Language Specification
File: syntax.sos
[Reduce File] [Raw File]
Module exactEval:list
Builds on exactEval:host
expr ::= ...
| nil(typ)
| cons(expr, expr)
| head(expr)
| tail(expr)
| null(expr)
| index(expr, expr)
| length(expr)
------------------------------------------------------- [Proj-Nil]
Names |{expr}- nil(Ty) ~~>
recBuild(consRecFieldExprs("null", true,
nilRecFieldExprs))
------------------------------------------------- [Proj-Cons]
Names |{expr}- cons(E1, E2) ~~>
recBuild(
consRecFieldExprs("null", false,
consRecFieldExprs("head", E1,
consRecFieldExprs("tail", E2,
nilRecFieldExprs))))
---------------------------------------------------- [Proj-Null]
Names |{expr}- null(E) ~~> recFieldAccess(E, "null")
---------------------------------------------------- [Proj-Head]
Names |{expr}- head(E) ~~> recFieldAccess(E, "head")
---------------------------------------------------- [Proj-Tail]
Names |{expr}- tail(E) ~~> recFieldAccess(E, "tail")
fresh_name "I" Names SaveI
fresh_name "L" Names SaveL
-------------------------------------------- [Proj-Index]
Names |{expr}- index(Lst, Index) ~~>
stmtExpr(
seq(declare(intTy, SaveL, Lst),
seq(declare(intTy, SaveI, Index),
seq(ifThenElse(greater(num(0), name(SaveI)),
printVal(errorExpr(stringLit("Die"), intTy)),
noop),
while(greater(name(SaveI), num(0)),
seq(assign(SaveL, recFieldAccess(name(SaveL),
"tail")),
assign(SaveI, minus(name(SaveI), num(1)))))))),
recFieldAccess(name(SaveL), "head"))
fresh_name "L" Names SaveL
fresh_name "Len" Names Len
------------------------------ [Proj-Length]
Names |{expr}- length(E) ~~>
stmtExpr(
seq(declare(intTy, SaveL, E),
seq(declare(intTy, Len, num(0)),
while(not(recFieldAccess(name(SaveL), "null")),
seq(assign(SaveL, recFieldAccess(name(SaveL),
"tail")),
assign(Len, plus(name(Len), num(1))))))),
name(Len))
stmt ::= ...
| listUpdate(string, expr, expr)
| listForeach(string, expr, stmt)
fresh_name "I" L::Names SaveI
fresh_name "Hold" L::Names Hold
fresh_name "E" L::Names SaveE
fresh_name "C" L::Names Copy
---------------------------------------- [Proj-ListUpdate]
Names |{stmt}- listUpdate(L, I, E) ~~>
scopeStmt(
seq(declare(intTy, SaveI, I),
seq(declare(intTy, SaveE, E),
seq(assign(SaveI, name(SaveI)),
seq(declare(intTy, Hold, nil(intTy)),
seq(while(and(not(eq(name(SaveI), num(0))),
not(null(name(L)))),
seq(assign(SaveI, minus(name(SaveI), num(1))),
seq(declare(intTy, Copy, name(L)),
seq(recUpdate(Copy, ["tail"], name(Hold)),
seq(assign(Hold, name(Copy)),
assign(L, tail(name(L)))))))),
seq(ifThenElse(null(name(L)),
declare(intTy, Copy,
errorExpr(stringLit("Invalid update"), intTy)),
noop),
seq(recUpdate(L, ["head"], name(SaveE)),
while(not(null(name(Hold))),
seq(declare(intTy, Copy, name(Hold)),
seq(recUpdate(Copy, ["tail"], name(L)),
seq(assign(L, name(Copy)),
assign(Hold, tail(name(Hold)))))))))))))))
fresh_name "L" X::Names SaveL
----------------------------------------------- [Proj-ListForeach]
Names |{stmt}- listForeach(X, L, Body) ~~>
scopeStmt(
seq(declare(intTy, SaveL, L),
while(not(null(name(SaveL))),
seq(declare(intTy, X, head(name(SaveL))),
seq(assign(SaveL, tail(name(SaveL))),
Body)))))
typ ::= ...
| listTy(typ)
--------------------------------------------- [Proj-ListTy]
|{typ}- listTy(T) ~~>
recTy(consRecFieldTys("null", boolTy,
consRecFieldTys("head", T,
consRecFieldTys("tail", listTy(T),
nilRecFieldTys))))
File: vars.sos
[Reduce File] [Raw File]
Module exactEval:list
--------------- [V-Nil]
vars nil(Ty) []
vars E1 V1
vars E2 V2
V1 ++ V2 = V
------------------- [V-Cons]
vars cons(E1, E2) V
vars E V
-------------- [V-Head]
vars head(E) V
vars E V
-------------- [V-Tail]
vars tail(E) V
vars E V
-------------- [V-Null]
vars null(E) V
vars L VL
vars I VI
VL ++ VI = V
------------------ [V-Index]
vars index(L, I) V
vars E V
---------------- [V-Length]
vars length(E) V
------------------------ [EN-Nil]
exprNames Ctx nil(Ty) []
exprNames Ctx E1 N1
exprNames Ctx E2 N2
N1 ++ N2 = N
---------------------------- [EN-Cons]
exprNames Ctx cons(E1, E2) N
exprNames Ctx E N
----------------------- [EN-Head]
exprNames Ctx head(E) N
exprNames Ctx E N
----------------------- [EN-Tail]
exprNames Ctx tail(E) N
exprNames Ctx E N
----------------------- [EN-Null]
exprNames Ctx null(E) N
exprNames Ctx E1 N1
exprNames Ctx E2 N2
N1 ++ N2 = N
----------------------------- [EN-Index]
exprNames Ctx index(E1, E2) N
exprNames Ctx E N
------------------------- [EN-Length]
exprNames Ctx length(E) N
mems L Ctx
exprNames Ctx I NI
exprNames Ctx E NE
NI ++ NE = N
--------------------------------------- [SN-ListUpdate-Ignore]
stmtNames Ctx listUpdate(L, I, E) N Ctx
not_mems L Ctx
exprNames Ctx I NI
exprNames Ctx E NE
NI ++ NE = N
------------------------------------------ [SN-ListUpdate-Take]
stmtNames Ctx listUpdate(L, I, E) L::N Ctx
exprNames Ctx L NL
stmtNames [I]::Ctx Body NB Ctx1
NL ++ NB = N
------------------------------------------- [SN-ListForeach]
stmtNames Ctx listForeach(I, L, Body) N Ctx
File: typing.sos
[Reduce File] [Raw File]
Module exactEval:list
------------------------------- [T-Nil]
typeOf FC TC nil(Ty) listTy(Ty)
typeOf FC TC E1 Ty
typeOf FC TC E2 listTy(Ty)
------------------------------------ [T-Cons]
typeOf FC TC cons(E1, E2) listTy(Ty)
typeOf FC TC E listTy(Ty)
------------------------- [T-Head]
typeOf FC TC head(E) Ty
typeOf FC TC E listTy(Ty)
------------------------------- [T-Tail]
typeOf FC TC tail(E) listTy(Ty)
typeOf FC TC E listTy(Ty)
--------------------------- [T-Null]
typeOf FC TC null(E) boolTy
typeOf FC TC L listTy(Ty)
typeOf FC TC I intTy
--------------------------- [T-Index]
typeOf FC TC index(L, I) Ty
typeOf FC TC E listTy(Ty)
---------------------------- [T-Length]
typeOf FC TC length(E) intTy
lookupScopes L TC listTy(Ty)
typeOf FC TC I intTy
typeOf FC TC E Ty
----------------------------------- [T-ListUpdate]
stmtOK FC TC listUpdate(L, I, E) TC
typeOf FC TC L listTy(Ty)
stmtOK FC [(X, Ty)]::TC Body TC1
--------------------------------------- [T-ListForeach]
stmtOK FC TC listForeach(X, L, Body) TC
valueType V boolTy
----------------------------------------------- [VT-ListNil]
valueType recVal([("null", V)]) listTy(Ty)
valueType NV boolTy
valueType HV Ty
valueType TV listTy(Ty)
---------------------------------------------- [VT-ListCons]
{valueType recVal([("null", NV), ("head", HV),
("tail", TV)]) listTy(Ty)}
File: eval.sos
[Reduce File] [Raw File]
Module exactEval:list
-------------------------------------------------------- [E-Nil]
evalExpr FE EE nil(Ty) recVal([("null", trueVal)]) EE []
evalExpr FE EE E1 V1 EE1 O1
evalExpr FE EE1 E2 V2 EE2 O2
O1 ++ O2 = O
--------------------------------------------- [E-Cons]
{evalExpr FE EE cons(E1, E2)
recVal([("null", falseVal), ("head", V1),
("tail", V2)]) EE2 O}
evalExpr FE EE E recVal(Fields) EE1 O
lookup Fields "head" Hd
------------------------------------- [E-Head]
evalExpr FE EE head(E) Hd EE1 O
evalExpr FE EE E recVal(Fields) EE1 O
lookup Fields "tail" Tl
------------------------------------- [E-Tail]
evalExpr FE EE tail(E) Tl EE1 O
evalExpr FE EE E recVal(Fields) EE1 O
lookup Fields "null" V
------------------------------------- [E-Null]
evalExpr FE EE null(E) V EE1 O
evalExpr FE EE L LV EE1 O1
evalExpr FE EE1 I intVal(Idx) EE2 O2
listIndex LV Idx V
O1 ++ O2 = O
------------------------------------ [E-Index]
evalExpr FE EE index(L, I) V EE2 O
evalExpr FE EE E V EE1 O
listLength V I
---------------------------------------- [E-Length]
evalExpr FE EE length(E) intVal(I) EE1 O
Fixed Judgment listIndex : value int value
Fixed Judgment listLength : value int
lookup Fields "head" V
============================ [LI-0]
listIndex recVal(Fields) 0 V
N - 1 = I
lookup Fields "tail" Tl
listIndex Tl I V
============================ [LI-Step]
listIndex recVal(Fields) N V
lookup Fields "null" trueVal
============================ [LL-Nil]
listLength recVal(Fields) 0
lookup Fields "null" falseVal
lookup Fields "tail" Tl
listLength Tl I
I + 1 = N
============================= [LL-Cons]
listLength recVal(Fields) N
evalExpr FE EE I intVal(N) EE1 O1
evalExpr FE EE1 E V EE2 O2
lookupScopes L EE2 LV
updateListIndex LV N V LV2
replaceScopes L LV2 EE2 EE3
O1 ++ O2 = O
---------------------------------------- [E-ListUpdate]
evalStmt FE EE listUpdate(L, I, E) EE3 O
evalExpr FE EE L LV EE1 O1
iterateList FE EE1 LV X Body EE2 O2
O1 ++ O2 = O
-------------------------------------------- [E-ListForeach]
evalStmt FE EE listForeach(X, L, Body) EE2 O
Fixed Judgment updateListIndex : value int value value
lookup Fields "null" falseVal
replaceRecVal "head" VNew Fields NewFields
======================================================= [ULI-0]
updateListIndex recVal(Fields) 0 VNew recVal(NewFields)
lookup Fields "null" falseVal
N - 1 = I
lookup Fields "tail" Tl
updateListIndex Tl I V TlNew
replaceRecVal "tail" TlNew Fields NewFields
==================================================== [ULI-Step]
updateListIndex recVal(Fields) N V recVal(NewFields)
Judgment iterateList : {[(string, (string, value, [string], stmt))] [[(string, value)]]
value* string stmt [[(string, value)]] [value]}
lookup Fields "null" trueVal
--------------------------------------------- [IL-Nil]
iterateList FE EE recVal(Fields) X Body EE []
lookup Fields "null" falseVal
lookup Fields "head" Hd
evalStmt FE [(X, Hd)]::EE Body Scope::EE1 O1
lookup Fields "tail" Tl
iterateList FE EE1 Tl X Body EE2 O2
O1 ++ O2 = O
--------------------------------------------- [IL-Cons]
iterateList FE EE recVal(Fields) X Body EE2 O
1 = 0
-------------------------------- [IL-Default]*
iterateList FE EE V X Body EE1 O
Reasoning
[Show All Proofs] [Hide All Proofs]
[Raw File]
Click on a command or tactic to see a detailed view of its use.
Module exactEval:list.
Prove_Constraint exactEval:host:proj_expr_unique. [Show Proof]
Prove_Constraint exactEval:host:proj_expr_is. [Show Proof]
Prove_Constraint exactEval:host:proj_expr_other. [Show Proof]
Prove_Constraint exactEval:host:proj_stmt_unique. [Show Proof]
Prove_Constraint exactEval:host:proj_stmt_is. [Show Proof]
Prove_Constraint exactEval:host:proj_stmt_other. [Show Proof]
Prove_Constraint exactEval:host:proj_fun_unique.
Prove_Constraint exactEval:host:proj_fun_is.
Prove_Constraint exactEval:host:proj_param_unique.
Prove_Constraint exactEval:host:proj_param_is.
Prove_Constraint exactEval:host:proj_program_unique.
Prove_Constraint exactEval:host:proj_program_is.
Prove_Constraint exactEval:host:proj_typ_unique. [Show Proof]
Prove_Constraint exactEval:host:proj_typ_is. [Show Proof]
Add_Proj_Rel exactEval:host:is_expr,
exactEval:host:is_args,
exactEval:host:is_recFieldExprs,
exactEval:host:is_stmt.
Prove_Ext_Ind exactEval:host:is_expr,
exactEval:host:is_args,
exactEval:host:is_recFieldExprs,
exactEval:host:is_stmt. [Show Proof]
search 10.
apply IH to R1. apply IH to R2. search 20.
apply IH to R1. search 10.
apply IH to R1. search 10.
apply IH to R1. search 10.
apply IH to R1. apply IH to R2.
apply fresh_name_exists to _ _ with Base = "I", Names = [].
apply fresh_name_exists to _ _ with Base = "L", Names = [].
search 20.
apply IH to R1.
apply fresh_name_exists to _ _ with Base = "L", Names = [].
apply fresh_name_exists to _ _ with Base = "Len", Names = [].
search 20.
apply IH to R2. apply IH to R3.
FrI: apply fresh_name_exists to _ _ with Base = "I", Names = [S1].
FrH: apply fresh_name_exists to _ _ with
Base = "Hold", Names = [S1]. search 7.
FrE: apply fresh_name_exists to _ _ with Base = "E", Names = [S1].
FrC: apply fresh_name_exists to _ _ with Base = "C", Names = [S1].
apply fresh_name_is to _ FrI. rename F to SaveI.
apply fresh_name_is to _ FrH. search 7. rename F1 to Hold.
apply fresh_name_is to _ FrE. rename F2 to SaveE.
apply fresh_name_is to _ FrC. rename F3 to Copy.
rename Expr1 to I. rename Expr to E.
assert [] |{stmt}- listUpdate S1 I E ~~>
scopeStmt
(seq (declare intTy SaveI I)
(seq (declare intTy SaveE E)
(seq (assign SaveI (name SaveI))
(seq (declare intTy Hold (exactEval:list:nil intTy))
(seq (while (exactEval:host:and
(not (eq (name SaveI) (num 0)))
(not (null (name S1))))
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name S1))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign S1 (tail (name S1))))))))
(seq (ifThenElse (null (name S1))
(declare intTy Copy
(errorExpr (stringLit "Invalid update") intTy))
noop)
(seq (recUpdate S1 ["head"] (name SaveE))
(while (not (null (name Hold)))
(seq (declare intTy Copy (name Hold))
(seq (recUpdate Copy ["tail"] (name S1))
(seq (assign S1 (name Copy))
(assign Hold (tail (name Hold)))))))))))))).
unfold. exists [],
scopeStmt
(seq (declare intTy SaveI I)
(seq (declare intTy SaveE E)
(seq (assign SaveI (name SaveI))
(seq (declare intTy Hold (exactEval:list:nil intTy))
(seq (while (exactEval:host:and
(not (eq (name SaveI) (num 0)))
(not (null (name S1))))
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name S1))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign S1 (tail (name S1))))))))
(seq (ifThenElse (null (name S1))
(declare intTy Copy
(errorExpr (stringLit "Invalid update") intTy))
noop)
(seq (recUpdate S1 ["head"] (name SaveE))
(while (not (null (name Hold)))
(seq (declare intTy Copy (name Hold))
(seq (recUpdate Copy ["tail"] (name S1))
(seq (assign S1 (name Copy))
(assign Hold (tail (name Hold)))))))))))))). split.
search.
search.
search.
search.
search 30.
apply IH to R2. apply IH3 to R3.
Fr: apply fresh_name_exists to _ _ with Base = "L", Names = [S1].
apply fresh_name_is to _ Fr. search 20.
Prove exactEval:host:is_args_nilArgs_or_consArgs.
Prove exactEval:host:is_recFieldExprs_nilRecFieldExprs_or_consRecFieldExprs.
