Papers/2023/moririn-sigos: gearsAgda.md annotate

author	Shinji KONO <kono@ie.u-ryukyu.ac.jp>
date	Sat, 15 Apr 2023 11:39:08 +0900
parents
children

rev	line source
0 170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	1 GearsAgda : Meta continuation based Hoare Logic
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	2 ====
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	3
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	4
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	5 ## Continuation based C and GearsAgda
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	6
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	7 goto 文中心に記述する。LLVM/GCC で実装されている。コンパイラの Basic block に相当する
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	8
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	9 C form
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	10 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	11 __code whileLoop(EnvPtr en, __code next(EnvPtr en)) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	12 if ( 0 >= en->varn ) goto next(en);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	13 else {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	14 en->varn = en->varn - 1;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	15 en->vari = en->vari + 1;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	16 goto whileLoop(en, next);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	17 }
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	18 }
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	19 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	20 Agda は pure fuctional な depedent type language。証明を記述できる。goto 文は、以下の形式で記述する。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	21
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	22 Agda form
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	23
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	24 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	25 whileTest : {l : Level} {t : Set l} → (c10 : ℕ) → (Code : Env → t) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	26 whileTest c10 next = next (record {varn = c10 ; vari = 0} )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	27 {-# TERMINATING #-}
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	28 whileLoop : {l : Level} {t : Set l} → Env → (Code : Env → t) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	29 whileLoop env next with lt 0 (varn env)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	30 whileLoop env next \| false = next env
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	31 whileLoop env next \| true =
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	32 whileLoop (record {varn = (varn env) - 1 ; vari = (vari env) + 1}) next
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	33 test1 : Env
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	34 test1 = whileTest 10 (λ env → whileLoop env (λ env1 → env1 ))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	35 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	36 TERMINATING は停止性が確認できないことを示している。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	37
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	38
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	39
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	40 ## Gears OS
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	41 CbC と dataGear で構成する OS。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	42
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	43 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	44 __code putdown_rfork(struct PhilsImpl* phils, __code next(...)) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	45 struct AtomicT_int* right_fork = phils->Rightfork;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	46 goto right_fork->set(-1, putdown_lfork);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	47 }
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	48 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	49 をメタ計算で表すと、
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	50
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	51 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	52 __code putdown_rforkPhilsImpl_stub(struct Context* context) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	53 PhilsImpl* phils = (PhilsImpl*)GearImpl(context, Phils, phils);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	54 enum Code next = Gearef(context, Phils)->next;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	55 goto putdown_rforkPhilsImpl(context, phils, next);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	56 }
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	57 __code putdown_lforkPhilsImpl(struct Context context,struct PhilsImpl phils, enum Code next) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	58 struct AtomicT_int* left_fork = phils->Leftfork;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	59 Gearef(context, AtomicT_int)->atomicT_int = (union Data*) left_fork;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	60 Gearef(context, AtomicT_int)->newData = -1;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	61 Gearef(context, AtomicT_int)->next = C_thinkingPhilsImpl;
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	62 goto mcMeta(context, left_fork->set);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	63 }
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	64 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	65 となる。メタレベルでは引数は context と次の codeGearの番号だけ。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	66
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	67 GearsAgda でも、同様の実装ができる。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	68
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	69 <img src="fig/meta_cg_dg.svg" class="internal-embed"/>
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	70
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	71
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	72
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	73
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	74 ## Gears OSのモデル検査
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	75 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	76 __ncode mcMeta(struct Context* context, enum Code next) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	77 context->next = next; // remember next Code Gear
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	78 int found = visit_StateDB(out, &mcti->state_db, &out,mcWorker->visit);
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	79 if (found) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	80 while(!(list = takeNextIterator(mcWorker->task_iter))) {
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	81 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	82 mcMeta で状態を記録し、非決定的な実行を網羅する。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	83
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	84 <img src="fig/model_checking.svg" class="internal-embed"/>
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	85
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	86
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	87
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	88
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	89 ## GearAgda の Hoare Logic
