GearsOS の Hoare triple を用いた検証 |
Masataka Hokama
琉球大学 : 並列信頼研究室
|
1 data HTProof : Cond -> Comm -> Cond -> Set where 2 PrimRule : {bPre : Cond} -> {pcm : PrimComm} -> {bPost : Cond} -> 3 (pr : Axiom bPre pcm bPost) -> 4 HTProof bPre (PComm pcm) bPost 5 SkipRule : (b : Cond) -> HTProof b Skip b 6 AbortRule : (bPre : Cond) -> (bPost : Cond) -> 7 HTProof bPre Abort bPost 8-- 次のスライドに続く
1-- HTProof の続き 2 SeqRule : {bPre : Cond} -> {cm1 : Comm} -> {bMid : Cond} -> 3 {cm2 : Comm} -> {bPost : Cond} -> 4 HTProof bPre cm1 bMid -> 5 HTProof bMid cm2 bPost -> 6 HTProof bPre (Seq cm1 cm2) bPost 7 IfRule : {cmThen : Comm} -> {cmElse : Comm} -> 8 {bPre : Cond} -> {bPost : Cond} -> 9 {b : Cond} -> 10 HTProof (bPre /\ b) cmThen bPost -> 11 HTProof (bPre /\ neg b) cmElse bPost -> 12 HTProof bPre (If b cmThen cmElse) bPost
1-- HTProof の続き 2 WeakeningRule : {bPre : Cond} -> {bPre' : Cond} -> {cm : Comm} -> 3 {bPost' : Cond} -> {bPost : Cond} -> 4 Tautology bPre bPre' -> 5 HTProof bPre' cm bPost' -> 6 Tautology bPost' bPost -> 7 HTProof bPre cm bPost 8 WhileRule : {cm : Comm} -> {bInv : Cond} -> {b : Cond} -> 9 HTProof (bInv /\ b) cm bInv -> 10 HTProof bInv (While b cm) (bInv /\ neg b)
1proof1 : HTProof initCond program termCond 2proof1 = 3 SeqRule {λ e → true} ( PrimRule empty-case ) 4 $ SeqRule {λ e → Equal (varn e) 10} ( PrimRule lemma1 ) 5 $ WeakeningRule {λ e → (Equal (varn e) 10) ∧ (Equal (vari e) 0)} lemma2 ( 6 WhileRule {_} {λ e → Equal ((varn e) + (vari e)) 10} 7 $ SeqRule (PrimRule {λ e → whileInv e ∧ lt zero (varn e) } lemma3 ) 8 $ PrimRule {whileInv'} {_} {whileInv} lemma4 ) lemma5 9 10initCond : Cond 11initCond env = true 12 13termCond : {c10 : ℕ} → Cond 14termCond {c10} env = Equal (vari env) c10
<–! [論文目次] まえがき
現状
Agda
GearsOS
CodeGear DataGear
Gears と Agda
Agda での HoareLogic
Gears ベースの HoareLogic
まとめと課題
–>