Prove exactEval:host:vars_unique. [Show Proof]
Prove exactEval:host:vars_is. [Show Proof]
Prove exactEval:host:vars_exist,
exactEval:host:varsArgs_exist,
exactEval:host:varsRecFields_exist. [Show Proof]
Prove exactEval:host:stmtNames_is,
exactEval:host:stmtNames_isCtx,
exactEval:host:exprNames_is. [Show Proof]
Prove exactEval:host:stmtNames_unique,
exactEval:host:exprNames_unique. [Show Proof]
Prove exactEval:host:stmtNames_keep_older. [Show Proof]
Prove exactEval:host:stmtNames_exists,
exactEval:host:exprNames_exists,
exactEval:host:argsNames_exists,
exactEval:host:recFieldNames_exists. [Show Proof]
Prove exactEval:host:stmtNames_not_in_ctx,
exactEval:host:exprNames_not_in_ctx. [Show Proof]
Prove exactEval:host:stmtNames_relatedCtxs,
exactEval:host:stmtNames_relatedCtxs_ctx_fwd,
exactEval:host:stmtNames_relatedCtxs_ctx_back,
exactEval:host:exprNames_relatedCtxs. [Show Proof]
Prove exactEval:host:stmtNames_increaseCtxs,
exactEval:host:stmtNames_increaseCtxs_ctxs,
exactEval:host:exprNames_increaseCtxs. [Show Proof]
Theorem exprNames_mem : forall Ctx X N,
mems X Ctx -> exprNames Ctx (name X) N -> N = []. [Show Proof]
Prove_Constraint exactEval:host:proj_exprNames. [Show Proof]
Theorem mems_append_right[X] : forall A B C (X : X),
A ++ B = C -> mems X B -> mems X C. [Show Proof]
Prove_Constraint exactEval:host:proj_stmtNames. [Show Proof]
case IsS. SN: case SN.
SN_P: case SN_P. SN_P: case SN_P. SN_PI: case SN_P.
SN_P: case SN_P1. SN_PE: case SN_P. SN_P: case SN_P1.
SN_P: case SN_P1. SN_P: case SN_P1. case SN_P1. case SN_P6.
SN_P: case SN_P5. SN_P: case SN_P1. SN_P: case SN_P1.
SN_P: case SN_P1. SN_P: case SN_P1. case SN_P11. SN_P: case SN_P9.
SN_P: case SN_P9. SN_P: case SN_P7. SN_P: case SN_P11.
SN_P: case SN_P11. SN_P: case SN_P14. SN_P: case SN_P16.
SN_P: case SN_P5. SN_P: case SN_P5. SN_P: case SN_P5. case SN_P23.
SN_P: case SN_P22. SN_P: case SN_P22. case SN_P22.
SN_P: case SN_P20. SN_P: case SN_P22. SN_P: case SN_P22.
SN_P: case SN_P22. SN_P: case SN_P26. SN_P: case SN_P26.
SN_P: case SN_P28. SN_P: case SN_P30.
Eq: assert N5 = [] /\
Scope1::Ctx6 = [SaveE, SaveI]::Scope::Ctx.
A: case SN_P.
E: case A1. search. N: case E. N: case N. N: case N2.
apply N2 to _.
N: case A. N: case N. N: case N2. apply N2 to _.
case Eq. case SN_P4. clear SN_P.
Eq: assert N13 = [].
E: case SN_P1. search. N: case E. N: case N. N: case N2.
N: case N3. apply N3 to _.
case Eq. case SN_P12. case SN_P10. clear SN_P1.
Eq: assert CN = [].
E: case SN_P9. search. N: case E. apply not_mems to N1 SN.
case Eq. case SN_P8. clear SN_P9.
Eq: assert N15 = [] /\
Scope2::Ctx10 = []::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P7.
E: case A1. case E1. E: case E. case E2. search.
N: case E. N: case N1. N: case N1. N: case N3. N: case N4.
apply N4 to _.
N: case A. N: case N1. N: case N1. N: case N3. N: case N4.
apply N4 to _.
case Eq. case SN_P13. clear SN_P7.
Eq: assert N17 = [].
E: case SN_P11. search. N: case E. N: case N1.
apply not_mems to N2 _.
case Eq. case SN_P15. clear SN_P11.
Eq: assert N19 = [] /\
Ctx11 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
R: case SN_P14.
E: case R1. search. N: case E. N: case N1. N: case N1.
apply N1 to _.
N: case R. N: case N. apply N to _.
case Eq. case SN_P17. clear SN_P14.
Eq: assert N21 = [] /\
Ctx12 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P16.
E: case A1. search. N: case E. N: case N. apply N to _.
N: case A. N: case N1. N: case N1. apply N1 to _.
case Eq. case SN_P19. clear SN_P16.
Eq: assert N9 = [] /\
CtxB = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P18.
E: case A1. E: case E. search. N: case E. N: case N1.
apply not_mems to N2 _.
N: case A. N: case N1. apply not_mems to N2 _.
case Eq. case SN_P6. clear SN_P18.
Eq: assert CN1 = [].
E: case SN_P5. search. N: case E. apply not_mems to N1 _.
case Eq. case SN_P24. case SN_P25. case SN_P21. clear SN_P5.
Eq: assert N26 = [] /\
Ctx2 = [Hold, SaveE, SaveI]::Scope::Ctx.
R: case SN_P20.
E: case R1. search. N: case E. N: case N. N: case N2.
apply N2 to _.
N: case R. apply not_mems to N1 _.
case Eq. case SN_P23. clear SN_P20.
Eq: assert CN2 = [].
E: case SN_P22. search. N: case E. N: case N. apply N to _.
case Eq. case SN_P27. clear SN_P22.
Eq: assert N28 = [].
E: case SN_P26. search. N: case E. N: case N1. N: case N1.
apply N1 to _.
case Eq. case SN_P29. clear SN_P26.
Eq: assert N30 = [] /\
Ctx16 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
R: case SN_P28.
E: case R1. search. N: case E. N: case N1.
apply not_mems to N2 _.
N: case R. N: case N. apply N to _.
case Eq. case SN_P31. clear SN_P28.
Eq: assert N32 = [] /\
Ctx17 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P30.
E: case A1. search. N: case E. N: case N. apply N to _.
N: case A. N: case N1. apply not_mems to N2 _.
case Eq. case SN_P33. clear SN_P30.
Eq: assert N4 = [].
A: case SN_P32.
E: case A1. E: case E. search. N: case E. N: case N1.
N: case N1. apply N1 to _.
N: case A. N: case N1. N: case N1. apply N1 to _.
case Eq. apply append_nil_right to SN_P3. clear SN_P3 SN_P32.
Or: apply mem_append to M SN_P2. M': case Or.
MI: apply exprNames_increaseCtxs to _ _ _ _ SN1 SN_PI M'.
apply mem_append_left to MI SN3. search.
apply fresh_name_is to _ Pr1.
ME: apply exprNames_increaseCtxs to _ _ _ _ SN2 SN_PE M'.
apply mem_append_right to ME SN3. search.
apply fresh_name_is to _ Pr1.
apply fresh_name_is to _ Pr2. search 6.
NotI: assert L = SaveI -> false.
intros E. case E. apply fresh_name_not_mem to Pr1 _.
NotHold: assert L = Hold -> false.
intros E. case E. apply fresh_name_not_mem to Pr2 _.
NotE: assert L = SaveE -> false.
intros E. case E. apply fresh_name_not_mem to Pr3 _.
NotCopy: assert L = Copy -> false.
intros E. case E. apply fresh_name_not_mem to Pr4 _.
SN_P: case SN_P. SN_P: case SN_P. SN_PI: case SN_P.
SN_P: case SN_P1. SN_PE: case SN_P. SN_P: case SN_P1.
SN_P: case SN_P1. SN_P: case SN_P1. case SN_P1. case SN_P6.
SN_P: case SN_P5. SN_P: case SN_P1. SN_P: case SN_P1.
SN_P: case SN_P1. SN_P: case SN_P1. case SN_P11. SN_P: case SN_P9.
SN_P: case SN_P9. SN_P: case SN_P7. SN_P: case SN_P11.
SN_P: case SN_P11. SN_P: case SN_P14. SN_P: case SN_P16.
SN_P: case SN_P5. SN_P: case SN_P5. SN_P: case SN_P5. case SN_P23.
SN_P: case SN_P22. SN_P: case SN_P22. case SN_P22.
SN_P: case SN_P20. SN_P: case SN_P22. SN_P: case SN_P22.
SN_P: case SN_P22. SN_P: case SN_P26. SN_P: case SN_P26.
SN_P: case SN_P28. SN_P: case SN_P30.
Eq: assert N6 = [] /\
Scope1::Ctx6 = [SaveE, SaveI]::Scope::Ctx.
A: case SN_P.
E: case A1. search. N: case E. N: case N. N: case N2.
apply N2 to _.
N: case A. N: case N. N: case N2. apply N2 to _.
case Eq. case SN_P4. clear SN_P.
Eq: assert N14 = [].
E: case SN_P1. search. N: case E. N: case N. N: case N2.
N: case N3. apply N3 to _.
case Eq. case SN_P12. case SN_P10. clear SN_P1.
Eq: assert CN = [L].
E: case SN_P9. M': case E. M': case M'. apply NotHold to _.
M': case M'. apply NotE to _. M': case M'. apply NotI to _.
case M'. apply not_mems to SN _. search.
case Eq. App: case SN_P8. case App. clear SN_P9.
Eq: assert N16 = [] /\
Scope2::Ctx10 = []::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P7.
E: case A1. case E1. E: case E. case E2. search.
N: case E. N: case N1. N: case N1. N: case N3. N: case N4.
apply N4 to _.
N: case A. N: case N1. N: case N1. N: case N3. N: case N4.
apply N4 to _.
case Eq. case SN_P13. clear SN_P7.
Eq: assert N18 = [L].
E: case SN_P11. M': case E. case M'. M': case M'. M': case M'.
apply NotHold to _. M': case M'. apply NotE to _. M': case M'.
apply NotI to _. case M'. apply not_mems to SN _. search.
case Eq. App: case SN_P15. case App. clear SN_P11.
Eq: assert N20 = [] /\
Ctx11 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
R: case SN_P14.
E: case R1. search. N: case E. N: case N1. N: case N1.
apply N1 to _.
N: case R. N: case N. apply N to _.
case Eq. case SN_P17. clear SN_P14.
Eq: assert N22 = [] /\
Ctx12 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P16.
E: case A1. search. N: case E. N: case N. apply N to _.
N: case A. N: case N1. N: case N1. apply N1 to _.
case Eq. case SN_P19. clear SN_P16.
Eq: assert L1 = [L, L] /\
CtxB = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P18.
M': case A. M': case M'. apply NotCopy to _. case M'.
M': case M'. M': case M'. apply NotHold to _. M': case M'.
apply NotE to _. M': case M'. apply NotI to _. case M'.
apply not_mems to _ M'.
E: case A1. E: case E. M': case E. M': case M'.
apply NotCopy to _. case M'. M': case M'. M': case M'.
apply NotHold to _. M': case M'. apply NotE to _.
M': case M'. apply NotI to _. case M'.
apply not_mems to _ M'. search.
case Eq. App: case SN_P6. App: case App. App: case App.
App: case App. case App. clear SN_P18.
Eq: assert CN1 = [L].
E: case SN_P5. M': case E. M': case M'. apply NotHold to _.
M': case M'. apply NotE to _. M': case M'. apply NotI to _.
case M'. apply not_mems to _ M'. search.
case Eq. App: case SN_P24. case App. App: case SN_P25. case App.
App: case SN_P21. case App. clear SN_P5.
Eq: assert N27 = [L] /\
Ctx2 = [Hold, SaveE, SaveI]::Scope::Ctx.
R: case SN_P20.
M': case R. M': case M'. apply NotHold to _. M': case M'.
apply NotE to _. M': case M'. apply NotI to _. case M'.
apply not_mems to _ M'.
E: case R1. search. N: case E. N: case N. N: case N2.
apply N2 to _.
case Eq. App: case SN_P23. case App. clear SN_P20.
Eq: assert CN2 = [].
E: case SN_P22. search. N: case E. N: case N. apply N to _.
case Eq. case SN_P27. clear SN_P22.
Eq: assert N29 = [].
E: case SN_P26. search. N: case E. N: case N1. N: case N1.
apply N1 to _.
case Eq. case SN_P29. clear SN_P26.
Eq: assert N31 = [L] /\
Ctx16 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
R: case SN_P28.
E: case R1. M': case E. M': case M'. apply NotCopy to _.
case M'. M': case M'. M': case M'. apply NotHold to _.
M': case M'. apply NotE to _. M': case M'. apply NotI to _.
case M'. apply not_mems to _ M'. search.
N: case R. N: case N. apply N to _.
case Eq. App: case SN_P31. case App. clear SN_P28.
Eq: assert N33 = [L] /\
Ctx17 = [Copy]::[Hold, SaveE, SaveI]::Scope::Ctx.
A: case SN_P30.
M': case A. M': case M'. apply NotCopy to _. case M'.
M': case M'. M': case M'. apply NotHold to _. M': case M'.
apply NotE to _. M': case M'. apply NotI to _. case M'.
apply not_mems to _ M'.
E: case A1. search. N: case E. N: case N. apply N to _.
case Eq. App: case SN_P33. case App. clear SN_P30.
Eq: assert L13 = [].
A: case SN_P32.
E: case A1. E: case E. search. N: case E. N: case N1.
N: case N1. apply N1 to _.
N: case A. N: case N1. N: case N1. apply N1 to _.
case Eq. clear SN_P32. Or: apply mem_append to M SN_P2.
M': case Or.
MI: apply exprNames_increaseCtxs to _ _ _ _ SN1 SN_PI M'.
apply mem_append_left to MI SN3. search.
Or: apply mem_append to M' SN_P3. M'': case Or.
apply fresh_name_is to _ Pr1.
ME: apply exprNames_increaseCtxs to _ _ _ _ SN2 SN_PE M''.
apply mem_append_right to ME SN3. search.
Eq: assert X = L.
X: case M''. search. X: case X. search. X: case X. search.
X: case X. search. X: case X. search. X: case X. search.
X: case X. search. X: case X. search. case X.
case Eq. search.
case IsS. apply fresh_name_is to _ Pr1. SN: case SN. SN_P: case SN_P.
SN_P: case SN_P. SN_P: case SN_P. SN_P: case SN_P1. SN_P: case SN_P1.
SN_P: case SN_P1. SN_P: case SN_P3. SN_P: case SN_P3.
SN_P: case SN_P3. Eq: assert N1 = [].
M': case SN_P3. search. NM: case M'. NM: case NM1. N: case NM1.
apply N to _.
case Eq. case SN_P6. clear SN_P3. Eq: assert CN = [].
M': case SN_P1. search. NM: case M'. NM: case NM. apply NM to _.
case Eq. case SN_P4. clear SN_P1. SN_P: case SN_P5.
Eq: assert N5 = [] /\
Ctx5 = [X1]::([SaveL]::(Scope::Ctx)).
A: case SN_P1.
A: case A1. MA: case A1. search. NM: case MA. NM: case NM1.
NM': case NM1. apply NM' to _.
NM: case A. NM: case NM1. NM': case NM1. apply NM' to _.
case Eq. case SN_P4. Or: apply mem_append to M SN_P2. M': case Or.
ML: apply exprNames_increaseCtxs to _ _ _ _ SN SN_P M'.
apply mem_append_left to ML SN2. search.
MB: apply stmtNames_increaseCtxs to _ _ _ _ SN1 SN_P3 M'.
intros Ms. Ms: case Ms. M'': case Ms. search. case M''. search.
apply mem_append_right to MB SN2. search.
Prove_Constraint exactEval:host:proj_stmtNames_names_forward. [Show Proof]
Prove_Constraint exactEval:host:proj_stmtNames_names_backward. [Show Proof]
Prove exactEval:host:typeOf_isTy,
exactEval:host:stmtOK_isCtx. [Show Proof]
Prove exactEval:host:stmtOK_keep_scopes. [Show Proof]
Prove exactEval:host:stmtOK_older_scopes_same. [Show Proof]
Prove exactEval:host:stmtOK_first_scope_lookup_same. [Show Proof]
Prove exactEval:host:typeOf_unique,
exactEval:host:stmtOK_unique. [Show Proof]
Prove exactEval:host:paramTy_is.
Prove exactEval:host:getFunInfo_is.
Prove exactEval:host:paramTy_exists.
Prove exactEval:host:getFunInfo_exists.
Theorem listIndex_is : forall L I V,
is_value L -> listIndex L I V -> is_value V. [Show Proof]
Theorem listLength_is : forall L I,
is_value L -> listLength L I -> is_integer I. [Show Proof]
Theorem updateListIndex_is : forall L I V Out,
is_value L -> is_value V -> updateListIndex L I V Out ->
is_value Out. [Show Proof]
Prove exactEval:host:evalExpr_isCtx,
exactEval:host:evalExpr_isValue,
exactEval:host:evalStmt_isCtx,
exactEval:host:evalArgs_isCtx,
exactEval:host:evalArgs_isValue,
exactEval:host:evalRecFields_isCtx,
exactEval:host:evalRecFields_isValue
with
iterateList_isCtx : forall FE EE V X Body EE' O,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value)) EE ->
IL : iterateList FE EE V X Body EE' O ->
is_list (is_list (is_pair is_string is_value)) EE'
on IL as IH_IL. [Show Proof]
Prove exactEval:host:evalExpr_isOutput,
exactEval:host:evalStmt_isOutput,
exactEval:host:evalArgs_isOutput,
exactEval:host:evalRecFields_isOutput
with
iterateList_isOutput : forall FE EE V X Body EE' O,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value)) EE ->
IL : iterateList FE EE V X Body EE' O ->
is_list is_value O
on IL as IH_IL. [Show Proof]
Prove exactEval:host:paramName_is.
Prove exactEval:host:getFunEvalInfo_is.
Prove exactEval:host:evalProgram_isOutput.
