Members/ryokka/HoareLogic: whileTestPrim.agda comparison

comparison whileTestPrim.agda @ 10:bc819bdda374

proof completed

author	Shinji KONO <kono@ie.u-ryukyu.ac.jp>
date	Sat, 15 Dec 2018 16:59:52 +0900
parents	e4f087b823d4
children	a622d1700a1b

comparison

equal deleted inserted replaced

-:46b301ad4478
+:bc819bdda374
 open import Data.Bool hiding ( _≟_ )
 open import Level renaming ( suc to succ ; zero to Zero )
 open import Relation.Nullary using (¬_; Dec; yes; no)
 open import Relation.Binary.PropositionalEquality
+open import utilities
 record Env : Set where
 field
 varn : ℕ
 vari : ℕ
 Abort : Comm
 PComm : PrimComm -> Comm
 Seq   : Comm -> Comm -> Comm
 If    : Cond -> Comm -> Comm -> Comm
 While : Cond -> Comm -> Comm
-_-_ : ℕ -> ℕ -> ℕ
-x - zero  = x
-zero - _  = zero
-(suc x) - (suc y)  = x - y
-lt : ℕ -> ℕ -> Bool
-lt x y with suc x  ≤? y
-lt x y | yes p = true
-lt x y | no ¬p = false
-Equal : ℕ -> ℕ -> Bool
-Equal x y with x ≟ y
-Equal x y | yes p = true
-Equal x y | no ¬p = false
----------------------------
-implies : Bool → Bool → Bool
-implies false _ = true
-implies true true = true
-implies true false = false
-impl-1 : {x : Bool} → implies x true  ≡ true
-impl-1 {x} with x
-impl-1 {x} | false = refl
-impl-1 {x} | true = refl
-impl-2 : {x : Bool} → implies false x  ≡ true
-impl-2 {x} with x
-impl-2 {x} | false = refl
-impl-2 {x} | true = refl
-and-lemma-1 : { x y : Bool } → x  ∧  y  ≡ true  → x  ≡ true
-and-lemma-1 {x} {y} eq with x | y | eq
-and-lemma-1 {x} {y} eq | false | b | ()
-and-lemma-1 {x} {y} eq | true | false | ()
-and-lemma-1 {x} {y} eq | true | true | refl = refl
-and-lemma-2 : { x y : Bool } →  x  ∧  y  ≡ true  → y  ≡ true
-and-lemma-2 {x} {y} eq with x | y | eq
-and-lemma-2 {x} {y} eq | false | b | ()
-and-lemma-2 {x} {y} eq | true | false | ()
-and-lemma-2 {x} {y} eq | true | true | refl = refl
-bool-case : ( x : Bool ) { p : Set } → ( x ≡ true  → p ) → ( x ≡ false  → p ) → p
-bool-case x T F with x
-bool-case x T F | false = F refl
-bool-case x T F | true = T refl
-impl :  {x y : Bool} → (x  ≡ true → y  ≡ true ) → implies x y  ≡ true
-impl {x} {y} p = bool-case x (λ x=t →   let open ≡-Reasoning  in
-begin
-implies x y
-≡⟨  cong ( \ z -> implies x z ) (p x=t ) ⟩
-implies x true
-≡⟨ impl-1 ⟩
-true
-∎
-) ( λ x=f →  let open ≡-Reasoning  in
-begin
-implies x y
-≡⟨  cong ( \ z -> implies z y ) x=f ⟩
-true
-∎
-)
-eqlemma : { x y : ℕ } →  Equal x y ≡ true → x ≡ y
-eqlemma {x} {y} eq with x ≟ y
-eqlemma {x} {y} refl | yes refl = refl
-eqlemma {x} {y} () | no ¬p
-eqlemma1 : { x y : ℕ } →  Equal x y ≡ Equal (suc x) (suc y)
-eqlemma1 {x} {y} with  x ≟ y
-eqlemma1 {x} {.x} | yes refl = refl
-eqlemma1 {x} {y} | no ¬p = refl
-add-lemma1 : { x : ℕ } → x + 1 ≡ suc x
-add-lemma1 {zero} = refl
-add-lemma1 {suc x} = cong ( \ z -> suc z ) ( add-lemma1 {x} )
 ---------------------------
 program : Comm
 program =
 empty-case : (env : Env) → (( λ e → true ) env ) ≡ true
 empty-case _ = refl
 Axiom : Cond -> PrimComm -> Cond -> Set
