm
+_-_ : ℕ -> ℕ -> ℕ
+x - zero  = x
+zero - _  = zero
+(suc x) - (suc y)  = x - y
+lt : ℕ -> ℕ -> Bool
+lt x y with (suc x ) ≤? y
+lt x y | yes p = true
+lt x y | no ¬p = false
+Equal : ℕ -> ℕ -> Bool
+Equal x y with x ≟ y
+Equal x y | yes p = true
+Equal x y | no ¬p = false
+program : Comm
+program =
+Seq ( PComm (λ env → record env {varn = 10}))
+$ Seq ( PComm (λ env → record env {vari = 0}))
+$ While (λ env → lt (varn env ) zero )
+(Seq (PComm (λ env → record env {vari = ((vari env) + 1)} ))
+$ PComm (λ env → record env {varn = ((varn env) - 1)} ))
+simple : Comm
+simple =
+Seq ( PComm (λ env → record env {varn = 10}))
+$  PComm (λ env → record env {vari = 0})
+{-# TERMINATING #-}
+interpret : Env → Comm → Env
+interpret env Skip = env
+interpret env Abort = env
+interpret env (PComm x) = x env
+interpret env (Seq comm comm1) = interpret (interpret env comm) comm1
+interpret env (If x then else) with x env
+... | true = interpret env then
+... | false = interpret env else
+interpret env (While x comm) with x env
+... | true = interpret (interpret env comm) (While x comm)
+... | false = env
+test1 : Env
+test1 =  interpret ( record { vari = 0  ; varn = 0 } ) program
+empty-case : (env : Env) → (( λ e → true ) env ) ≡ true
+empty-case _ = refl
+implies : Bool → Bool → Bool
+implies false _ = true
+implies true true = true
+implies true false = false
+Axiom : Cond -> PrimComm -> Cond -> Set
+Axiom pre comm post = ∀ (env : Env) →  implies (pre env) ( post (comm env)) ≡ true
+Tautology : Cond -> Cond -> Set
+Tautology pre post = ∀ (env : Env) →  implies (pre env) (post env) ≡ true
+_/\_ :  Cond -> Cond -> Cond
+x /\ y =  λ env → x env ∧ y env
+neg :  Cond -> Cond
+neg x  =  λ env → not ( x env )
+data HTProof : Cond -> Comm -> Cond -> Set where
+PrimRule : {bPre : Cond} -> {pcm : PrimComm} -> {bPost : Cond} ->
+(pr : Axiom bPre pcm bPost) ->
+HTProof bPre (PComm pcm) bPost
+SkipRule : (b : Cond) -> HTProof b Skip b
+AbortRule : (bPre : Cond) -> (bPost : Cond) ->
+HTProof bPre Abort bPost
+WeakeningRule : {bPre : Cond} -> {bPre' : Cond} -> {cm : Comm} ->
+{bPost' : Cond} -> {bPost : Cond} ->
+Tautology bPre bPre' ->
+HTProof bPre' cm bPost' ->
+Tautology bPost' bPost ->
+HTProof bPre cm bPost
+SeqRule : {bPre : Cond} -> {cm1 : Comm} -> {bMid : Cond} ->
+{cm2 : Comm} -> {bPost : Cond} ->
+HTProof bPre cm1 bMid ->
+HTProof bMid cm2 bPost ->
+HTProof bPre (Seq cm1 cm2) bPost
+IfRule : {cmThen : Comm} -> {cmElse : Comm} ->
+{bPre : Cond} -> {bPost : Cond} ->
+{b : Cond} ->
+HTProof (bPre /\ b) cmThen bPost ->
+HTProof (bPre /\ neg b) cmElse bPost ->
+HTProof bPre (If b cmThen cmElse) bPost
+WhileRule : {cm : Comm} -> {bInv : Cond} -> {b : Cond} ->
+HTProof (bInv /\ b) cm bInv ->
+HTProof bInv (While b cm) (bInv /\ neg b)
+initCond : Cond
+initCond env = true
+stmt1Cond : Cond
+stmt1Cond env = Equal (varn env) 10
+stmt2Cond : Cond
+stmt2Cond env = (Equal (varn env) 10) ∧ (Equal (vari env) 0)
+whileInv : Cond
+whileInv env = Equal ((varn env) + (vari env)) 10
+whileInv' : Cond
+whileInv' env = Equal ((varn env) + (vari env)) 11
+termCond : Cond
+termCond env = Equal (vari env) 10
+eqlemma : { x y : ℕ } →  Equal x y ≡ true → x ≡ y
+eqlemma {x} {y} eq with x ≟ y
+eqlemma {x} {y} refl | yes refl = refl
+eqlemma {x} {y} () | no ¬p
+proofs : HTProof initCond simple stmt2Cond
+proofs =
+SeqRule {initCond} ( PrimRule empty-case )
+$ PrimRule {stmt1Cond} {_} {stmt2Cond} lemma
+where
+lemma : Axiom stmt1Cond (λ env → record { varn = varn env ; vari = 0 }) stmt2Cond
+lemma env with stmt1Cond env
+lemma env | false = refl
+lemma env | true = refl
+proof1 : HTProof initCond program termCond
+proof1 =
+SeqRule {λ e → true} ( PrimRule empty-case )
+$ SeqRule {λ e →  Equal (varn e) 10} ( PrimRule lemma1   )
+$ WeakeningRule {λ e → (Equal (varn e) 10) ∧ (Equal (vari e) 0)}  lemma2 (
+WhileRule {_} {λ e → Equal ((varn e) + (vari e)) 10}
+$ SeqRule (PrimRule {λ e →  whileInv e  ∧ lt (varn e) zero } lemma3)
+$ PrimRule {whileInv'} {_} {whileInv}  lemma4  ) lemma5
+where
+lemma1 : Axiom stmt1Cond (λ env → record { varn = varn env ; vari = 0 }) stmt2Cond
+lemma1 env with stmt1Cond env
+lemma1 env | false = refl
+lemma1 env | true = refl
+lemma2 :  Tautology stmt2Cond whileInv
+lemma2 env with stmt2Cond env | Equal (varn env + vari env) 10
+lemma2 env | false | false = refl
+lemma2 env | false | true = refl
+lemma2 env | true | true = refl
+lemma2 env | true | false = {!!}
+lemma3 : Axiom (whileInv /\ (λ env → lt (varn env) zero)) (λ env → record { varn = varn env ; vari = vari env + 1 }) whileInv'
+lemma3 = {!!}
+lemma4 :  Axiom whileInv' (λ env → record { varn = varn env - 1 ; vari = vari env }) whileInv
+lemma4 = {!!}
+lemma5 :  Tautology (whileInv /\ neg (λ z → lt (varn z) zero)) termCond
+lemma5 = {!!}

Mercurial > hg > Members > ryokka > HoareLogic

comparison whileTestPrim.agda @ 3:6be8ee856666