Prove exactEval:host:evalExpr_names_same,
exactEval:host:evalStmt_names_same,
exactEval:host:evalArgs_names_same,
exactEval:host:evalRecFields_names_same
with
iterateList_names_same : forall FE EE V X Body EE' O,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value)) EE ->
IL : iterateList FE EE V X Body EE' O ->
names_same EE EE'
on IL as IH_IL. [Show Proof]
Theorem listIndex_geq_0 : forall L I V,
is_integer I -> listIndex L I V -> I >= 0. [Show Proof]
Theorem listIndex_unique : forall L I VA VB,
listIndex L I VA -> listIndex L I VB -> VA = VB. [Show Proof]
Theorem listLength_unique : forall L IA IB,
listLength L IA -> listLength L IB -> IA = IB. [Show Proof]
Theorem updateListIndex_geq_0 : forall L I V Out,
is_integer I -> updateListIndex L I V Out -> I >= 0. [Show Proof]
Theorem updateListIndex_unique : forall L I V OutA OutB,
updateListIndex L I V OutA -> updateListIndex L I V OutB ->
OutA = OutB. [Show Proof]
Prove exactEval:host:evalExpr_newNameScopes,
exactEval:host:evalExpr_newNameScopes_output,
exactEval:host:evalExpr_newNameScopes_ctx,
exactEval:host:evalStmt_newNameScopes_output,
exactEval:host:evalStmt_newNameScopes,
exactEval:host:evalArgs_newNameScopes,
exactEval:host:evalArgs_newNameScopes_output,
exactEval:host:evalArgs_newNameScopes_ctx,
exactEval:host:evalRecFields_newNameScopes,
exactEval:host:evalRecFields_newNameScopes_output,
exactEval:host:evalRecFields_newNameScopes_ctx
with
iterateList_newNameScopes_output :
forall FE EE_A EE_B V X Body EE_A' EE_B' O_A O_B N Len,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
ILA : iterateList FE EE_A V X Body EE_A' O_A ->
ILB : iterateList FE EE_B V X Body EE_B' O_B ->
NNS : newNameScopes N Len EE_A EE_B ->
O_A = O_B
on ILA as IH_O_IL,
iterateList_newNameScopes :
forall FE EE_A EE_B V X Body EE_A' EE_B' O_A O_B N Len,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
ILA : iterateList FE EE_A V X Body EE_A' O_A ->
ILB : iterateList FE EE_B V X Body EE_B' O_B ->
NNS : newNameScopes N Len EE_A EE_B ->
newNameScopes N Len EE_A' EE_B'
on ILA as IH_C_IL. [Show Proof]
Add_Ext_Size exactEval:host:evalExpr, exactEval:host:evalArgs,
exactEval:host:evalRecFields, exactEval:host:evalStmt
with iterateList FE EE V X Body EE' O.
Add_Proj_Rel exactEval:host:evalExpr, exactEval:host:evalArgs,
exactEval:host:evalRecFields, exactEval:host:evalStmt
with iterateList FE EE V X Body EE' O.
Prove exactEval:host:evalExpr_newNameScopes_exists_ES,
exactEval:host:evalStmt_newNameScopes_exists_ES,
exactEval:host:evalArgs_newNameScopes_exists_ES,
exactEval:host:evalRecFields_newNameScopes_exists_ES
with
iterateList_newNameScopes_exists_ES :
forall FE EE_A EE_B V X Body EE_B' O N Len ES,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
ILB : <iterateList {ES}> FE EE_B V X Body EE_B' O ES ->
NNS : newNameScopes N Len EE_A EE_B ->
exists EE_A', <iterateList {ES}> FE EE_A V X Body EE_A' O ES
on ILB as IH_IL. [Show Proof]
Prove exactEval:host:evalExpr_ctx_names,
exactEval:host:evalStmt_ctx_names,
exactEval:host:evalArgs_ctx_names,
exactEval:host:evalRecFields_ctx_names
with
iterateList_ctx_names : forall FE EE V X Body EE' O Ctx N Sc Ctx',
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value)) EE ->
IsCtx : is_list (is_list is_string) Ctx ->
Ctxs : ctx_names EE Ctx ->
BN : stmtNames ([X]::Ctx) Body N (Sc::Ctx') ->
IL : iterateList FE EE V X Body EE' O ->
ctx_names EE' Ctx
on IL as IH_IL. [Show Proof]
Prove exactEval:host:evalExpr_newNameScopes_exists_back,
exactEval:host:evalStmt_newNameScopes_exists_back,
exactEval:host:evalArgs_newNameScopes_exists_back,
exactEval:host:evalRecFields_newNameScopes_exists_back
with
iterateList_newNameScopes_exists_back :
forall FE EE_A EE_B V X Body Ctx EE_A' O N Len Ctx',
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
IsCtx : is_list (is_list is_string) Ctx ->
Ctxs : ctx_names EE_B Ctx ->
BN : stmtNames ([X]::Ctx) Body [] Ctx' ->
ILA : iterateList FE EE_A V X Body EE_A' O ->
NNS : newNameScopes N Len EE_A EE_B ->
exists EE_B', iterateList FE EE_B V X Body EE_B' O
on ILA as IH_IL. [Show Proof]
Prove exactEval:host:evalExpr_scopes_same,
exactEval:host:evalExpr_scopes_same_ctx,
exactEval:host:evalStmt_scopes_same,
exactEval:host:evalStmt_scopes_same_ctx,
exactEval:host:evalArgs_scopes_same,
exactEval:host:evalArgs_scopes_same_ctx,
exactEval:host:evalRecFields_scopes_same,
exactEval:host:evalRecFields_scopes_same_ctx
with
iterateList_scopes_same :
forall V X Body FE EE_A EE_A' OA EE_B EE_B' OB,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
SS : scopes_same EE_A EE_B ->
ILA : iterateList FE EE_A V X Body EE_A' OA ->
ILB : iterateList FE EE_B V X Body EE_B' OB ->
OA = OB
on ILA as IH_IL,
iterateList_scopes_same_ctx :
forall V X Body FE EE_A EE_A' OA EE_B EE_B' OB,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
SS : scopes_same EE_A EE_B ->
ILA : iterateList FE EE_A V X Body EE_A' OA ->
ILB : iterateList FE EE_B V X Body EE_B' OB ->
scopes_same EE_A' EE_B'
on ILA as IH_IL_C. [Show Proof]
Prove exactEval:host:evalExpr_scopes_same_exists,
exactEval:host:evalStmt_scopes_same_exists,
exactEval:host:evalArgs_scopes_same_exists,
exactEval:host:evalRecFields_scopes_same_exists
with
iterateList_scopes_same_exists :
forall V X Body FE EE_A EE_A' O EE_B,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsA : is_list (is_list (is_pair is_string is_value)) EE_A ->
IsB : is_list (is_list (is_pair is_string is_value)) EE_B ->
SS : scopes_same EE_A EE_B ->
ILA : iterateList FE EE_A V X Body EE_A' O ->
exists EE_B', iterateList FE EE_B V X Body EE_B' O
on ILA as IH_IL. [Show Proof]
Theorem is_list_values_append_nil : forall L,
is_list is_value L -> L ++ [] = L. [Show Proof]
Theorem index_to_while : forall LV IV V FE Ctx I L,
listIndex LV IV V -> (L = I -> false) -> is_integer IV ->
exists Fields,
<evalStmt {ES}> FE ([(I, intVal IV), (L, LV)]::Ctx)
(while (greater (name I) (num 0))
(seq (assign L (recFieldAccess (name L) "tail"))
(assign I (minus (name I) (num 1)))))
([(I, intVal 0), (L, recVal Fields)]::Ctx) [] 0 /\
lookup Fields "head" V. [Show Proof]
induction on 1. intros LI NEqLI IsIV. LI: case LI.
exists Fields. split.
assert <evalExpr {ES}> FE
([(I, intVal 0), (L, recVal Fields)]::Ctx)
(greater (name I) (num 0)) falseVal
([(I, intVal 0), (L, recVal Fields)]::Ctx) [] 0.
search.
search.
apply minus_integer_is_integer to _ _ LI.
NEqIL: assert I = L -> false. intros E. case E. backchain NEqLI.
assert <evalExpr {ES}> FE
([(I, intVal IV), (L, recVal Fields)]::Ctx)
(greater (name I) (num 0)) trueVal
([(I, intVal IV), (L, recVal Fields)]::Ctx) [] 0.
unfold.
exists 0, 0, IV,
([(I, intVal IV), (L, recVal Fields)]::Ctx), [], 0, [].
split.
search.
search.
search.
GEq: apply listIndex_geq_0 to _ LI2.
P: apply minus_plus_same_integer to _ _ LI.
P': apply plus_integer_comm to _ _ P.
L: apply lt_plus_one to P' _. LEq: case GEq.
apply lesseq_less_integer_transitive to LEq L. search.
search.
assert <evalStmt {ES}> FE
([]::[(I, intVal IV), (L, recVal Fields)]::Ctx)
(assign L (recFieldAccess (name L) "tail"))
([]::[(L, Tl), (I, intVal IV)]::Ctx) [] 0.
search 20.
assert <evalStmt {ES}> FE
([]::[(L, Tl), (I, intVal IV)]::Ctx)
(assign I (minus (name I) (num 1)))
([]::[(I, intVal I1), (L, Tl)]::Ctx) [] 0.
search 20.
apply IH to LI2 _ _ with Ctx = Ctx, FE = FE. search.
Theorem while_to_index : forall LV IV V FE Ctx Ctx' O I L Fields,
evalStmt FE ([(I, intVal IV), (L, LV)]::Ctx)
(while (greater (name I) (num 0))
(seq (assign L (recFieldAccess (name L) "tail"))
(assign I (minus (name I) (num 1))))) Ctx' O ->
lookupScopes L Ctx' (recVal Fields) ->
lookup Fields "head" V ->
IV >= 0 ->
is_integer IV ->
(L = I -> false) ->
listIndex LV IV V /\ O = [] /\ exists Scope, Ctx' = Scope::Ctx. [Show Proof]
Theorem length_to_while :
forall LV StoreLen L Len CurrLen TotalLen FE Ctx,
listLength LV CurrLen -> (L = Len -> false) ->
CurrLen + StoreLen = TotalLen -> is_integer StoreLen ->
is_integer CurrLen ->
exists Fields,
<evalStmt {ES}> FE ([(Len, intVal StoreLen), (L, LV)]::Ctx)
(while (not (recFieldAccess (name L) "null"))
(seq (assign L (recFieldAccess (name L) "tail"))
(assign Len (plus (name Len) (num 1)))))
([(Len, intVal TotalLen), (L, recVal Fields)]::Ctx) [] 0 /\
lookup Fields "null" trueVal. [Show Proof]
induction on 1. intros Len NEq P IsSLen IsCLen.
assert Len = L -> false. intros E. case E. backchain NEq.
Len: case Len.
case P. exists Fields. split.
assert lookupScopes L
([(Len, intVal TotalLen), (L, recVal Fields)]::Ctx)
(recVal Fields).
assert <evalExpr {ES}> FE
([(Len, intVal TotalLen), (L, recVal Fields)]::Ctx)
(not (recFieldAccess (name L) "null")) falseVal
([(Len, intVal TotalLen), (L, recVal Fields)]::Ctx)
[] 0.
search.
search.
LSL: assert lookupScopes L
([(Len, intVal StoreLen), (L, recVal Fields)]::Ctx)
(recVal Fields).
EvC: assert <evalExpr {ES}> FE
([(Len, intVal StoreLen), (L, recVal Fields)]::Ctx)
(not (recFieldAccess (name L) "null")) trueVal
([(Len, intVal StoreLen), (L, recVal Fields)]::Ctx)
[] 0.
EvL: assert
<evalStmt {ES}> FE
([]::[(Len, intVal StoreLen), (L, recVal Fields)]::Ctx)
(assign L (recFieldAccess (name L) "tail"))
([]::[(L, Tl), (Len, intVal StoreLen)]::Ctx) [] 0.
search 20.
P': apply plus_integer_total to _ IsSLen with N1 = 1.
apply plus_integer_is_integer to _ _ P'.
EvE: assert <evalStmt {ES}> FE
([]::[(L, Tl), (Len, intVal StoreLen)]::Ctx)
(assign Len (plus (name Len) (num 1)))
([]::[(Len, intVal N3), (L, Tl)]::Ctx) [] 0.
apply plus_integer_comm to _ _ P'. search 20.
IsI: apply plus_integer_is_integer_result to _ Len3. clear IsI1.
assert I + N3 = TotalLen.
OrigP': apply plus_integer_comm to _ _ P.
AssocP: apply plus_integer_assoc to _ _ _ Len3 OrigP'.
apply plus_integer_unique to P' AssocP. search.
apply IH to Len2 NEq _ _ _ with
TotalLen = TotalLen, StoreLen = N3, FE = FE, Ctx = Ctx.
exists Fields1. search.
Theorem while_to_length :
forall LV StoreLen L Len FE Ctx Ctx' FinalLen O,
evalStmt FE ([(Len, intVal StoreLen), (L, LV)]::Ctx)
(while (not (recFieldAccess (name L) "null"))
(seq (assign L (recFieldAccess (name L) "tail"))
(assign Len (plus (name Len) (num 1))))) Ctx' O ->
lookupScopes Len Ctx' FinalLen -> is_integer StoreLen ->
(L = Len -> false) ->
exists Scope TotalLen CurrLen,
O = [] /\ Ctx' = Scope::Ctx /\ FinalLen = intVal TotalLen /\
listLength LV CurrLen /\ is_integer CurrLen /\
CurrLen + StoreLen = TotalLen. [Show Proof]
Extensible_Theorem
iterateList_dot_null : forall FE EE V X Body EE' O,
IL : iterateList FE EE V X Body EE' O ->
exists Fs, V = recVal Fs /\
(lookup Fs "null" trueVal \/ lookup Fs "null" falseVal)
on IL. [Show Proof]
Theorem iterateList_to_while : forall FE EE V X Body EE' O Names L,
is_value V -> is_string X -> is_stmt Body ->
is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
is_list (is_list (is_pair is_string is_value)) EE ->
iterateList FE EE V X Body EE' O ->
names EE Names -> fresh_name "L" (X::Names) L ->
exists V',
evalStmt FE ([(L, V)]::EE)
(while (not (null (name L)))
(seq (declare intTy X (head (name L)))
(seq (assign L (tail (name L)))
Body))) ([(L, V')]::EE') O. [Show Proof]
induction on 6. intros IsV IsX IsBody IsFE IsEE IL Names Fr.
Or: apply iterateList_dot_null to IL. clear Or. IL: case IL.
search 20.
case IsV. apply lookup_is_value to _ IL1.
apply lookup_is_value to _ IL3.
IsEE''+: apply evalStmt_isCtx to _ _ _ IL2. IsEE'': case IsEE''+.
NS: apply evalStmt_names_same to _ _ _ IL2.
Names'': apply names_exists to IsEE''1.
IsN: apply names_is to _ Names''.
Fr': apply fresh_name_exists to _ _ with Base = "L", Names = X::N.
apply fresh_name_unique_mems to Fr Fr' _ _.
intros M. M: case M. search.
NS': apply names_same_symmetric to NS.
apply names_same_names to NS' Names'' Names M. search.
intros M. M: case M. search.
apply names_same_names to NS Names Names'' M. search.
EvSub: apply IH to _ _ _ _ _ IL4 Names'' Fr'.
exists V'. unfold. exists [(F, recVal Fs)]::EE, [], Scope'.
exists [(F, Tl)]::EE'', O2, O3, O2. split.
search.
unfold. exists [(X, Hd)]::[(F, recVal Fs)]::EE, [], O2. split.
search 20.
NEq: assert X = F -> false.
intros E. case E. apply fresh_name_not_mem to Fr _.
unfold. exists [(X, Hd)]::[(F, Tl)]::EE, [], O2. split.
search 10.
LenEE: apply length_exists_list_pair_string_value to IsEE.
rename N1 to Len.
NNS: assert newNameScopes [[(F, Tl)]] Len
([(F, Tl)]::EE) EE.
unfold. exists 1, [F], Names. split. search. search.
search. search. search. intros M MN. M: case M.
apply fresh_name_not_mem to Fr _. case M.
apply fresh_name_is to _ Fr.
Ev: apply evalStmt_newNameScopes_exists to
_ _ _ _ IL2 NNS.
NNS': apply evalStmt_newNameScopes to _ _ _ _ Ev IL2 _.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take.
Drop: case NNS'1. apply drop_is_integer to Drop1.
apply plus_integer_unique_addend to _ _ _ Take Drop.
Eq: assert L1 = Scope'::EE''.
D: case Drop1. search. apply drop_is_integer to D1.
P: assert 1 + -1 = 0.
apply plus_integer_unique_addend to _ _ _ P D.
GEq: apply drop_geq_0 to D1. LEq: case GEq. case LEq.
case Eq. clear Take Drop Drop1.
Len: case NNS'. apply length_is to Len.
L: apply lt_plus_one to Len1 _.
Len'': apply names_same_length to NS LenEE.
apply length_unique to Len'' Len.
apply less_integer_not_eq to L.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take.
Drop: case NNS'1. apply drop_is_integer to Drop1.
apply plus_integer_unique_addend to _ _ _ Take Drop.
Eq: assert L1 = EE''.
D: case Drop1. search. P: assert 1 + -1 = 0.
apply drop_is_integer to D1.
apply plus_integer_unique_addend to _ _ _ D P.
GEq: apply drop_geq_0 to D1. LEq: case GEq.
case LEq.
case Eq. search.
LenBR+: apply names_same_length to NS LenEE.
