Commit 90285dac by Léon Gondelman

### fix the definition of while loop; add factorial example

parent 55f0efa1
 ... ... @@ -9,3 +9,4 @@ theories/c_translation/monad.v theories/c_translation/proofmode.v theories/c_translation/translation.v theories/tests/test1.v theories/tests/fact.v \ No newline at end of file
 ... ... @@ -46,13 +46,64 @@ Notation "e1 ;;;; e2" := Definition a_if : val := λ: "cnd" "e1" "e2", a_bind (λ: "c", if: "c" then "e1" #() else "e2" #()) "cnd". Definition a_while: val := rec: "while" "cnd" "bdy" := a_if ("cnd" #()) ("bdy" ;;;; "while" "cnd" "bdy"). a_if ("cnd" #()) (λ:<>, "bdy" #() ;;;; "while" "cnd" "bdy") a_seq%E. Section proofs. Context `{locking_heapG Σ, heapG Σ, flockG Σ, spawnG Σ}. Lemma a_while_spec R Φ (c b: expr) `{Closed [] c} `{Closed [] b} : ▷ awp (a_if c (λ:<>, (#() ;; b) ;;;; a_while (λ:<>, c) (λ:<>, b)) a_seq)%E R Φ -∗ awp (a_while (λ:<>, c) (λ:<>, b))%E R Φ. Proof. iIntros "H". awp_lam. awp_lam. awp_seq. iApply "H". Qed. Lemma a_if_spec R Φ Ψ (e e1 e2 : expr) `{Closed [] e1} `{Closed [] e2} : AsVal e1 -> AsVal e2 -> awp e R Ψ -∗ (∀ v, Ψ v -∗ (⌜v = #true⌝ ∧ awp (e1 #()) R Φ) ∨ (⌜v = #false⌝ ∧ awp (e2 #()) R Φ)) -∗ awp (a_if e e1 e2) R Φ. Proof. iIntros ([v1 <-%of_to_val] [v2 <-%of_to_val]) "H HΦ". awp_apply (a_wp_awp with "H"). iIntros (v) "H". do 3 awp_lam. iApply awp_bind. iApply (awp_wand with "H"). clear v. iIntros (v) "HΨ". awp_lam. iDestruct ("HΦ" with "HΨ") as "[[% H] | [% H]]"; simplify_eq/=; by (awp_pure _). Qed. Lemma a_if_true_spec R (e1 e2 : val) `{Closed [] e1, Closed [] e2} Φ : awp e1 R Φ -∗ awp (a_if (a_ret #true) (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". iApply (a_if_spec _ _ (λ v, ⌜v = #true⌝)%I). { iApply awp_ret. iApply wp_value. eauto. } iIntros (? ->). iLeft. iSplit; eauto. by awp_seq. Qed. Lemma a_if_false_spec R (e1 e2 : val) `{Closed [] e1, Closed [] e2} Φ : awp e2 R Φ -∗ awp (a_if (a_ret #false) (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". iApply (a_if_spec _ _ (λ v, ⌜v = #false⌝)%I). { iApply awp_ret. iApply wp_value. eauto. } iIntros (? ->). iRight. iSplit; eauto. by awp_seq. Qed. Lemma a_seq_spec R Φ : U (Φ #()) -∗ awp (a_seq #()) R Φ. ... ... @@ -97,6 +148,8 @@ Section proofs. iModIntro. by awp_lam. Qed. Lemma a_load_spec R Φ Ψ e : awp e R (λ v, ∃ l : loc, ⌜v = #l⌝ ∧ Ψ l) -∗ (∀ l : loc, Ψ l -∗ ∃ v, l ↦U v ∗ (l ↦U v -∗ Φ v)) -∗ ... ... @@ -162,7 +215,7 @@ Section proofs. Lemma a_bin_op_spec R Φ Ψ1 Ψ2 (op : bin_op) (e1 e2: expr) : awp e1 R Ψ1 -∗ awp e2 R Ψ2 -∗ (∀ v1 v2, Ψ1 v1 -∗ Ψ2 v2 -∗ ∃ w, ⌜bin_op_eval op v1 v2 = Some w⌝ ∗ Φ w)-∗ ∃ w, ⌜bin_op_eval op v1 v2 = Some w⌝ ∧ Φ w)-∗ awp (a_bin_op op e1 e2) R Φ. Proof. iIntros "H1 H2 HΦ". ... ... @@ -226,44 +279,5 @@ Section proofs. - iApply "HΦ". iFrame. Qed. Lemma a_if_spec R Φ Ψ (e e1 e2 : expr) `{Closed [] e1} `{Closed [] e2} : awp e R Ψ -∗ (∀ v, Ψ v -∗ (⌜v = #true⌝ ∧ awp e1 R Φ) ∨ (⌜v = #false⌝ ∧ awp e2 R Φ)) -∗ awp (a_if e (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "H HΦ". awp_apply (a_wp_awp with "H"); iIntros (v) "H". do 3 awp_lam. iApply awp_bind. iApply (awp_wand with "H"). clear v. iIntros (v) "HΨ". awp_lam. iDestruct ("HΦ" with "HΨ") as "[[% H] | [% H]]"; simplify_eq/=; by do 2 (awp_pure _). Qed. Lemma a_if_true_spec R (e1 e2 : val) `{Closed [] e1, Closed [] e2} Φ : awp e1 R Φ -∗ awp (a_if (a_ret #true) (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". iApply (a_if_spec _ _ (λ v, ⌜v = #true⌝)%I). { iApply awp_ret. iApply wp_value. eauto. } iIntros (? ->). iLeft. eauto. Qed. Lemma a_if_false_spec R (e1 e2 : val) `{Closed [] e1, Closed [] e2} Φ : awp e2 R Φ -∗ awp (a_if (a_ret #false) (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". iApply (a_if_spec _ _ (λ v, ⌜v = #false⌝)%I). { iApply awp_ret. iApply wp_value. eauto. } iIntros (? ->). iRight. eauto. Qed. Lemma a_while_spec (cnd bdy : val) R Φ : ▷ awp (a_if (cnd #()) (bdy ;;;; a_while cnd bdy)) R Φ -∗ awp (a_while cnd bdy) R Φ. Proof. iIntros "HAWP". rewrite {2}/a_while. awp_lam. awp_lam. rewrite /a_while. iApply "HAWP". Qed. End proofs.