-Axiom pre comm post = ∀ (env : Env) →  implies (pre env) ( post (comm env)) ≡ true
+Axiom pre comm post = ∀ (env : Env) →  (pre env) ⇒ ( post (comm env)) ≡ true
 Tautology : Cond -> Cond -> Set
-Tautology pre post = ∀ (env : Env) →  implies (pre env) (post env) ≡ true
+Tautology pre post = ∀ (env : Env) →  (pre env)  ⇒ (post env) ≡ true
-_/\_ :  Cond -> Cond -> Cond
+_and_ :  Cond -> Cond -> Cond
-x /\ y =  λ env → x env ∧ y env
+x and y =  λ env → x env ∧ y env
 neg :  Cond -> Cond
 neg x  =  λ env → not ( x env )
 data HTProof : Cond -> Comm -> Cond -> Set where
 HTProof bMid cm2 bPost ->
 HTProof bPre (Seq cm1 cm2) bPost
 IfRule : {cmThen : Comm} -> {cmElse : Comm} ->
 {bPre : Cond} -> {bPost : Cond} ->
 {b : Cond} ->
-HTProof (bPre /\ b) cmThen bPost ->
+HTProof (bPre and b) cmThen bPost ->
-HTProof (bPre /\ neg b) cmElse bPost ->
+HTProof (bPre and neg b) cmElse bPost ->
 HTProof bPre (If b cmThen cmElse) bPost
 WhileRule : {cm : Comm} -> {bInv : Cond} -> {b : Cond} ->
-HTProof (bInv /\ b) cm bInv ->
+HTProof (bInv and b) cm bInv ->
-HTProof bInv (While b cm) (bInv /\ neg b)
+HTProof bInv (While b cm) (bInv and neg b)
 initCond : Cond
 initCond env = true
 stmt1Cond : Cond
 whileInv : Cond
 whileInv env = Equal ((varn env) + (vari env)) 10
 whileInv' : Cond
-whileInv' env = Equal ((varn env) + (vari env)) 11
+whileInv' env = Equal ((varn env) + (vari env)) 11 ∧ lt zero (varn env)
 termCond : Cond
 termCond env = Equal (vari env) 10
 proofs : HTProof initCond simple stmt2Cond
 lemma1 : Axiom stmt1Cond (λ env → record { varn = varn env ; vari = 0 }) stmt2Cond
 lemma1 env with stmt1Cond env
 lemma1 env | false = refl
 lemma1 env | true = refl
 lemma21 : {env : Env } → stmt2Cond env ≡ true → varn env ≡ 10
-lemma21 eq = eqlemma (and-lemma-1 eq)
+lemma21 eq = Equal→≡ (∧-pi1 eq)
 lemma22 : {env : Env } → stmt2Cond env ≡ true → vari env ≡ 0
-lemma22 eq = eqlemma (and-lemma-2 eq)
+lemma22 eq = Equal→≡ (∧-pi2 eq)
 lemma23 :  {env : Env } → stmt2Cond env ≡ true → varn env + vari env ≡ 10
 lemma23 {env} eq = let open ≡-Reasoning  in
 begin
 varn env + vari env
 ≡⟨ cong ( \ x -> x + vari env ) (lemma21 eq  ) ⟩
 ∎
 lemma2 :  Tautology stmt2Cond whileInv
 lemma2 env = bool-case (stmt2Cond env) (
 λ eq → let open ≡-Reasoning  in
 begin
-implies (stmt2Cond env) (whileInv env)
+(stmt2Cond env)  ⇒  (whileInv env)
 ≡⟨⟩
-implies (stmt2Cond env) ( Equal (varn env + vari env) 10 )
+(stmt2Cond env)  ⇒ ( Equal (varn env + vari env) 10 )
-≡⟨  cong ( \ x -> implies (stmt2Cond env) ( Equal x 10 ) ) ( lemma23 {env} eq ) ⟩
+≡⟨  cong ( \ x -> (stmt2Cond env)  ⇒ ( Equal x 10 ) ) ( lemma23 {env} eq ) ⟩
-implies (stmt2Cond env) (Equal 10 10)
+(stmt2Cond env)  ⇒ (Equal 10 10)
 ≡⟨⟩
-implies (stmt2Cond env) true
+(stmt2Cond env)  ⇒  true
-≡⟨ impl-1 ⟩
+≡⟨ ⇒t ⟩
 true
 ∎
 ) (
 λ ne → let open ≡-Reasoning  in
 begin
-implies (stmt2Cond env) (whileInv env)
+(stmt2Cond env)  ⇒  (whileInv env)
-≡⟨ cong ( \ x -> implies x (whileInv env) ) ne ⟩