LenBR: case LenBR+. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS' LenBR.
apply less_lesseq_flip_false to L LEq.
search.
search.
search.
search.
search.
Theorem while_to_iterateList :
forall FE EE V X Body Scope' EE' O Names L Ctx Ctx',
is_value V -> is_string X -> is_stmt Body ->
is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
is_list (is_list (is_pair is_string is_value)) EE ->
is_list (is_list is_string) Ctx ->
names EE Names -> fresh_name "L" (X::Names) L ->
ctx_names EE Ctx ->
stmtNames ([X]::Ctx) Body [] Ctx' ->
evalStmt FE ([(L, V)]::EE)
(while (not (null (name L)))
(seq (declare intTy X (head (name L)))
(seq (assign L (tail (name L)))
Body))) (Scope'::EE') O ->
iterateList FE EE V X Body EE' O. [Show Proof]
Theorem lookupScopes_replaceScopes_exists : forall L Key V V',
is_list (is_list (is_pair is_string is_value)) L -> is_string Key ->
lookupScopes Key L V -> exists R, replaceScopes Key V' L R. [Show Proof]
Theorem replaceScopes_lookupScopes_same[Key, Item] :
forall L (Key : Key) (V : Item) R,
replaceScopes Key V L R -> lookupScopes Key R V. [Show Proof]
Theorem remove_all_twice[K, V] : forall (L : list (pair K V)) K RA RB,
remove_all L K RA -> remove_all RA K RB -> RA = RB. [Show Proof]
Theorem replaceScopes_twice[Key, Item] :
forall (L : list (list (pair string value))) K VA RA VB RB,
replaceScopes K VA L RA -> replaceScopes K VB RA RB ->
replaceScopes K VB L RB. [Show Proof]
Theorem updateListIndex_is_integer : forall L I V L',
updateListIndex L I V L' -> is_integer I. [Show Proof]
Theorem updateListIndex_pos : forall L I V L',
updateListIndex L I V L' -> I >= 0. [Show Proof]
Define listy : value -> prop by
listy (recVal Fields) := lookup Fields "null" trueVal;
listy (recVal Fields) :=
exists Tl,
lookup Fields "null" falseVal /\
lookup Fields "tail" Tl /\ listy Tl.
Define flipOnto : value -> value -> value -> prop by
flipOnto (recVal Fields) L L := lookup Fields "null" trueVal;
flipOnto (recVal Fields) L L' :=
exists Fields' T,
lookup Fields "null" falseVal /\
lookup Fields "tail" T /\
replaceRecVal "tail" L Fields Fields' /\
flipOnto T (recVal Fields') L'.
Theorem lookup_replaceRecVal_exists : forall L F V V',
lookup L F V -> exists R, replaceRecVal F V' L R. [Show Proof]
Theorem replaceScopes_lookupScopes[Key, Item] :
forall (X : Key) (V : Item) L R,
replaceScopes X V L R -> lookupScopes X R V. [Show Proof]
Theorem replaceRecVal_lookup : forall L F V R,
replaceRecVal F V L R -> lookup R F V. [Show Proof]
Theorem replaceRecVal_lookup_other : forall L F V R F' V',
replaceRecVal F V L R -> lookup L F' V' -> (F = F' -> false) ->
lookup R F' V'. [Show Proof]
Theorem replaceRecVal_twice : forall A B C F V1 V2,
replaceRecVal F V1 A B -> replaceRecVal F V2 B C ->
replaceRecVal F V2 A C. [Show Proof]
Theorem eval_update_loop2 :
forall (Hold SaveI SaveE Copy L : string) V HFs HoldL LVal G FE,
listy HoldL ->
is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
is_list (is_list (is_pair is_string is_value))
([(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::G) ->
lookup HFs "tail" HoldL -> lookup HFs "null" falseVal ->
(Hold = SaveI -> false) -> (Hold = L -> false) ->
(SaveI = SaveE -> false) -> (SaveI = L -> false) ->
(Hold = SaveE -> false) -> (SaveE = L -> false) ->
(Copy = Hold -> false) -> (Copy = L -> false) ->
(SaveI = Copy -> false) -> (SaveE = Copy -> false) ->
lookupScopes L ([(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G) LVal ->
exists G' LV HFs',
<evalStmt {P}> FE
([(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::G)
(while (not (null (name Hold)))
(seq (declare intTy Copy (name Hold))
(seq (recUpdate Copy ["tail"] (name L))
(seq (assign L (name Copy))
(assign Hold (tail (name Hold)))))))
([(Hold, recVal HFs'), (SaveI, intVal 0),
(SaveE, V)]::G') [] /\
lookup HFs' "null" trueVal /\
replaceScopes L LV G G' /\
flipOnto (recVal HFs) LVal LV. [Show Proof]
induction on 1. intros ListyH IsFE IsCtx LkpTl LkpNl NEqHI NEqHL NEqIE
NEqIL NEqHE NEqEL NEqCH NEqCL NEqIC NEqEC LS.
NamesCtx: apply names_exists to IsCtx. rename N to Names.
ListyH: case ListyH.
EvCondA: assert <evalExpr {P}>
FE ([]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::G)
(not (null (name Hold))) trueVal
([]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::G) [].
unfold. unfold.
exists Names, recFieldAccess (name Hold) "null", falseVal,
[]::[(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::G,
[], HFs. search.
EvBody1: assert <evalStmt {P}> FE
([]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::G)
(declare intTy Copy (name Hold))
([(Copy, recVal HFs)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G) [].
RRVCopy: apply lookup_replaceRecVal_exists to LkpTl with V' = LVal.
EvBody2: assert <evalStmt {P}> FE
([(Copy, recVal HFs)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G)
(recUpdate Copy ["tail"] (name L))
([(Copy, recVal R)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G) [].
apply lookupScopes_is to _ LS.
RS: apply lookupScopes_replaceScopes_exists to _ _ LS with
V' = recVal R.
EvBody3: assert <evalStmt {P}> FE
([(Copy, recVal R)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G)
(assign L (name Copy))
([(Copy, recVal R)]::R1) [].
Eq: assert exists R',
R1 = [(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::R'.
RS: case RS.
M: case RS. apply NEqHL to _. M: case M. apply NEqIL to _.
M: case M. apply NEqEL to _. case M.
search.
case Eq. Is: case IsCtx. Is: case Is. Is: case Is. case Is3.
apply replaceRecVal_is to _ _ RRVCopy.
Is+: apply replaceScopes_is to _ _ RS. apply names_exists to Is+.
EvBody4: assert <evalStmt {P}> FE
([(Copy, recVal R)]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::R')
(assign Hold (tail (name Hold)))
([(Copy, recVal R)]::[(Hold, recVal Fields),
(SaveI, intVal 0), (SaveE, V)]::R') [].
unfold. exists recVal Fields,
[(Copy, recVal R)]::[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::R'. split.
unfold. exists Copy::N, recFieldAccess (name Hold) "tail",
recVal Fields,
[(Copy, recVal R)]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::R', [],
HFs. split.
search.
search.
search.
search.
search.
unfold. search.
unfold. exists recVal HFs. split. search.
unfold. unfold. intros E. case E. backchain NEqHI.
unfold. intros E. case E. backchain NEqHE. search.
IsV: apply lookup_is_value to _ LkpTl. case IsV.
case Is+.
apply names_exists to _ with
L = [(Hold, recVal Fields), (SaveI, intVal 0), (SaveE, V)]::R'.
EvCond2: assert <evalExpr {P}> FE
([(Hold, recVal Fields), (SaveI, intVal 0),
(SaveE, V)]::R')
(not (null (name Hold))) falseVal
([(Hold, recVal Fields), (SaveI, intVal 0),
(SaveE, V)]::R') [].
unfold. unfold. exists N1, recFieldAccess (name Hold) "null",
trueVal, [(Hold, recVal Fields),
(SaveI, intVal 0), (SaveE, V)]::R', [],
Fields. split.
search.
search.
search.
search.
search.
exists R', recVal R, Fields. split.
search 7.
search.
RS: case RS.
apply NEqHL to _.
search.
search.
EvCondA: assert <evalExpr {P}>
FE ([]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::G)
(not (null (name Hold))) trueVal
([]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::G) [].
unfold. unfold.
exists Names, recFieldAccess (name Hold) "null", falseVal,
[]::[(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::G,
[], HFs. search.
EvBody1: assert <evalStmt {P}> FE
([]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::G)
(declare intTy Copy (name Hold))
([(Copy, recVal HFs)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G) [].
RRVCopy: apply lookup_replaceRecVal_exists to LkpTl with V' = LVal.
EvBody2: assert <evalStmt {P}> FE
([(Copy, recVal HFs)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G)
(recUpdate Copy ["tail"] (name L))
([(Copy, recVal R)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G) [].
apply lookupScopes_is to _ LS.
RS: apply lookupScopes_replaceScopes_exists to _ _ LS with
V' = recVal R.
EvBody3: assert <evalStmt {P}> FE
([(Copy, recVal R)]::
[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::G)
(assign L (name Copy))
([(Copy, recVal R)]::R1) [].
Eq: assert exists R',
R1 = [(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::R'.
RS: case RS.
M: case RS. apply NEqHL to _. M: case M. apply NEqIL to _.
M: case M. apply NEqEL to _. case M.
search.
case Eq. Is: case IsCtx. Is: case Is. Is: case Is. case Is3.
apply replaceRecVal_is to _ _ RRVCopy.
Is+: apply replaceScopes_is to _ _ RS. apply names_exists to Is+.
EvBody4: assert <evalStmt {P}> FE
([(Copy, recVal R)]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::R')
(assign Hold (tail (name Hold)))
([(Copy, recVal R)]::[(Hold, recVal Fields),
(SaveI, intVal 0), (SaveE, V)]::R') [].
unfold. exists recVal Fields,
[(Copy, recVal R)]::[(Hold, recVal HFs), (SaveI, intVal 0),
(SaveE, V)]::R'. split.
unfold. exists Copy::N, recFieldAccess (name Hold) "tail",
recVal Fields,
[(Copy, recVal R)]::[(Hold, recVal HFs),
(SaveI, intVal 0), (SaveE, V)]::R', [],
HFs. split.
search.
search.
search.
search.
search.
unfold. search.
unfold. exists recVal HFs. split. search.
unfold. unfold. intros E. case E. backchain NEqHI.
unfold. intros E. case E. backchain NEqHE. search.
IsV: apply lookup_is_value to _ LkpTl. case IsV.
case Is+. LS': apply replaceScopes_lookupScopes to RS.
LS'': assert lookupScopes L ([(Hold, recVal Fields),
(SaveI, intVal 0), (SaveE, V)]::R') (recVal R).
LS': case LS'.
L: case LS'. apply NEqHL to _. L': case L1. L'': case L'1.
apply NEqEL to _. case L''1.
search.
Sub: apply IH to ListyH2 IsFE _ ListyH1 ListyH NEqHI NEqHL
NEqIE NEqIL NEqHE NEqEL NEqCH NEqCL NEqIC NEqEC LS''.
exists G', LV, HFs'. split.
search 20.
search.
RS: case RS.
apply NEqHL to _.
apply replaceScopes_twice to RS1 Sub2. search.
search.
Theorem proj_listUpdate_eval :
forall OldL I (Hold SaveI SaveE Copy L : string) HoldL V NewL G FE,
updateListIndex OldL I V NewL ->
(Hold = SaveI -> false) -> (Hold = L -> false) ->
(SaveI = SaveE -> false) -> (SaveI = L -> false) ->
(Hold = SaveE -> false) -> (SaveE = L -> false) ->
(Copy = Hold -> false) -> (Copy = L -> false) ->
(SaveI = Copy -> false) -> (SaveE = Copy -> false) ->
listy HoldL ->
I >= 0 ->
is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
is_list (is_list (is_pair is_string is_value))
([(Hold, HoldL), (SaveI, intVal I), (SaveE, V)]::G) ->
is_string Copy ->
lookupScopes L ([(Hold, HoldL), (SaveI, intVal I), (SaveE, V)]::G)
OldL ->
exists G' LV HFs,
<evalStmt {P}> FE
([(Hold, HoldL), (SaveI, intVal I), (SaveE, V)]::G)
(seq (while (exactEval:host:and (not (eq (name SaveI) (num 0)))
(not (null (name L))))
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name L))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign L (tail (name L))))))))
(seq (ifThenElse (null (name L))
(declare intTy Copy
(errorExpr (stringLit "Invalid update") intTy))
noop)
(seq (recUpdate L ["head"] (name SaveE))
(while (not (null (name Hold)))
(seq (declare intTy Copy (name Hold))
(seq (recUpdate Copy ["tail"] (name L))
(seq (assign L (name Copy))
(assign Hold (tail (name Hold))))))))))
([(Hold, recVal HFs), (SaveI, intVal 0), (SaveE, V)]::G') [] /\
lookup HFs "null" trueVal /\
replaceScopes L LV G G' /\
flipOnto HoldL NewL LV. [Show Proof]
induction on 1. intros ULI NEqHI NEqHL NEqIE NEqIL NEqHE NEqEL NEqCH
NEqCL NEqIC NEqEC ListyH GEqI0 IsFE Is+ IsC LS.
ULI: case ULI.
EvLoop1:
assert <evalStmt {P}> FE
([(Hold, HoldL), (SaveI, intVal 0),
(SaveE, V)]::G)
(while (exactEval:host:and
(not (eq (name SaveI) (num 0)))
(not (null (name L))))
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name L))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign L (tail (name L))))))))
([(Hold, HoldL), (SaveI, intVal 0),
(SaveE, V)]::G) []. search 10.
EvCheck:
assert <evalStmt {P}> FE
([(Hold, HoldL), (SaveI, intVal 0),
(SaveE, V)]::G)
(ifThenElse (null (name L))
(declare intTy Copy
(errorExpr (stringLit "Invalid update") intTy))
noop)
([(Hold, HoldL), (SaveI, intVal 0),
(SaveE, V)]::G) [].
Names: apply names_exists to Is+. search 10.
EvMid: assert exists G',
<evalStmt {P}> FE
([(Hold, HoldL), (SaveI, intVal 0),
(SaveE, V)]::G)
(recUpdate L ["head"] (name SaveE))
([(Hold, HoldL), (SaveI, intVal 0),
(SaveE, V)]::G') [] /\
replaceScopes L (recVal NewFields) G G'.
IsL: apply lookupScopes_is to _ LS.
RS: apply lookupScopes_replaceScopes_exists to _ _ LS with
V' = recVal NewFields. RS: case RS (keep).
M: case RS1. apply NEqHL to _. M: case M. apply NEqIL to _.
M: case M. apply NEqEL to _. case M.
search 20.
EvMid: case EvMid.
ListyH': case ListyH (keep).
exists G', recVal NewFields, Fields1. split.
unfold. exists ([(Hold, recVal Fields1),
(SaveI, intVal 0), (SaveE, V)]::G),
[], []. split.
search.
unfold. exists [(Hold, recVal Fields1),
(SaveI, intVal 0), (SaveE, V)]::G, [], [].
split.
search.
unfold. exists [(Hold, recVal Fields1),
(SaveI, intVal 0), (SaveE, V)]::G', [], [].
split.
search.
IsLV: apply lookupScopes_is to _ LS. case IsLV.
Is: case Is+. Is: case Is. Is: case Is2.
Is: case Is3. case Is3.
apply replaceRecVal_is to _ _ ULI1.
IsG': apply replaceScopes_is to _ _ EvMid1.
apply names_exists to IsG'.
assert (Hold::SaveI::SaveE::N) |{expr}-
null (name Hold) ~~>
recFieldAccess (name Hold) "null".
search 20.
search.
search.
search.
search.
search.
search.
LS': assert lookupScopes L ([(Hold, recVal Fields1),
(SaveI, intVal 0), (SaveE, V)]::G')
(recVal NewFields).
apply replaceScopes_lookupScopes_same to EvMid1. search.
IsL: apply lookupScopes_is to _ LS.
Is: case Is+. Is: case Is. Is: case Is2. Is: case Is3.
Is: case Is3. EvMid': apply drop_proj_rel_evalStmt to EvMid.
apply lookupScopes_is to _ LS.
apply evalStmt_isCtx to _ _ _ EvMid'. search 10.
EvLoop2:
apply eval_update_loop2 to _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
with Hold = Hold, SaveI = SaveI, SaveE = SaveE, L = L,
V = V, HoldL = Tl, LVal = recVal NewFields,
G = G', FE = FE, Copy = Copy.
exists G'1, LV, HFs'. split.
unfold. exists ([(Hold, recVal Fields1), (SaveI, intVal 0),
(SaveE, V)]::G), [], []. split.
search.
unfold. exists [(Hold, recVal Fields1), (SaveI, intVal 0),
(SaveE, V)]::G, [], []. split.
search.
unfold. exists [(Hold, recVal Fields1),
(SaveI, intVal 0), (SaveE, V)]::G',
[], []. split.
search.
search.
search.
search.
search.
search.
apply replaceScopes_twice to EvMid1 EvLoop4. search.
search.
GEqI1: apply updateListIndex_pos to ULI3.
EvCond1: assert <evalExpr {P}> FE
([(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G)
(not (eq (name SaveI) (num 0))) trueVal
([(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G) [].
unfold. unfold.
exists intVal I, [(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G, [], intVal 0, []. split.
search.
search.
Or: apply greatereq_integer_greater_or_eq to GEqI0.
C: case Or.
intros E. case E. apply greater_integer_not_eq to C.
compute ULI1. LEq: case GEqI1. case LEq.
search.