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	90 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	91 whileLoopSeg : {l : Level} {t : Set l} → {c10 : ℕ } → (env : Env) → ((varn env) + (vari env) ≡ c10)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	92 → (next : (e1 : Env )→ varn e1 + vari e1 ≡ c10 → varn e1 < varn env → t)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	93 → (exit : (e1 : Env )→ vari e1 ≡ c10 → t) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	94 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	95 このように loop を Segment に切り出す。Pre condtion と Post condition が付いている。これは命題で証明する必要がある。(容易)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	96
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	97 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	98 TerminatingLoopS : {l : Level} {t : Set l} (Index : Set ) → {Invraiant : Index → Set } → ( reduce : Index → ℕ)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	99 → (loop : (r : Index) → Invraiant r → (next : (r1 : Index) → Invraiant r1 → reduce r1 < reduce r → t ) → t)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	100 → (r : Index) → (p : Invraiant r) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	101 TerminatingLoopS {_} {t} Index {Invraiant} reduce loop r p with <-cmp 0 (reduce r)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	102 ... \| tri≈ ¬a b ¬c = loop r p (λ r1 p1 lt → ⊥-elim (lemma3 b lt) )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	103 ... \| tri< a ¬b ¬c = loop r p (λ r1 p1 lt1 → TerminatingLoop1 (reduce r) r r1 (≤-step lt1) p1 lt1 ) where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	104 TerminatingLoop1 : (j : ℕ) → (r r1 : Index) → reduce r1 < suc j → Invraiant r1 → reduce r1 < reduce r → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	105 TerminatingLoop1 zero r r1 n≤j p1 lt = loop r1 p1 (λ r2 p1 lt1 → ⊥-elim (lemma5 n≤j lt1))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	106 TerminatingLoop1 (suc j) r r1 n≤j p1 lt with <-cmp (reduce r1) (suc j)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	107 ... \| tri< a ¬b ¬c = TerminatingLoop1 j r r1 a p1 lt
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	108 ... \| tri≈ ¬a b ¬c = loop r1 p1 (λ r2 p2 lt1 → TerminatingLoop1 j r1 r2 (subst (λ k → reduce r2 < k ) b lt1 ) p2 lt1 )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	109 ... \| tri> ¬a ¬b c = ⊥-elim ( nat-≤> c n≤j )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	110 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	111 減少列を使用して、停止性を保証する接続で停止性を含めて Hoare Logic による証明が可能。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	112
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	113 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	114 whileTestSpec1 : (c10 : ℕ) → (e1 : Env ) → vari e1 ≡ c10 → ⊤
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	115 whileTestSpec1 _ _ x = tt
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	116 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	117 仕様は、継続で入力として受ける。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	118
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	119 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	120 proofGearsTermS : {c10 : ℕ } → ⊤
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	121 proofGearsTermS {c10} = whileTest' {_} {_} {c10} (λ n p → conversion1 n p (λ n1 p1 →
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	122 TerminatingLoopS Env (λ env → varn env)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	123 (λ n2 p2 loop → whileLoopSeg {_} {_} {c10} n2 p2 loop (λ ne pe → whileTestSpec1 c10 ne pe)) n1 p1 ))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	124 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	125 これは、プログラムが証明を値として渡すので、実際に証明になっている。接続するだけでよい。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	126
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	127
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	128
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	129 ## Gears OS による赤黒木のモデル検査
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	130 木ではなくループ構造を使う。ノードは子供を iterator で返す。これを前述のモデル検査器で調べる。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	131
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	132 まだ、やってません。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	133
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	134 赤黒木は実装済み。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	135
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	136
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	137
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	138 ## GearsAgda による赤黒木の証明
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	139 まず、Binary Tree
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	140
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	141 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	142 data bt {n : Level} (A : Set n) : Set n where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	143 leaf : bt A
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	144 node : (key : ℕ) → (value : A) →
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	145 (left : bt A ) → (right : bt A ) → bt A
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	146 bt-depth : {n : Level} {A : Set n} → (tree : bt A ) → ℕ
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	147 bt-depth leaf = 0
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	148 bt-depth (node key value t t₁) = suc (Data.Nat._⊔_ (bt-depth t ) (bt-depth t₁ ))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	149 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	150 普通のデータ構造
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	151
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	152 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	153 find : {n m : Level} {A : Set n} {t : Set m} → (key : ℕ) → (tree : bt A ) → List (bt A)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	154 → (next : bt A → List (bt A) → t ) → (exit : bt A → List (bt A) → t ) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	155 find key leaf st _ exit = exit leaf st
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	156 find key (node key₁ v tree tree₁) st next exit with <-cmp key key₁
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	157 find key n st _ exit \| tri≈ ¬a b ¬c = exit n st
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	158 find key n@(node key₁ v tree tree₁) st next _ \| tri< a ¬b ¬c = next tree (n ∷ st)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	159 find key n@(node key₁ v tree tree₁) st next _ \| tri> ¬a ¬b c = next tree₁ (n ∷ st)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	160 {-# TERMINATING #-}
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	161 find-loop : {n m : Level} {A : Set n} {t : Set m} → (key : ℕ) → bt A → List (bt A) → (exit : bt A → List (bt A) → t) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	162 find-loop {n} {m} {A} {t} key tree st exit = find-loop1 tree st where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	163 find-loop1 : bt A → List (bt A) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	164 find-loop1 tree st = find key tree st find-loop1 exit
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	165 insertTree : {n m : Level} {A : Set n} {t : Set m} → (tree : bt A) → (key : ℕ) → (value : A) → (next : bt A → t ) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	166 insertTree tree key value exit = find-loop key tree [] $ λ t st → replaceNode key value t $ λ t1 → replace-loop key value t1 st exit