+≡⟨ cong ( \ x -> x  ⇒  (whileInv env) ) ne ⟩
-implies false (whileInv env)
+false  ⇒  (whileInv env)
-≡⟨ impl-2 {whileInv env} ⟩
+≡⟨ f⇒ {whileInv env} ⟩
 true
 ∎
 )
 lemma3 :   Axiom (λ e → whileInv e ∧ lt zero (varn e)) (λ env → record { varn = varn env ; vari = vari env + 1 }) whileInv'
-lemma3 env = impl ( λ cond →  let open ≡-Reasoning  in
+lemma3 env = impl⇒ ( λ cond →  let open ≡-Reasoning  in
 begin
 whileInv' (record { varn = varn env ; vari = vari env + 1 })
 ≡⟨⟩
+Equal (varn env + (vari env + 1)) 11 ∧ (lt 0 (varn env) )
+≡⟨ cong ( λ z → Equal (varn env + (vari env + 1)) 11 ∧ z ) (∧-pi2 cond )  ⟩
+Equal (varn env + (vari env + 1)) 11 ∧ true
+≡⟨ ∧true ⟩
 Equal (varn env + (vari env + 1)) 11
 ≡⟨ cong ( \ x -> Equal x 11 ) (sym (+-assoc (varn env) (vari env) 1)) ⟩
 Equal ((varn env + vari env) + 1) 11
-≡⟨ cong ( \ x -> Equal x 11 ) add-lemma1 ⟩
+≡⟨ cong ( \ x -> Equal x 11 ) +1≡suc ⟩
 Equal (suc (varn env + vari env)) 11
-≡⟨ sym eqlemma1 ⟩
+≡⟨ sym Equal+1 ⟩
 Equal ((varn env + vari env) ) 10
-≡⟨ and-lemma-1 cond ⟩
+≡⟨ ∧-pi1  cond ⟩
 true
 ∎ )
+lemma41 : (env : Env ) → (varn env + vari env) ≡ 11 → lt 0 (varn env) ≡ true  → Equal ((varn env - 1) + vari env) 10 ≡ true
+lemma41 env c1 c2 =  let open ≡-Reasoning  in
+begin
+Equal ((varn env - 1) + vari env) 10
+≡⟨ cong ( λ z → Equal ((z - 1 ) +  vari env ) 10 ) (sym (suc-predℕ=n c2) )  ⟩
+Equal ((suc (predℕ {varn env} c2 ) - 1) + vari env) 10
+≡⟨⟩
+Equal ((predℕ {varn env} c2 ) + vari env) 10
+≡⟨  Equal+1 ⟩
+Equal ((suc (predℕ {varn env} c2 )) + vari env) 11
+≡⟨ cong ( λ z → Equal (z  +  vari env ) 11 ) (suc-predℕ=n c2 )  ⟩
+Equal (varn env + vari env) 11
+≡⟨ cong ( λ z → (Equal z 11 )) c1 ⟩
+Equal 11 11
+≡⟨⟩
+true
+∎
 lemma4 :  Axiom whileInv' (λ env → record { varn = varn env - 1 ; vari = vari env }) whileInv
-lemma4 env = {!!}
+lemma4 env = impl⇒ ( λ cond → let open ≡-Reasoning  in
-lemma5 :  Tautology ((λ e → Equal (varn e + vari e) 10) /\ neg (λ z → lt zero (varn z))) termCond
+begin
-lemma5 env = {!!}
+whileInv (record { varn = varn env - 1 ; vari = vari env })
+≡⟨⟩
+Equal ((varn env - 1) + vari env) 10
+≡⟨ lemma41 env (Equal→≡ (∧-pi1  cond)) (∧-pi2  cond) ⟩
+true
+∎
+)
+lemma51 : (z : Env ) → neg (λ z → lt zero (varn z)) z ≡ true → varn z ≡ zero
+lemma51 z cond with lt zero (varn z) | (suc zero) ≤? (varn z)
+lemma51 z () | false | yes p
+lemma51 z () | true | yes p
+lemma51 z refl | _ | no ¬p with varn z
+lemma51 z refl | _ | no ¬p | zero = refl
+lemma51 z refl | _ | no ¬p | suc x = ⊥-elim ( ¬p (s≤s z≤n ) )
+lemma5 :  Tautology ((λ e → Equal (varn e + vari e) 10) and (neg (λ z → lt zero (varn z)))) termCond
+lemma5 env = impl⇒ ( λ cond → let open ≡-Reasoning  in
+begin
+termCond env
+≡⟨⟩
+Equal (vari env) 10
+≡⟨⟩
+Equal (zero + vari env) 10
+≡⟨ cong ( λ z →  Equal (z + vari env) 10 )  (sym ( lemma51 env ( ∧-pi2  cond ) )) ⟩
+Equal (varn env + vari env) 10
+≡⟨ ∧-pi1  cond  ⟩
+true
+∎
+)

Mercurial > hg > Members > ryokka > HoareLogic

comparison whileTestPrim.agda @ 10:bc819bdda374