EvCond2: assert <evalExpr {P}> FE
([(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G)
(not (null (name L))) trueVal
([(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G) [].
apply names_exists to Is+. search.
EvCond: assert <evalExpr {P}> FE
([(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G)
(exactEval:host:and
(not (eq (name SaveI) (num 0)))
(not (null (name L)))) trueVal
([(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G) [].
EvBodyA: assert
<evalStmt {P}> FE
([]::[(Hold, HoldL), (SaveI, intVal I),
(SaveE, V)]::G)
(assign SaveI (minus (name SaveI) (num 1)))
([]::[(SaveI, intVal I1), (Hold, HoldL),
(SaveE, V)]::G) [].
unfold. exists intVal I1,
[]::[(Hold, HoldL), (SaveI, intVal I), (SaveE, V)]::G.
split.
search 20.
assert SaveE = SaveI -> false.
intros E. case E. backchain NEqIE.
search 20.
EvBodyB: assert
<evalStmt {P}> FE
([]::[(SaveI, intVal I1), (Hold, HoldL),
(SaveE, V)]::G)
(declare intTy Copy (name L))
([(Copy, recVal Fields)]::[(SaveI, intVal I1),
(Hold, HoldL), (SaveE, V)]::G) [].
unfold. unfold. LS: case LS.
L: case LS. apply NEqHL to _. L': case L1. L'': case L'1.
apply NEqEL to _. case L''1.
search 10.
RRV: apply lookup_replaceRecVal_exists to ULI2 with V' = HoldL.
EvBodyC: assert
<evalStmt {P}> FE
([(Copy, recVal Fields)]::[(SaveI, intVal I1),
(Hold, HoldL), (SaveE, V)]::G)
(recUpdate Copy ["tail"] (name Hold))
([(Copy, recVal R)]::[(SaveI, intVal I1),
(Hold, HoldL), (SaveE, V)]::G) [].
unfold. exists HoldL,
[(Copy, recVal Fields)]::[(SaveI, intVal I1),
(Hold, HoldL), (SaveE, V)]::G, Fields, R. split.
assert SaveI = Hold -> false. intros E. case E. backchain NEqHI.
search.
search.
search.
search.
EvBodyD: assert
<evalStmt {P}> FE
([(Copy, recVal R)]::[(SaveI, intVal I1),
(Hold, HoldL), (SaveE, V)]::G)
(assign Hold (name Copy))
([(Copy, recVal R)]::[(Hold, recVal R),
(SaveI, intVal I1), (SaveE, V)]::G) [].
unfold. exists recVal R, [(Copy, recVal R)]::[(SaveI, intVal I1),
(Hold, HoldL), (SaveE, V)]::G. split.
search.
assert SaveI = Hold -> false.
intros E. case E. backchain NEqHI.
assert SaveE = Hold -> false.
intros E. case E. backchain NEqHE.
search 20.
LS': assert lookupScopes L G (recVal Fields).
LS: case LS.
L: case LS. apply NEqHL to _. L': case L1. L'': case L'1.
apply NEqEL to _. case L''1.
search.
apply lookupScopes_is to _ LS. Is: case Is+.
apply lookupScopes_replaceScopes_exists to _ _ LS' with V' = Tl.
EvBodyE: assert
<evalStmt {P}> FE
([(Copy, recVal R)]::[(Hold, recVal R),
(SaveI, intVal I1), (SaveE, V)]::G)
(assign L (tail (name L)))
([(Copy, recVal R)]::[(Hold, recVal R),
(SaveI, intVal I1), (SaveE, V)]::R1) [].
unfold. exists Tl, [(Copy, recVal R)]::[(Hold, recVal R),
(SaveI, intVal I1), (SaveE, V)]::G.
split.
apply names_exists to Is1. unfold.
exists Copy::Hold::SaveI::SaveE::N,
recFieldAccess (name L) "tail", Tl,
[(Copy, recVal R)]::[(Hold, recVal R),
(SaveI, intVal I1), (SaveE, V)]::G, [], Fields. split.
search 20.
search.
search 10.
search.
search 20.
search 20.
EvBody: assert
<evalStmt {P}> FE
([]::[(Hold, HoldL), (SaveI, intVal I), (SaveE, V)]::G)
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name L))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign L (tail (name L)))))))
([(Copy, recVal R)]::[(Hold, recVal R),
(SaveI, intVal I1), (SaveE, V)]::R1) [].
clear EvBodyA EvBodyB EvBodyC EvBodyD EvBodyE.
ListyH': assert listy (recVal R).
apply replaceRecVal_lookup to RRV.
apply replaceRecVal_lookup_other to RRV ULI _. search.
Is: case Is. Is: case Is2. Is: case Is2. case Is4.
apply minus_integer_is_integer to _ _ ULI1.
EvBody': apply drop_proj_rel_evalStmt to EvBody.
case Is. Is: case Is3. case Is.
IsR1+: apply evalStmt_isCtx to _ _ _ EvBody'. search 10. search 20.
assert lookupScopes L ([(Hold, recVal R), (SaveI, intVal I1),
(SaveE, V)]::R1) Tl.
apply replaceScopes_lookupScopes_same to H3. search.
case IsR1+.
Sub: apply IH to ULI3 NEqHI NEqHL NEqIE NEqIL NEqHE NEqEL NEqCH
NEqCL NEqIC NEqEC ListyH' _ IsFE _ IsC _.
EvSub: case Sub.
case EvSub2.
EvLoop1: assert
<evalStmt {P}> FE
([(Hold, HoldL), (SaveI, intVal I), (SaveE, V)]::G)
(while (exactEval:host:and
(not (eq (name SaveI) (num 0)))
(not (null (name L))))
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name L))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign L (tail (name L)))))))) EE1 [].
exists G', LV, HFs. split.
search.
search.
apply replaceScopes_twice to H3 Sub2. search.
FO: case Sub3.
L: apply replaceRecVal_lookup_other to RRV ULI _.
apply lookup_unique to FO L.
L: apply replaceRecVal_lookup to RRV.
apply lookup_unique to FO1 L.
RRV': apply replaceRecVal_twice to RRV FO2.
apply replaceRecVal_unique to RRV' ULI4. search.
Theorem replaceScopes_lookupScopes_other[Key, Item] :
forall (X : Key) (XV : Item) L R Y YV,
replaceScopes X XV L R -> lookupScopes Y L YV ->
(X = Y -> false) -> lookupScopes Y R YV. [Show Proof]
Theorem eval_update_loop2_listy :
forall (Hold Copy L : string) FE G G' O LVal HVal,
evalStmt FE G
(while (not (null (name Hold)))
(seq (declare intTy Copy (name Hold))
(seq (recUpdate Copy ["tail"] (name L))
(seq (assign L (name Copy))
(assign Hold (tail (name Hold)))))))
G' O ->
(Hold = L -> false) -> (Copy = Hold -> false) ->
(Copy = L -> false) ->
lookupScopes L G LVal ->
lookupScopes Hold G HVal ->
exists LV, listy HVal /\ flipOnto HVal LVal LV. [Show Proof]
Theorem replaceRecVal_other_val : forall F VA L R VB,
replaceRecVal F VA L R -> exists R', replaceRecVal F VB L R'. [Show Proof]
Theorem proj_eval_listUpdate :
forall OldL VI (Hold SaveI SaveE Copy L : string) HoldL V G FE G1 O1
G2 O2,
(Hold = SaveI -> false) -> (Hold = L -> false) ->
(SaveI = SaveE -> false) -> (SaveI = L -> false) ->
(Hold = SaveE -> false) -> (SaveE = L -> false) ->
(Copy = Hold -> false) -> (Copy = L -> false) ->
(SaveI = Copy -> false) -> (SaveE = Copy -> false) ->
is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
is_list (is_list (is_pair is_string is_value))
([(Hold, HoldL), (SaveI, VI), (SaveE, V)]::G) ->
is_string Copy ->
lookupScopes L G OldL ->
evalStmt FE
([(Hold, HoldL), (SaveI, VI), (SaveE, V)]::G)
(while (exactEval:host:and (not (eq (name SaveI) (num 0)))
(not (null (name L))))
(seq (assign SaveI (minus (name SaveI) (num 1)))
(seq (declare intTy Copy (name L))
(seq (recUpdate Copy ["tail"] (name Hold))
(seq (assign Hold (name Copy))
(assign L (tail (name L)))))))) G1 O1 ->
evalExpr FE G1 (null (name L)) falseVal G1 [] ->
evalStmt FE G1 (recUpdate L ["head"] (name SaveE)) G2 O2 ->
exists I NewL, VI = intVal I /\ updateListIndex OldL I V NewL. [Show Proof]
induction on 15. intros NEqHI NEqHL NEqIE NEqIL NEqHE NEqEL NEqCH
NEqCL NEqIC NEqEC IsFE IsG+ IsCopy LS EvW EvNL EvA. EvW: case EvW.
Is: case IsG+ (keep). Is: case Is. case Is. Is: case Is2.
Is: case Is. Is: case Is2. case Is2. case Is4.
apply lookupScopes_is to _ LS. apply evalExpr_isCtx to _ _ _ EvW.
Is++: apply evalStmt_isCtx to _ _ _ EvW1. search 20.
EvC: case EvW. clear EvC2. EvC: case EvC. EvC: case EvC. case EvC2.
clear EvC4. LC: case EvC. Eq: assert V1 = VI.
LS: case LC.
L: case LS1. apply NEqHI to _. L: case L1. search. L: case L2.
apply L1 to _. case L3.
N: case LS1. N: case N1. apply N1 to _.
case Eq. clear LC EvC3 EvW4 EvW3. EvC: case EvC1. EvC: case EvC.
LC: case EvC. Eq: assert OldL = recVal Fields.
L: case LC.
L: case L. apply NEqHL to _. L: case L1. apply NEqIL to _.
L: case L2. apply NEqEL to _. case L3.
apply lookupScopes_unique to LS L1. search.
case Eq. clear LC. EvB: case EvW1. EvB: case EvB1.
EvB: case EvB3. EvB: case EvB5. clear EvB8 EvB4 EvB2 EvB6.
EvX: case EvB. EvX: case EvX. LI: case EvX. clear EvX4.
Eq: assert VI = intVal I1.
LS: case LI.
case LS1.
LS': case LS2.
L: case LS'. apply NEqHI to _. L: case L1. search.
L: case L2. apply L1 to _. case L3.
N: case LS'. N: case N1. apply N1 to _.
case Eq. clear LI. case EvX2. rename EvX3 to Minus.
Eq: assert EE5 = []::[(SaveI, intVal I), (Hold, HoldL),
(SaveE, V)]::G.
RS: case EvX1.
case RS.
RS': case RS1.
RA: case RS'1. apply NEqHI to _. RA: case RA1.
RA: case RA1. apply NEqIE to _. case RA2. search.
apply RA1 to _.
N: case RS'. N: case N1. apply N1 to _.
case Eq. clear EvX1. EvX: case EvB1.
Eq: assert V4 = recVal Fields /\ Scope1 = [] /\
EE11 = [(SaveI, intVal I), (Hold, HoldL), (SaveE, V)]::G.
L: case EvX. L: case L.
case L.
L: case L1.
L: case L1. apply NEqIL to _. L: case L2. apply NEqHL to _.
L: case L3. apply NEqEL to _. case L4.
apply lookupScopes_unique to L2 LS. search.
case Eq. clear EvX. EvRC: case EvB3.
Eq: assert Fields = FieldVals.
L: case EvRC1.
L: case L. search. case L1.
N: case L. apply N to _.
case Eq. clear EvRC1.
Eq: assert V5 = HoldL /\
EE12 = [(Copy, recVal FieldVals)]::[(SaveI, intVal I),
(Hold, HoldL), (SaveE, V)]::G.
EvH: case EvRC. L: case EvH.
L: case L. apply NEqCH to _. case L1.
L: case L1.
L: case L1. apply NEqHI to _. L: case L2. search.
apply L2 to _.
N: case L1. N: case N1. apply N1 to _.
case Eq. clear EvRC.
Eq: assert EE7 = [(Copy, recVal NewVals)]::[(SaveI, intVal I),
(Hold, HoldL), (SaveE, V)]::G.
RS: case EvRC3.
RA: case RS1. case RA. search. apply RA to _.
N: case RS. apply N to _.
case Eq. clear EvRC3. EvHC: case EvB5.
Eq: assert V6 = recVal NewVals /\
EE13 = [(Copy, recVal NewVals)]::[(SaveI, intVal I),
(Hold, HoldL), (SaveE, V)]::G.
E: case EvHC. L: case E.
L: case L. search. apply L to _.
N: case L. apply N to _.
case Eq. clear EvHC.
Eq: assert EE8 = [(Copy, recVal NewVals)]::[(Hold, recVal NewVals),
(SaveI, intVal I), (SaveE, V)]::G.
RS: case EvHC1.
M: case RS. apply NEqCH to _. case M.
RS: case RS1.
RA: case RS2. apply NEqHI to _. RA: case RA1.
RA: case RA1. apply NEqHE to _. case RA2. search.
apply RA1 to _.
N: case RS1. N: case N1. apply N1 to _.
case Eq. clear EvHC1. EvB: case EvB7. Ev: case EvB. LSL: case Ev.
Eq: assert Fields1 = FieldVals.
LSL: case LSL.
L: case LSL. apply NEqCL to _. case L1.
LS': case LSL1.
L: case LS'. apply NEqHL to _. L: case L1. L: case L2.
apply NEqEL to _. case L3.
apply lookupScopes_unique to LS'1 LS. search.
case Eq. clear LSL.
Eq: assert exists G', Scope = [(Copy, recVal NewVals)] /\
EE2 = [(Hold, recVal NewVals), (SaveI, intVal I),
(SaveE, V)]::G' /\ lookupScopes L G' V7.
RS: case EvB1.
M: case RS. apply NEqCL to _. case M.
RS: case RS1.
M: case RS1. apply NEqHL to _. M: case M. apply NEqIL to _.
M: case M. apply NEqEL to _. case M.
apply replaceScopes_lookupScopes to RS2. search.
LS': case Eq. clear EvB1. case Is++.
ULI: apply IH to NEqHI NEqHL NEqIE NEqIL NEqHE NEqEL NEqCH NEqCL
NEqIC NEqEC IsFE _ IsCopy LS' EvW2 _ EvA.
RRV: assert replaceRecVal "tail" HoldL FieldVals NewVals.
RRV: case EvRC2.
search.
case RRV1.
RRV': apply replaceRecVal_other_val to RRV with VB = NewL. search.
Eq: assert VI = intVal 0 /\
G1 = [(Hold, HoldL), (SaveI, intVal 0), (SaveE, V)]::G.
EvC: case EvW.
EvC: case EvC. EvC: case EvC. case EvC1. L: case EvC.
L: case L.
L: case L. apply NEqHI to _. L: case L1. search.
apply L1 to _.
N: case L. N: case N1. apply N1 to _.
EvN: case EvC. EvN: case EvN. case EvN1. case EvN.
EvL: case EvC1. EvL: case EvL (keep). case EvL1.
case IsG+. apply lookupScopes_is to _ LS.
apply evalExpr_unique to _ _ _ EvNL EvL.
case Eq. clear EvW. EvA: case EvA. LL: case EvA.
Eq: assert V1 = V.
LL: case LL.
L: case LL. apply NEqHE to _. L: case L1. apply NEqIE to _.
L: case L2. search. case L3.
N: case LL. N: case N1. N: case N2. apply N2 to _.
case Eq. clear LL.
Eq: assert OldL = recVal FieldVals.
L: case EvA1.
L: case L. apply NEqHL to _. L: case L1. L: case L2.
apply NEqEL to _. case L3.
apply lookupScopes_unique to LS L1. search.
case Eq. clear EvA1. Is: case IsG+. apply lookupScopes_is to _ LS.
apply lookupScopes_replaceScopes_exists to _ _ LS with
V' = recVal NewVals.
Eq: assert G2 = [(Hold, HoldL), (SaveI, intVal 0), (SaveE, V)]::R.
RS: case EvA3.
M: case RS. apply NEqHL to _. M: case M. apply NEqIL to _.
M: case M. apply NEqEL to _. case M.
apply replaceScopes_unique to RS1 _. search.
case Eq.
assert replaceRecVal "head" V FieldVals NewVals.
RRV: case EvA2. search. case RRV1.
EvNL: case EvNL. EvNL: case EvNL. L: case EvNL.
L: case L. apply NEqHL to _. L: case L1. L: case L2.
apply NEqEL to _. case L3.
apply lookupScopes_unique to L1 LS. search.
Prove_Constraint exactEval:host:proj_evalExpr_forward. [Show Proof]
case Ev. apply scopes_same_reflexive to IsEE. search.
Ev: case Ev. case IsE. apply evalExpr_isCtx to _ _ _ Ev.
IsEE': apply evalExpr_isCtx to _ _ _ Ev1.
apply scopes_same_reflexive to IsEE'. exists EE'. split.
unfold. unfold. exists EE, [], O. split.
search.
unfold. exists EE3, O2, O3. split.
search.
unfold. exists EE', O3, []. split.
search.
search.
IsO3: apply evalExpr_isOutput to _ _ _ Ev1.
apply is_list_values_append_nil to IsO3. search.
search.
search.
search.
Ev: case Ev. case IsE. IsEE': apply evalExpr_isCtx to _ _ _ Ev.
apply scopes_same_reflexive to IsEE'. search.