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	167 insertTest1 = insertTree leaf 1 1 (λ x → x )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	168 insertTest2 = insertTree insertTest1 2 1 (λ x → x )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	169 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	170 継続( GearsAgda 形式)を用いた実装。これに Hoare条件をつける。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	171
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	172 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	173 findP : {n m : Level} {A : Set n} {t : Set m} → (key : ℕ) → (tree tree0 : bt A ) → (stack : List (bt A))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	174 → treeInvariant tree ∧ stackInvariant key tree tree0 stack
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	175 → (next : (tree1 tree0 : bt A) → (stack : List (bt A)) → treeInvariant tree1 ∧ stackInvariant key tree1 tree0 stack → bt-depth tree1 < bt-depth tree → t )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	176 → (exit : (tree1 tree0 : bt A) → (stack : List (bt A)) → treeInvariant tree1 ∧ stackInvariant key tree1 tree0 stack → t ) → t
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	177 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	178 invariant はこんな感じ。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	179
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	180 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	181 data treeInvariant {n : Level} {A : Set n} : (tree : bt A) → Set n where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	182 t-leaf : treeInvariant leaf
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	183 t-node : {key key₁ key₂ : ℕ} → {value value₁ value₂ : A} → {t₁ t₂ t₃ t₄ : bt A} → (key < key₁) → (key₁ < key₂)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	184 → treeInvariant (node key value t₁ t₂)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	185 → treeInvariant (node key₂ value₂ t₃ t₄)
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	186 → treeInvariant (node key₁ value₁ (node key value t₁ t₂) (node key₂ value₂ t₃ t₄))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	187 data stackInvariant {n : Level} {A : Set n} (key0 : ℕ) : (tree tree0 : bt A) → (stack : List (bt A)) → Set n where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	188 s-nil : stackInvariant key0 leaf leaf []
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	189 s-right : (tree0 tree : bt A) → {key : ℕ } → {value : A } { left : bt A} → {st : List (bt A)}
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	190 → key < key0 → stackInvariant key0(node key value left tree ) tree0 (node key value left tree ∷ st ) → stackInvariant key0 tree tree0 (tree ∷ node key value left tree ∷ st )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	191 s-left : (tree0 tree : bt A) → {key : ℕ } → {value : A } { right : bt A} → {st : List (bt A)}
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	192 → key0 < key → stackInvariant key0(node key value tree right ) tree0 (node key value tree right ∷ st ) → stackInvariant key0 tree tree0 (tree ∷ node key value tree right ∷ st )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	193 data replacedTree {n : Level} {A : Set n} (key : ℕ) (value : A) : (tree tree1 : bt A ) → Set n where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	194 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	195 簡単とは言えない。条件をrecord にまとめた方がよい。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	196
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	197 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	198 record findPR {n : Level} {A : Set n} (key : ℕ) (tree : bt A ) (stack : List (bt A)) (C : bt A → List (bt A) → Set n) : Set n where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	199 field
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	200 tree0 : bt A
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	201 ti : treeInvariant tree0
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	202 si : stackInvariant key tree tree0 stack
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	203 ci : C tree stack -- data continuation
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	204
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	205 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	206 ci はテストとか記述する部分。データの継続になっている。この部分をあとで追加できる。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	207
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	208 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	209 containsTree : {n m : Level} {A : Set n} {t : Set m} → (tree tree1 : bt A) → (key : ℕ) → (value : A) → treeInvariant tree1 → replacedTree key value tree1 tree → ⊤
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	210 containsTree {n} {m} {A} {t} tree tree1 key value P RT =
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	211 TerminatingLoopS (bt A ∧ List (bt A) )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	212 {λ p → findPR key (proj1 p) (proj2 p) (findPC key value ) } (λ p → bt-depth (proj1 p))
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	213 ⟪ tree1 , [] ⟫ {!!}
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	214 $ λ p P loop → findPPC key value (proj1 p) (proj2 p) P (λ t s P1 lt → loop ⟪ t , s ⟫ P1 lt )
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	215 $ λ t1 s1 found? P2 → insertTreeSpec0 t1 value (lemma6 t1 s1 found? P2) where
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	216 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	217 みたいな感じで証明する。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	218
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	219 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	220 insertTreeSpec0 : {n : Level} {A : Set n} → (tree : bt A) → (value : A) → top-value tree ≡ just value → ⊤
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	221 insertTreeSpec0 _ _ _ = tt
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	222 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	223 仕様記述は、継続の入力で受ける。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	224
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	225
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	226
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	227 ## GearsAgdaのモデル検査
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	228 GearsOS と同じように構成することにより、並列実行を simulation できる。モデル検査器そのものを Hoare Logic base で証明、
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	229 あるいは、展開した(比較的膨大な)部分を全部証明する。あるいは、モデル検査を実行することにより並列分散プログラムを
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	230 検証できるはず。
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	231
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	232
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	233
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	234 ## Invariant の種類
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	235 ```
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	236 等式
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	237 生成データを限定した data 記述
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	238 減少列
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	239 生成されるものの有限性
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	240 P_1 -> P_n
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	241
170b950774a3 add files Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	242

0

170b950774a3 add files