Ev: case Ev. case IsE. IsEE': apply evalExpr_isCtx to _ _ _ Ev.
apply scopes_same_reflexive to IsEE'. search.
Ev: case Ev. case IsE. IsEE': apply evalExpr_isCtx to _ _ _ Ev.
apply scopes_same_reflexive to IsEE'. search.
case IsE. Ev: case Ev.
apply evalExpr_isCtx to _ _ _ Ev.
IsIdx+: apply evalExpr_isValue to _ _ _ Ev1. case IsIdx+.
Len: apply length_exists_list_pair_string_value to IsEE.
rename N to LengthEE.
NNS_L: assert newNameScopes [[]] LengthEE ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
Ev_L: apply evalExpr_newNameScopes_exists to _ _ _ _ Ev NNS_L.
NNS_L': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev_L Ev NNS_L.
LenEE3: apply evalExpr_keep_scopes to _ _ _ Ev Len.
Eq: assert EE_A' = []::EE3.
NNS': case NNS_L'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P.
L: case G. case L.
LenBR: case LenEE3. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
Ev_DL: assert evalStmt FE ([]::EE) (declare intTy SaveL Lst)
([(SaveL, LV)]::EE3) O2.
IsEE3: apply evalExpr_isCtx to _ _ _ Ev.
apply evalExpr_isValue to _ _ _ Ev.
apply fresh_name_is to _ Pr1. apply fresh_name_is to _ Pr2.
NamesEE3: apply names_exists to IsEE3.
NNS_I: assert newNameScopes [[(SaveL, LV)]] LengthEE
([(SaveL, LV)]::EE3) EE3.
unfold. exists 1, [SaveL], N. split. search. search. search.
search.
search.
intros ML MN. ML: case ML.
NS: apply evalExpr_names_same to _ _ _ Ev.
NS': apply names_same_symmetric to NS.
MNames: apply names_same_names to _ NamesEE3 Names MN.
apply fresh_name_not_mem to Pr2 MNames.
case ML.
Ev_I: apply evalExpr_newNameScopes_exists to _ _ _ _ Ev1 NNS_I.
NNS_If: apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev_I Ev1 NNS_I.
LenEE': apply evalExpr_keep_scopes to _ _ _ Ev1 LenEE3.
Eq: assert EE_A'1 = [(SaveL, LV)]::EE'.
NNS': case NNS_If.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P.
L: case G. case L.
LenBR: case LenEE'. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
Ev_DI: assert evalStmt FE ([(SaveL, LV)]::EE3)
(declare intTy SaveI Index)
([(SaveI, intVal Idx), (SaveL, LV)]::EE') O3.
GEq: apply listIndex_geq_0 to _ Ev2. case GEq.
Ev_C: assert evalExpr FE ([(SaveI, intVal Idx), (SaveL, LV)]::EE')
(greater (num 0) (name SaveI)) falseVal
([(SaveI, intVal Idx), (SaveL, LV)]::EE') [].
EvIf : assert evalStmt FE ([(SaveI, intVal Idx), (SaveL, LV)]::EE')
(ifThenElse (greater (num 0) (name SaveI))
(printVal (errorExpr (stringLit "Die") intTy))
noop) ([(SaveI, intVal Idx), (SaveL, LV)]::EE') [].
NEq: assert SaveL = SaveI -> false.
intros E. case E. AppI: apply fresh_name_start to _ Pr1.
AppL: apply fresh_name_start to _ Pr2. case AppI. case AppL.
EvWhile: apply index_to_while to Ev2 NEq _ with Ctx = EE', FE = FE.
Ev_W: apply drop_ext_size_evalStmt to EvWhile.
assert SaveI = SaveL -> false. intros E. case E. backchain NEq.
assert lookupScopes SaveL
([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE')
(recVal Fields).
assert evalExpr FE ([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE')
(recFieldAccess (name SaveL) "head") V
([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE') [].
exists EE'. split.
IsO2: apply evalExpr_isOutput to _ _ _ Ev.
IsO3: apply evalExpr_isOutput to _ _ _ Ev1.
IsO: apply append_values_is to _ _ Ev3.
apply is_list_values_append_nil to IsO3. unfold.
exists ([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE'),
O, [(SaveI, intVal 0), (SaveL, recVal Fields)], []. split.
search.
search.
backchain is_list_values_append_nil.
apply evalStmt_isCtx to _ _ _ Ev_DL.
apply evalStmt_isCtx to _ _ _ Ev_DI.
IsEE'+: apply evalStmt_isCtx to _ _ _ Ev_W. search 20.
case IsEE'+. backchain scopes_same_reflexive.
case IsE. Ev: case Ev.
LenEE: apply length_exists_list_pair_string_value to IsEE.
NNS: assert newNameScopes [[]] N ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
Ev_L: apply evalExpr_newNameScopes_exists to _ _ _ _ Ev NNS.
NNS_L: apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev_L Ev NNS.
LenEE': apply evalExpr_keep_scopes to _ _ _ Ev LenEE.
Eq: assert EE_A' = []::EE'.
NNS': case NNS_L.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P.
L: case G. case L.
LenBR: case LenEE'. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq. Ev_DL: assert evalStmt FE ([]::EE) (declare intTy SaveL E1)
([(SaveL, V1)]::EE') O.
Ev_DLen: assert evalStmt FE ([(SaveL, V1)]::EE')
(declare intTy Len (num 0))
([(Len, intVal 0), (SaveL, V1)]::EE') [].
IsO: apply evalExpr_isOutput to _ _ _ Ev.
apply evalExpr_isValue to _ _ _ Ev. apply listLength_is to _ Ev1.
NEq: assert SaveL = Len -> false.
intros E. case E. AppLen: apply fresh_name_start to _ Pr2.
FrL: case Pr1.
App: case AppLen. case App.
AppL: case FrL1. case AppL.
AppL: apply fresh_name_start to _ FrL2. AppL: case AppL.
case AppL. AppLen: case AppLen. case AppLen.
P: assert 0 + I = I. P': apply plus_integer_comm to _ _ P.
Ev_W_ES: apply length_to_while to Ev1 NEq P' _ _ with
FE = FE, Ctx = EE'.
Ev_W: apply drop_ext_size_evalStmt to Ev_W_ES.
LS: assert lookupScopes Len
([(Len, intVal I), (SaveL, recVal Fields)]::EE')
(intVal I).
Ev_N: assert evalExpr FE
([(Len, intVal I), (SaveL, recVal Fields)]::EE')
(name Len) (intVal I)
([(Len, intVal I), (SaveL, recVal Fields)]::EE') [].
exists EE'. split.
apply is_list_values_append_nil to IsO. search.
apply evalExpr_isCtx to _ _ _ Ev.
backchain scopes_same_reflexive.
Prove_Constraint exactEval:host:proj_evalExpr_backward. [Show Proof]
Ev: case Ev. Ev: case Ev. case Ev. case Ev1. case Ev2.
apply scopes_same_reflexive to IsEE. search.
Ev: case Ev. Ev: case Ev. case Ev. Ev: case Ev1. Ev: case Ev1.
case Ev4. case Ev2. apply append_nil_right to Ev5. case IsE.
EN: case EN. case EN2. apply evalExpr_isCtx to _ _ _ Ev.
IsEE': apply evalExpr_isCtx to _ _ _ Ev1.
apply scopes_same_reflexive to IsEE'. search.
Ev: case Ev. case IsE. IsEE': apply evalExpr_isCtx to _ _ _ Ev.
apply scopes_same_reflexive to IsEE'. search.
Ev: case Ev. case IsE. IsEE': apply evalExpr_isCtx to _ _ _ Ev.
apply scopes_same_reflexive to IsEE'. search.
Ev: case Ev. case IsE. IsEE': apply evalExpr_isCtx to _ _ _ Ev.
apply scopes_same_reflexive to IsEE'. search.
case IsE. EN: case EN. case EN2. Ev: case Ev. Ev: case Ev.
Ev: case Ev3. Ev: case Ev. Ev: case Ev3. Ev: case Ev1.
Ev: case Ev1. Ev: case Ev5.
Len: apply length_exists_list_pair_string_value to IsEE.
rename N to LengthEE.
NNS_L: assert newNameScopes [[]] LengthEE ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
Ev_L: apply evalExpr_newNameScopes_exists_back to
_ _ _ _ _ _ EN Ev NNS_L.
NNS_L': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev Ev_L NNS_L.
IsLenEE: apply length_is to Len.
P: apply plus_integer_total to _ IsLenEE with N1 = 1.
LenEE+: assert length ([]::EE) N3.
Eq: assert EE_B' = EE5 /\ Scope1 = [].
NNS': case NNS_L'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P': assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P'.
L: case G. case L.
LenBR+: apply evalExpr_keep_scopes to _ _ _ Ev_L Len.
LenBR: case LenBR+. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
LenEE5: apply evalExpr_keep_scopes to _ _ _ Ev_L Len.
IsEE5: apply evalExpr_isCtx to _ _ _ Ev_L.
NamesEE5: apply names_exists to IsEE5.
NNS_I: assert newNameScopes [[(SaveL, V1)]] LengthEE
([(SaveL, V1)]::EE5) EE5.
unfold. exists 1, [SaveL], N. split. search. search. search.
search.
search.
intros ML MN. ML: case ML.
NS: apply evalExpr_names_same to _ _ _ Ev_L.
NS': apply names_same_symmetric to NS.
MNames: apply names_same_names to _ NamesEE5 Names MN.
apply fresh_name_not_mem to Pr2 MNames.
case ML.
apply evalExpr_ctx_names to _ _ _ _ _ EN Ev_L.
apply fresh_name_is to _ Pr1. apply fresh_name_is to _ Pr2.
apply evalExpr_isValue to _ _ _ Ev.
Ev_I: apply evalExpr_newNameScopes_exists_back to
_ _ _ _ _ _ EN1 Ev3 NNS_I.
NNS_I': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev3 Ev_I _.
Eq: assert Scope2 = [(SaveL, V1)] /\ EE_B'1 = EE6.
NNS': case NNS_I'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P': assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P'.
L: case G. case L.
LenBR+: apply evalExpr_keep_scopes to _ _ _ Ev_I LenEE5.
LenBR: case LenBR+. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
Eq: assert exists IV, V2 = intVal IV /\ IV >= 0 /\
EE4 = [(SaveI, V2), (SaveL, V1)]::EE6 /\ O7 = [].
EvIf: case Ev5.
EvP: case EvIf1. case EvP. case EvP. case EvP. case EvP.
case EvIf1. EvG: case EvIf. case EvG. case EvG3. LS: case EvG1.
case EvIf2. LS: case LS.
L: case LS.
search.
apply L to _.
NL: case LS. apply NL to _.
case Eq.
NEq: assert SaveL = SaveI -> false.
intros E. case E. AppI: apply fresh_name_start to _ Pr1.
AppL: apply fresh_name_start to _ Pr2. case AppI. case AppL.
case Ev9. IsI: apply evalExpr_isValue to _ _ _ Ev_I. case IsI.
apply while_to_index to Ev8 Ev1 Ev7 _ _ NEq.
apply append_nil_right to Ev2. apply append_nil_right to Ev6.
exists EE6. split.
search.
apply evalExpr_isCtx to _ _ _ Ev_I.
backchain scopes_same_reflexive.
case IsE. EN: case EN. Ev: case Ev. Ev: case Ev1.
apply append_nil_right to Ev2. clear Ev2. Ev: case Ev. Ev: case Ev.
Ev: case Ev2. Ev: case Ev2. case Ev2. case Ev5.
LenEE: apply length_exists_list_pair_string_value to IsEE.
NNS: assert newNameScopes [[]] N ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
Ev_E1: apply evalExpr_newNameScopes_exists_back to
_ _ _ _ _ _ EN Ev NNS.
NNS': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev Ev_E1 NNS.
LenEE_B': apply evalExpr_keep_scopes to _ _ _ Ev_E1 LenEE.
Eq: assert Scope1::EE6 = []::EE_B'.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P': assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P'.
L: case G. case L.
LenBR: case LenEE_B'. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
NEq: assert SaveL = Len -> false.
intros E. case E. AppLen: apply fresh_name_start to _ Pr2.
FrL: case Pr1.
App: case AppLen. case App.
AppL: case FrL1. case AppL.
AppL: apply fresh_name_start to _ FrL2. AppL: case AppL.
case AppL. AppLen: case AppLen. case AppLen.
LL: apply while_to_length to Ev4 Ev1 _ NEq.
P: apply plus_integer_comm to _ _ LL2. case P.
exists EE_B'. split.
apply append_nil_right to Ev3. search.
apply evalExpr_isCtx to _ _ _ Ev_E1.
backchain scopes_same_reflexive.
Theorem drop_one[A] : forall (L D : list A),
drop 1 L D -> exists S, L = S::D. [Show Proof]
Theorem eval_while_names_same : forall C B FE EE EE' O,
is_expr C -> is_stmt B ->
is_list (is_pair is_string (is_pair is_string
(is_pair is_value (is_pair (is_list is_string) is_stmt)))) FE ->
is_list (is_list (is_pair is_string is_value)) EE ->
evalStmt FE EE (while C B) EE' O ->
names_same EE EE'. [Show Proof]
Theorem names_lookupScopes : forall Ctx X Names,
is_list (is_list (is_pair is_string is_value)) Ctx ->
names Ctx Names -> mem X Names -> exists V, lookupScopes X Ctx V. [Show Proof]
Prove_Constraint exactEval:host:proj_evalStmt_forward. [Show Proof]
Is: case IsS. Ev: case Ev.
assert SaveE = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr3 _.
assert SaveI = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr1 _.
assert Hold = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr2 _.
assert Copy = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr4 _.
assert Hold = SaveE -> false.
intros E. case E. AppE: apply fresh_name_start to _ Pr3.
AppH: apply fresh_name_start to _ Pr2. search 6.
case AppE. case AppH.
assert Hold = SaveI -> false.
intros E. case E. AppI: apply fresh_name_start to _ Pr1.
AppH: apply fresh_name_start to _ Pr2. search 6.
case AppI. case AppH.
NEqIE: assert SaveI = SaveE -> false.
intros E. case E. AppI: apply fresh_name_start to _ Pr1.
AppE: apply fresh_name_start to _ Pr3. case AppI. case AppE.
assert Copy = Hold -> false.
intros E. case E. AppC: apply fresh_name_start to _ Pr4.
AppH: apply fresh_name_start to _ Pr2. search 6.
case AppC. case AppH.
assert SaveE = Copy -> false.
intros E. case E. AppC: apply fresh_name_start to _ Pr4.
AppE: apply fresh_name_start to _ Pr3. case AppC. case AppE.
assert SaveI = Copy -> false.
intros E. case E. AppC: apply fresh_name_start to _ Pr4.
AppI: apply fresh_name_start to _ Pr1. case AppC. case AppI.
LenEE: apply length_exists_list_pair_string_value to IsEE.
rename N1 to Len.
NNS: assert newNameScopes [[]] Len ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
EvI': apply evalExpr_newNameScopes_exists to _ _ _ _ Ev NNS.
NNS': apply evalExpr_newNameScopes_ctx to _ _ _ _ EvI' Ev _.
Eq: assert EE_A' = []::EE2.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take.
apply drop_one to NNS'1. search.
LenBR+: apply evalExpr_keep_scopes to _ _ _ Ev LenEE.
LenBR: case LenBR+. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS' LenBR.
apply less_lesseq_flip_false to L LEq.
case Eq.
EvAI: assert evalStmt FE ([]::EE) (declare intTy SaveI I)
([(SaveI, intVal N)]::EE2) O2.
apply fresh_name_is to _ Pr1. apply evalExpr_isValue to _ _ _ Ev.
IsEE2: apply evalExpr_isCtx to _ _ _ Ev.
Names2: apply names_exists to IsEE2.
NS: apply evalExpr_names_same to _ _ _ Ev.
Len2: apply evalExpr_keep_scopes to _ _ _ Ev LenEE.
NNS+: assert newNameScopes [[(SaveI, intVal N)]] Len
([(SaveI, intVal N)]::EE2) EE2.
unfold. exists 1, [SaveI], N1. split. search. search. search.
search. search.
intros M MX. M: case M. NS': apply names_same_symmetric to NS.
M': apply names_same_names to NS' Names2 Names MX.
apply fresh_name_not_mem to Pr1 _. case M.
EvE': apply evalExpr_newNameScopes_exists to _ _ _ _ Ev1 NNS+.
NNS'': apply evalExpr_newNameScopes_ctx to _ _ _ _ EvE' Ev1 _.
Len4: apply evalExpr_keep_scopes to _ _ _ Ev1 Len2.
Eq: assert EE_A'1 = [(SaveI, intVal N)]::EE4.
NN: case NNS''.
Take: case NN2. Take: case Take1. compute Take.
apply drop_one to NN1. search.
LenBR: case Len4. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NN LenBR.
apply less_lesseq_flip_false to L LEq.
case Eq.
EvAE: assert evalStmt FE ([(SaveI, intVal N)]::EE2)
(declare intTy SaveE E)
([(SaveE, V), (SaveI, intVal N)]::EE4) O3.
apply fresh_name_is to _ Pr3. apply evalExpr_isValue to _ _ _ Ev1.
IsEE4: apply evalExpr_isCtx to _ _ _ Ev1.
EvMI: assert evalStmt FE ([(SaveE, V), (SaveI, intVal N)]::EE4)
(assign SaveI (name SaveI))
([(SaveI, intVal N), (SaveE, V)]::EE4) [].
assert SaveE = SaveI -> false. intros E. case E. backchain NEqIE.
search.
EvH: assert evalStmt FE ([(SaveI, intVal N), (SaveE, V)]::EE4)
(declare intTy Hold (exactEval:list:nil intTy))
([(Hold, recVal [("null", trueVal)]),
(SaveI, intVal N),
(SaveE, V)]::EE4) [].
IsSaveI: apply fresh_name_is to _ Pr1.
IsHold: apply fresh_name_is to _ Pr2. search 6.
IsCopy: apply fresh_name_is to _ Pr4.
GEq: apply updateListIndex_pos to Ev3.
apply evalExpr_isValue to _ _ _ Ev1.
Main: apply proj_listUpdate_eval to
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ with
OldL = LV, I = N, V = V, NewL = LV2, Hold = Hold,
Copy = Copy, SaveI = SaveI, SaveE = SaveE, G = EE4, L = L,
HoldL = recVal [("null", trueVal)]. search 12.
apply drop_proj_rel_evalStmt to Main.
exists G'. IsO3: apply evalExpr_isOutput to _ _ _ Ev1.
apply is_list_values_append_nil to IsO3. split.
search 20.
FO: case Main3.
apply replaceScopes_unique to Main2 Ev4.
apply lookupScopes_is to _ Ev2.
apply updateListIndex_is to _ _ Ev3.
apply replaceScopes_is to _ _ Main2.
backchain scopes_same_reflexive.
L: case FO. apply L to _.
case IsS. Ev: case Ev. apply evalExpr_isValue to _ _ _ Ev.
NS: apply evalExpr_names_same to _ _ _ Ev.
NS': apply names_same_symmetric to NS.
IsEE3: apply evalExpr_isCtx to _ _ _ Ev.
Names3: apply names_exists to IsEE3. IsN: apply names_is to _ Names3.
Fr: apply fresh_name_exists to _ _ with Base = "L", Names = X::N.
apply fresh_name_unique_mems to Fr Pr1 _ _.
intros M. M: case M. search.
apply names_same_names to NS Names Names3 M. search.
intros M. M: case M. search.
apply names_same_names to NS' Names3 Names M. search.
apply iterateList_to_while to _ _ _ _ _ Ev1 Names3 Fr.
Len: apply length_exists_list_pair_string_value to IsEE.
NNS: assert newNameScopes [[]] N1 ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
Ev': apply evalExpr_newNameScopes_exists to _ _ _ _ Ev NNS.
NNS': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev' Ev NNS.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
apply drop_is_integer to Drop1.
apply plus_integer_unique_addend to _ _ _ Take Drop.
Eq: assert L1 = EE3.
D: case Drop1. search. apply drop_is_integer to D1.
P: assert 1 + -1 = 0.
apply plus_integer_unique_addend to _ _ _ P D.
GEq: apply drop_geq_0 to D1. LEq: case GEq. case LEq.
case Eq. clear Take Drop Drop1. exists EE'. split.
search.
apply iterateList_isCtx to _ _ _ _ _ Ev1.
backchain scopes_same_reflexive.
LenBR+: apply names_same_length to NS Len. LenBR: case LenBR+.
LEq: apply newNameScopes_length to NNS' LenBR.
apply length_is to LenBR. L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
Prove_Constraint exactEval:host:proj_evalStmt_backward. [Show Proof]
case IsS. apply fresh_name_is to _ Pr1. apply fresh_name_is to _ Pr3.
apply fresh_name_is to _ Pr2. search 6. apply fresh_name_is to _ Pr4.
NEqHI: assert (Hold = SaveI -> false).
intros E. case E. AppI: apply fresh_name_start to _ Pr1. case AppI.
AppH: apply fresh_name_start to _ Pr2. search 6. case AppH.
NEqHL: assert (Hold = L -> false).
intros E. case E. apply fresh_name_not_mem to Pr2 _.
NEqIE: assert (SaveI = SaveE -> false).
intros E. case E. AppI: apply fresh_name_start to _ Pr1. case AppI.
AppE: apply fresh_name_start to _ Pr3. case AppE.
NEqIL: assert (SaveI = L -> false).
intros E. case E. apply fresh_name_not_mem to Pr1 _.
NEqHE: assert (Hold = SaveE -> false).
intros E. case E. AppE: apply fresh_name_start to _ Pr3. case AppE.
AppH: apply fresh_name_start to _ Pr2. search 6. case AppH.
NEqEL: assert (SaveE = L -> false).
intros E. case E. apply fresh_name_not_mem to Pr3 _.
NEqCH: assert (Copy = Hold -> false).
intros E. case E. AppC: apply fresh_name_start to _ Pr4. case AppC.
AppH: apply fresh_name_start to _ Pr2. search 6. case AppH.
NEqCL: assert (Copy = L -> false).
intros E. case E. apply fresh_name_not_mem to Pr4 _.
NEqIC: assert (SaveI = Copy -> false).
intros E. case E. AppI: apply fresh_name_start to _ Pr1. case AppI.
AppC: apply fresh_name_start to _ Pr4. case AppC.
NEqEC: assert (SaveE = Copy -> false).
intros E. case E. AppC: apply fresh_name_start to _ Pr4. case AppC.
AppE: apply fresh_name_start to _ Pr3. case AppE.
SN: case SN. case SN3.
Ev: case Ev. Ev: case Ev. EvI: case Ev. Ev: case Ev1. EvE: case Ev.
Ev: case Ev1. EvMI: case Ev. LI: case EvMI. Ev: case Ev1.
Ev: case Ev. case Ev. case Ev5. EvW: case Ev1. Ev: case EvW1.
EvA: case Ev1. rename EvW2 to EvW1. rename EvA1 to EvW2.
EvNL: assert evalExpr FE EE8 (null (name L)) falseVal EE8 [] /\
EE10 = EE8 /\ O11 = [].
Ev: case Ev.
EvD: case Ev1. case EvD.
EvL: case Ev. case EvL. case Ev1. case Ev6. search.
EvNL: case EvNL. case Ev4. case Ev5.
ENI: apply exprNames_relatedCtxs to _ _ _ _ _ SN1 with
CtxB = []::Ctx'.
intros M. M: case M. case M. search.
apply ctx_names_add_scope to Ctxs.
IsEE2+: apply evalExpr_isCtx to _ _ _ EvI. IsEE2: case IsEE2+.
Ctxs': apply evalExpr_ctx_names to _ _ _ _ _ ENI EvI.
Ctxs': case Ctxs'. Eq: assert Scope1 = [].
Is: case IsEE2. search. case Is.
M: apply Ctxs' to _ with K = A, I = B. case M.
case Eq. apply evalExpr_isValue to _ _ _ EvI.
LenEE: apply length_exists_list_pair_string_value to IsEE.
rename N to Len.
NNS: assert newNameScopes [[]] Len ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
EvI': apply evalExpr_newNameScopes_exists_back to
_ _ _ _ _ _ SN1 EvI NNS.
LenEE2: apply evalExpr_keep_scopes to _ _ _ EvI' LenEE.
NNS': apply evalExpr_newNameScopes_ctx to _ _ _ _ EvI EvI' NNS.
Eq: assert EE_B' = EE2.
NNS': case NNS'.
Take: case NNS'2. Take: case Take1. compute Take.
apply drop_one to NNS'1. search.
LenBR: case LenEE2. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS' LenBR.
apply less_lesseq_flip_false to L LEq.
case Eq. clear Ctxs' Ctxs'1.
Names2: apply names_exists to _ with L = EE2.
NNS'': assert newNameScopes [[(SaveI, V)]] Len
([(SaveI, V)]::EE2) EE2.
unfold. exists 1, [SaveI], N. split. search. search. search.
search. search. intros M MN. M: case M.
NS: apply evalExpr_names_same to _ _ _ EvI. NS: case NS.
apply names_same_symmetric to NS2.
apply names_same_names to _ Names2 Names MN.
apply fresh_name_not_mem to Pr1 _.
case M.
EvE': apply evalExpr_newNameScopes_exists_back to
_ _ _ _ _ _ _ EvE NNS''.
LenEE5: apply evalExpr_keep_scopes to _ _ _ EvE' LenEE2.
NNS+: apply evalExpr_newNameScopes_ctx to _ _ _ _ EvE EvE' NNS''.
Eq: assert Scope2 = [(SaveI, V)] /\ EE_B'1 = EE5.
NNS+: case NNS+.
Take: case NNS+2. Take: case Take1. compute Take.
apply drop_one to NNS+1. search.
Len: case LenEE5. apply length_is to Len.
L: apply lt_plus_one to Len1 _.
LEq: apply newNameScopes_length to NNS+ Len.
apply less_lesseq_flip_false to L LEq.
case Eq.
Eq: assert V2 = V.
L: case LI.
L: case L. apply NEqIE to _. L: case L1. search. apply L1 to _.
N: case L. N: case N1. apply N1 to _.
case Eq.
Eq: assert Scope3::EE9 = [(SaveI, V), (SaveE, V1)]::EE5.
RS: case EvMI1.
RA: case RS1. apply NEqIE to _. RA: case RA1. case RA1. search.
apply RA1 to _.
N: case RS. N: case N1. apply N1 to _.
case Eq. clear LI EvMI1.
apply evalExpr_isValue to _ _ _ EvE'.
apply evalExpr_isCtx to _ _ _ EvE'.
Eq: assert O13 = [] /\ exists LV, lookupScopes L EE8 LV.
EvA: case EvA. case EvA. search.
LL: case Eq. case EvA2.
LS: assert exists LV, lookupScopes L EE5 LV.
NS: apply eval_while_names_same to _ _ _ _ EvW.
search 20. search 30.
NS: case NS. Names5: apply names_exists to _ with L = EE5.
IsEE8: apply evalStmt_isCtx to _ _ _ EvW. search 20. search 30.
Names8: apply names_exists to IsEE8. LL: case LL.
ML: apply lookup_mem to LL. M: apply NS1 to ML. M: case M.
apply NEqHL to _. M: case M. apply NEqIL to _. M: case M.
apply NEqEL to _. case M.
Names: case Names8. ML: apply lookupScopes_names to LL1 Names3.
apply names_same_symmetric to NS2.
MN1: apply names_same_names to _ Names3 Names5 ML.
apply names_lookupScopes to _ Names5 MN1. search.
LS: case LS.
ULI: apply proj_eval_listUpdate to NEqHI NEqHL NEqIE NEqIL NEqHE
NEqEL NEqCH NEqCL NEqIC NEqEC IsFE _ _ LS EvW EvNL EvA. search 20.
GEq: apply updateListIndex_pos to ULI.
LS': assert lookupScopes L ([(Hold, recVal [("null", trueVal)]),
(SaveI, intVal I1), (SaveE, V1)]::EE5) LV1.
EvAgain: apply proj_listUpdate_eval to ULI NEqHI NEqHL NEqIE NEqIL
NEqHE NEqEL NEqCH NEqCL NEqIC NEqEC _ GEq IsFE _ _ LS'.
search 20.
EvG: apply drop_proj_rel_evalStmt to EvAgain.
EvG: case EvG. EvG: case EvG1. EvG: case EvG3.
case EvG2. case EvG4. case EvG6.
apply evalStmt_unique to _ _ _ EvG EvW. search 20. search 30.
NS: apply evalStmt_names_same to _ _ _ EvW. search 20. search 30.
IsEE''+: apply evalStmt_isCtx to _ _ _ EvW. search 20. search 30.
apply evalStmt_unique to _ _ _ EvG1 Ev. search 20.
apply evalStmt_unique to _ _ _ EvG3 EvA. search 10.
NS: apply evalStmt_names_same to _ _ _ EvA. search 10.
IsEE''1+: apply evalStmt_isCtx to _ _ _ EvA. search 10.
apply evalStmt_unique to _ _ _ EvG5 EvW2. search 20.
case EvW1. apply append_nil_right to Ev3. clear Ev3.
FO: case EvAgain3.
exists EE'. split.
search.
apply lookupScopes_is to _ LS.
apply updateListIndex_is to _ _ ULI.
apply replaceScopes_is to _ _ EvAgain2.
backchain scopes_same_reflexive.
L: case FO. apply L to _.
case IsS. Ev: case Ev. Ev: case Ev. Ev: case Ev. SN: case SN.
case SN2.
EN: apply exprNames_relatedCtxs to _ _ _ _ _ SN with CtxB = []::Ctx'.
intros M. M: case M. case M. search.
apply ctx_names_add_scope to Ctxs.
Ctxs': apply evalExpr_ctx_names to _ _ _ _ _ EN Ev.
IsEE2+: apply evalExpr_isCtx to _ _ _ Ev. IsEE2: case IsEE2+.
Ctxs': case Ctxs'. Eq: assert Scope1 = [].
Is: case IsEE2. search. case Is. M: apply Ctxs' to _. case M.
case Eq. apply evalExpr_isValue to _ _ _ Ev.
Names2: apply names_exists to IsEE1. apply names_is to _ Names2.
Fr: apply fresh_name_exists to _ _ with Base = "L", Names = X::N.
NS: apply evalExpr_names_same to _ _ _ Ev. NS: case NS.
apply fresh_name_unique_mems to Fr Pr1 _ _.
intros M. M: case M. search.
apply names_same_names to NS2 Names Names2 M. search.
intros M. M: case M. search.
NS': apply names_same_symmetric to NS2.
apply names_same_names to NS' Names2 Names M. search.
apply while_to_iterateList to _ _ _ _ _ _ Names2 Fr _ SN1 Ev1.
Len: apply length_exists_list_pair_string_value to IsEE.
NNS: assert newNameScopes [[]] N1 ([]::EE) EE.
unfold. exists 1, [], Names. split. search. search. search. search.
search. intros M. case M.
Ev': apply evalExpr_newNameScopes_exists_back to
_ _ _ _ _ _ SN Ev NNS.
NNS': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev Ev' NNS.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
apply drop_is_integer to Drop1.
apply plus_integer_unique_addend to _ _ _ Take Drop.
Eq: assert EE2 = EE_B'.
D: case Drop1. search. apply drop_is_integer to D1.
P: assert 1 + -1 = 0.
apply plus_integer_unique_addend to _ _ _ P D.
GEq: apply drop_geq_0 to D1. LEq: case GEq. case LEq.
case Eq. clear Take Drop Drop1. exists EE'. split.
search.
apply fresh_name_is to _ Fr.
IsEE'+: apply evalStmt_isCtx to _ _ _ Ev1. search 20.
case IsEE'+. backchain scopes_same_reflexive.
NS': apply evalExpr_names_same to _ _ _ Ev'.
LenBR+: apply names_same_length to NS' Len. LenBR: case LenBR+.
apply length_is to LenBR. L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS' LenBR.
apply less_lesseq_flip_false to L LEq.
Prove_Ext_Ind exactEval:host:evalExpr,
exactEval:host:evalArgs,
exactEval:host:evalRecFields,
exactEval:host:evalStmt
with forall FE EE V X Body EE' O,
iterateList FE EE V X Body EE' O with
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE,
IsEE : is_list (is_list (is_pair is_string is_value)) EE,
IsV : is_value V,
IsX : is_string X,
IsBody : is_stmt Body
and
iterateList_to_while_P :
forall FE SaveL V EE X Body EE' O Names N N',
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value))
([(SaveL, V)]::EE) ->
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IL : <iterateList {ES}> FE EE V X Body EE' O N ->
Plus : 1 + N = N' ->
Acc : acc N' ->
Names : names EE Names ->
Fr : fresh_name "L" (X::Names) SaveL ->
exists V',
<evalStmt {P}> FE ([(SaveL, V)]::EE)
(while (not (null (name SaveL)))
(seq (declare intTy X (head (name SaveL)))
(seq (assign SaveL (tail (name SaveL)))
Body))) ([(SaveL, V')]::EE') O
on Acc as IH_IL_W_A, IL * as IH_IL_W. [Show Proof]
apply names_exists to IsEE. search.
apply names_exists to IsEE. apply ext_size_is_int_evalExpr to R3.
apply ext_size_is_int_evalExpr to R4. case IsE.
apply plus_integer_is_integer to _ _ R2.
L: apply lt_plus_one to R1 _. apply ext_size_pos_evalExpr to R3.
apply ext_size_pos_evalExpr to R4. Acc: case Acc.
RP1: assert <evalExpr {P}> FE EE E1 V1 EE3 O2.
Or: apply lt_left to R2 _ _. L': case Or.
L'': apply less_integer_transitive to L' L.
A2: apply Acc to _ L''. apply IH to R3 A2 _ _ _. search.
A2: apply Acc to _ L. apply IH to R3 A2 _ _ _. search.
RP2: assert <evalExpr {P}> FE EE3 E2 V2 EE' O3.
Ev1: apply drop_ext_size_evalExpr to R3.
apply evalExpr_isCtx to _ _ _ Ev1.
Or: apply lt_right to R2 _ _ _. L': case Or.
L'': apply less_integer_transitive to L' L.
A3: apply Acc to _ L''. apply IH to R4 A3 _ _ _. search.
A3: apply Acc to _ L. apply IH to R4 A3 _ _ _. search.
unfold. exists N1,
(recBuild (consRecFieldExprs "null" exactEval:host:false
(consRecFieldExprs "head" E1
(consRecFieldExprs "tail" E2
nilRecFieldExprs)))),
recVal [("null", falseVal), ("head", V1), ("tail", V2)],
EE', O, EE3, O2, O3. split.
search.
search.
search.
search.
search.
Ev1: apply drop_ext_size_evalExpr to R3.
Ev2: apply drop_ext_size_evalExpr to R4.
apply evalExpr_isCtx to _ _ _ Ev1.
IsO2: apply evalExpr_isOutput to _ _ _ Ev1.
IsO3: apply evalExpr_isOutput to _ _ _ Ev2.
apply is_list_values_append_nil to IsO2.
apply is_list_values_append_nil to IsO3. search.
apply names_exists to IsEE. apply ext_size_is_int_evalExpr to R2.
apply ext_size_pos_evalExpr to R2. case IsE. Acc: case Acc.
L: apply lt_plus_one to R1 _. A: apply Acc to _ L.
apply IH to R2 A _ _ _. Ev: apply drop_ext_size_evalExpr to R2.
IsO: apply evalExpr_isOutput to _ _ _ Ev.
apply is_list_values_append_nil to IsO. search.
apply names_exists to IsEE. apply ext_size_is_int_evalExpr to R2.
apply ext_size_pos_evalExpr to R2. case IsE. Acc: case Acc.
L: apply lt_plus_one to R1 _. A: apply Acc to _ L.
apply IH to R2 A _ _ _. Ev: apply drop_ext_size_evalExpr to R2.
IsO: apply evalExpr_isOutput to _ _ _ Ev.
apply is_list_values_append_nil to IsO. search.
apply names_exists to IsEE. apply ext_size_is_int_evalExpr to R2.
apply ext_size_pos_evalExpr to R2. case IsE. Acc: case Acc.
L: apply lt_plus_one to R1 _. A: apply Acc to _ L.
apply IH to R2 A _ _ _. Ev: apply drop_ext_size_evalExpr to R2.
IsO: apply evalExpr_isOutput to _ _ _ Ev.
apply is_list_values_append_nil to IsO. search.
case IsE. Ev: apply drop_ext_size_evalExpr to R3.
Ev1: apply drop_ext_size_evalExpr to R4.
apply evalExpr_isCtx to _ _ _ Ev.
IsIdx+: apply evalExpr_isValue to _ _ _ Ev1. case IsIdx+.
Len: apply length_exists_list_pair_string_value to IsEE.
rename N1 to LengthEE. Names: apply names_exists to IsEE.
NNS_L: assert newNameScopes [[]] LengthEE ([]::EE) EE.
unfold. exists 1, [], N1. split. search. search. search.
search. search. intros M. case M.
Ev_LES: apply evalExpr_newNameScopes_exists_ES to _ _ _ _ R3 NNS_L.
Ev_L: apply drop_ext_size_evalExpr to Ev_LES.
NNS_L': apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev_L Ev NNS_L.
LenEE3: apply evalExpr_keep_scopes to _ _ _ Ev Len.
Eq: assert EE_A' = []::EE3.
NNS': case NNS_L'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P.
L: case G. case L.
LenBR: case LenEE3. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq. IsNames: apply names_is to _ Names.
FrL: apply fresh_name_exists to _ IsNames with Base = "L".
FrI: apply fresh_name_exists to _ IsNames with Base = "I".
rename F to SaveL. rename F1 to SaveI.
Ev_DL: assert <evalStmt {ES}> FE ([]::EE) (declare intTy SaveL L)
([(SaveL, LV)]::EE3) O2 N2.
IsEE3: apply evalExpr_isCtx to _ _ _ Ev.
apply evalExpr_isValue to _ _ _ Ev.
apply fresh_name_is to _ FrL. apply fresh_name_is to _ FrI.
NamesEE3: apply names_exists to IsEE3.
NNS_I: assert newNameScopes [[(SaveL, LV)]] LengthEE
([(SaveL, LV)]::EE3) EE3.
unfold. exists 1, [SaveL], N5. split. search. search. search.
search.
search.
intros ML MN. ML: case ML.
NS: apply evalExpr_names_same to _ _ _ Ev.
NS': apply names_same_symmetric to NS.
MNames: apply names_same_names to _ NamesEE3 Names MN.
apply fresh_name_not_mem to FrL MNames.
case ML.
Ev_IES: apply evalExpr_newNameScopes_exists_ES to _ _ _ _ R4 NNS_I.
Ev_I: apply drop_ext_size_evalExpr to Ev_IES.
NNS_If: apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev_I Ev1 NNS_I.
LenEE': apply evalExpr_keep_scopes to _ _ _ Ev1 LenEE3.
Eq: assert EE_A'1 = [(SaveL, LV)]::EE'.
NNS': case NNS_If.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P.
L: case G. case L.
LenBR: case LenEE'. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
Ev_DI: assert <evalStmt {ES}> FE ([(SaveL, LV)]::EE3)
(declare intTy SaveI I)
([(SaveI, intVal Idx), (SaveL, LV)]::EE') O3 N3.
GEq: apply listIndex_geq_0 to _ R5. case GEq.
Ev_C: assert <evalExpr {ES}> FE
([(SaveI, intVal Idx), (SaveL, LV)]::EE')
(greater (num 0) (name SaveI)) falseVal
([(SaveI, intVal Idx), (SaveL, LV)]::EE') [] 0.
EvIf : assert <evalStmt {ES}> FE
([(SaveI, intVal Idx), (SaveL, LV)]::EE')
(ifThenElse (greater (num 0) (name SaveI))
(printVal (errorExpr (stringLit "Die") intTy))
noop) ([(SaveI, intVal Idx), (SaveL, LV)]::EE') [] 0.
NEq: assert SaveL = SaveI -> false.
intros E. case E. AppI: apply fresh_name_start to _ FrI.
AppL: apply fresh_name_start to _ FrL. case AppI. case AppL.
EvWhile: apply index_to_while to R5 NEq _ with Ctx = EE', FE = FE.
Ev_W: apply drop_ext_size_evalStmt to EvWhile.
assert SaveI = SaveL -> false. intros E. case E. backchain NEq.
assert lookupScopes SaveL
([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE')
(recVal Fields).
Ev_RFA: assert <evalExpr {ES}> FE
([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE')
(recFieldAccess (name SaveL) "head") V
([(SaveI, intVal 0), (SaveL, recVal Fields)]::EE') [] 0.
apply ext_size_is_int_evalExpr to R3.
apply ext_size_is_int_evalExpr to R4.
apply ext_size_pos_evalExpr to R3.
apply ext_size_pos_evalExpr to R4.
apply plus_integer_is_integer to _ _ R2.
L4: apply lt_plus_one to R1 _. Acc: case Acc.
L2: assert N2 < N.
Or: apply lt_left to R2 _ _. C: case Or.
apply less_integer_transitive to C L4. search. search.
L3: assert N3 < N.
Or: apply lt_right to R2 _ _ _. C: case Or.
apply less_integer_transitive to C L4. search. search.
A2: apply Acc to _ L2. A3: apply Acc to _ L3.
apply ext_size_pos_evalExpr to R.
GEq4: apply greatereq_integer__add_positive to _ _ _ with
N1 = N2, N2 = N3, Base = 0, Sum = N4.
GEqN: apply greatereq_integer__add_positive to _ _ _ with
N1 = 1, N2 = N4, Base = 0, Sum = N.
OrN: apply greatereq_integer_greater_or_eq to GEqN.
L0: assert 0 < N.
C: case OrN.
case C. search.
P: assert 1 + -1 = 0.
apply plus_integer_unique_addend to _ _ _ P R1. L: case GEq4.
case L.
A0: apply Acc to _ L0.
apply IH3 to Ev_DL A2 _ _ _. apply IH3 to Ev_DI A3 _ _ _.
apply evalExpr_isCtx to _ _ _ Ev1.
apply IH3 to EvIf A0 _ _ _. search 20.
apply IH3 to EvWhile A0 _ _ _. search 20.
apply IH to R3 A2 _ _ _. apply IH to R4 A3 _ _ _.
IsO2: apply evalExpr_isOutput to _ _ _ Ev.
IsO3: apply evalExpr_isOutput to _ _ _ Ev1.
IsO: apply append_values_is to _ _ R6.
apply is_list_values_append_nil to IsO3. unfold.
exists N1,
stmtExpr (seq (declare intTy SaveL L)
(seq (declare intTy SaveI I)
(seq (ifThenElse (greater (num 0) (name SaveI))
(printVal (errorExpr (stringLit "Die") intTy))
noop)
(while (greater (name SaveI) (num 0))
(seq (assign SaveL
(recFieldAccess (name SaveL) "tail"))
(assign SaveI
(minus (name SaveI) (num 1))))))))
(recFieldAccess (name SaveL) "head"), V,
EE', O, LV, EE3, O2, Idx, O3. split.
search.
search.
search.
search.
search.
search.
unfold.
exists [(SaveI, intVal 0), (SaveL, recVal Fields)]::EE',
O, [(SaveI, intVal 0), (SaveL, recVal Fields)], []. split.
search.
search.
backchain is_list_values_append_nil.
case IsE. Ev: apply drop_ext_size_evalExpr to R2.
Names: apply names_exists to IsEE. IsN1: apply names_is to _ Names.
FrL: apply fresh_name_exists to _ IsN1 with Base = "L".
FrLen: apply fresh_name_exists to _ IsN1 with Base = "Len".
rename F to SaveL. rename F1 to Len.
NEq: assert SaveL = Len -> false.
intros E. case E. AppLen: apply fresh_name_start to _ FrLen.
FrL: case FrL.
App: case AppLen. case App.
AppL: case FrL1. case AppL.
AppL: apply fresh_name_start to _ FrL2. AppL: case AppL.
case AppL. AppLen: case AppLen. case AppLen.
LenEE: apply length_exists_list_pair_string_value to IsEE.
NNS: assert newNameScopes [[]] N3 ([]::EE) EE.
unfold. exists 1, [], N1. split. search. search. search. search.
search. intros M. case M.
Ev_L_ES: apply evalExpr_newNameScopes_exists_ES to _ _ _ _ R2 NNS.
Ev_L: apply drop_ext_size_evalExpr to Ev_L_ES.
NNS_L: apply evalExpr_newNameScopes_ctx to _ _ _ _ Ev_L Ev NNS.
LenEE': apply evalExpr_keep_scopes to _ _ _ Ev LenEE.
Eq: assert EE_A' = []::EE'.
NNS': case NNS_L.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
Drop': case Drop1.
search.
G: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_is_integer to _ _ Drop'.
apply plus_integer_unique_addend to _ _ _ Take Drop.
apply plus_integer_unique_addend to _ _ _ Drop' P.
L: case G. case L.
LenBR: case LenEE'. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS' LenBR.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq.
Ev_DL: assert <evalStmt {ES}> FE ([]::EE) (declare intTy SaveL E1)
([(SaveL, V1)]::EE') O N2.
Ev_DLen: assert <evalStmt {ES}> FE ([(SaveL, V1)]::EE')
(declare intTy Len (num 0))
([(Len, intVal 0), (SaveL, V1)]::EE') [] 0.
apply evalExpr_isValue to _ _ _ Ev. apply listLength_is to _ R3.
P: assert 0 + I = I. P': apply plus_integer_comm to _ _ P.
Ev_W_ES: apply length_to_while to R3 NEq P' _ _ with
FE = FE, Ctx = EE'.
Ev_W: apply drop_ext_size_evalStmt to Ev_W_ES.
LS: assert lookupScopes Len
([(Len, intVal I), (SaveL, recVal Fields)]::EE')
(intVal I).
Ev_N: assert <evalExpr {ES}> FE
([(Len, intVal I), (SaveL, recVal Fields)]::EE')
(name Len) (intVal I)
([(Len, intVal I), (SaveL, recVal Fields)]::EE') [] 0.
apply ext_size_is_int_evalExpr to R2.
P2: apply ext_size_pos_evalExpr to R2.
L2: apply lt_plus_one to R1 _.
Acc: case Acc. A2: apply Acc to _ L2.
LEqN: apply ext_size_pos_evalExpr to R.
OrN: apply greatereq_integer_greater_or_eq to _ with A = N, B = 0.
L0: assert 0 < N.
C: case OrN.
case C. search.
P'': assert 1 + -1 = 0.
apply plus_integer_unique_addend to _ _ _ P'' R1.
L: case P2.
A0: apply Acc to _ L0.
apply fresh_name_is to _ FrL. apply fresh_name_is to _ FrLen.
apply IH to R2 A2 _ _ _. apply IH3 to Ev_DL A2 _ _ _.
apply evalExpr_isCtx to _ _ _ Ev. apply IH3 to Ev_DLen A0 _ _ _.
apply IH3 to Ev_W_ES A0 _ _ _. search 20.
apply evalStmt_isCtx to _ _ _ Ev_W. search 20.
apply IH to Ev_N A0 _ _ _. unfold.
exists N1,
stmtExpr
(seq (declare intTy SaveL E1)
(seq (declare intTy Len (num 0))
(while (not (recFieldAccess (name SaveL) "null"))
(seq (assign SaveL (recFieldAccess (name SaveL) "tail"))
(assign Len (plus (name Len) (num 1)))))))
(name Len), intVal I, EE', O, V1. split.
search.
search.
search.
search.
IsO: apply evalExpr_isOutput to _ _ _ Ev.
apply is_list_values_append_nil to IsO. search.
Is: case IsS.
Ev: apply drop_ext_size_evalExpr to R3.
Ev1: apply drop_ext_size_evalExpr to R4.
apply ext_size_is_int_evalExpr to R3.
apply ext_size_is_int_evalExpr to R4.
apply plus_integer_is_integer to _ _ R2.
L4: apply lt_plus_one to R1 _. Acc: case Acc.
apply ext_size_pos_evalExpr to R3.
apply ext_size_pos_evalExpr to R4.
L2: assert N2 < N.
Or: apply lt_right to R2 _ _ _. L': case Or.
L'': apply less_integer_transitive to L' L4. search.
search.
L3: assert N3 < N.
Or: apply lt_left to R2 _ _. L': case Or.
L'': apply less_integer_transitive to L' L4. search.
search.
A2: apply Acc to _ L2. A3: apply Acc to _ L3.
apply evalExpr_isCtx to _ _ _ Ev.
apply IH to R3 A3 _ _ _. apply IH to R4 A2 _ _ _.
Names: apply names_exists to IsEE.
IsNames: apply names_is to _ Names.
Is+: assert is_list is_string (L::N5).
Pr3: apply fresh_name_exists to _ Is+ with Base = "E".
Pr1: apply fresh_name_exists to _ Is+ with Base = "I".
Pr2: apply fresh_name_exists to _ Is+ with Base = "Hold". search 6.
Pr3: apply fresh_name_exists to _ Is+ with Base = "C".
rename F to SaveE. rename F1 to SaveI. rename F2 to Hold.
rename F3 to Copy.
assert SaveE = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr3 _.
assert SaveI = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr1 _.
assert Hold = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr2 _.
assert Copy = L -> false.
intros E. case E. apply fresh_name_not_mem to Pr4 _.
assert Hold = SaveE -> false.
intros E. case E. AppE: apply fresh_name_start to _ Pr3.
AppH: apply fresh_name_start to _ Pr2. search 6.
case AppE. case AppH.
assert Hold = SaveI -> false.
intros E. case E. AppI: apply fresh_name_start to _ Pr1.
AppH: apply fresh_name_start to _ Pr2. search 6.
case AppI. case AppH.
NEqIE: assert SaveI = SaveE -> false.
intros E. case E. AppI: apply fresh_name_start to _ Pr1.
AppE: apply fresh_name_start to _ Pr3. case AppI. case AppE.
assert Copy = Hold -> false.
intros E. case E. AppC: apply fresh_name_start to _ Pr4.
AppH: apply fresh_name_start to _ Pr2. search 6.
case AppC. case AppH.
assert SaveE = Copy -> false.
intros E. case E. AppC: apply fresh_name_start to _ Pr4.
AppE: apply fresh_name_start to _ Pr3. case AppC. case AppE.
assert SaveI = Copy -> false.
intros E. case E. AppC: apply fresh_name_start to _ Pr4.
AppI: apply fresh_name_start to _ Pr1. case AppC. case AppI.
LenEE: apply length_exists_list_pair_string_value to IsEE.
rename N6 to Len.
NNS: assert newNameScopes [[]] Len ([]::EE) EE.
unfold. exists 1, [], N5. split. search. search. search.
search. search. intros M. case M.
EvI': apply evalExpr_newNameScopes_exists_ES to _ _ _ _ R3 NNS.
EvI'': apply drop_ext_size_evalExpr to EvI'.
NNS': apply evalExpr_newNameScopes_ctx to _ _ _ _ EvI'' Ev _.
Eq: assert EE_A' = []::EE2.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take.
apply drop_one to NNS'1. search.
LenBR+: apply evalExpr_keep_scopes to _ _ _ Ev LenEE.
LenBR: case LenBR+. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS' LenBR.
apply less_lesseq_flip_false to L LEq.
case Eq.
apply IH to EvI' A3 _ _ _.
EvAI: assert <evalStmt {P}> FE ([]::EE) (declare intTy SaveI I)
([(SaveI, intVal N1)]::EE2) O2.
apply fresh_name_is to _ Pr1. apply evalExpr_isValue to _ _ _ Ev.
IsEE2: apply evalExpr_isCtx to _ _ _ Ev.
Names2: apply names_exists to IsEE2.
NS: apply evalExpr_names_same to _ _ _ Ev.
Len2: apply evalExpr_keep_scopes to _ _ _ Ev LenEE.
NNS+: assert newNameScopes [[(SaveI, intVal N1)]] Len
([(SaveI, intVal N1)]::EE2) EE2.
unfold. exists 1, [SaveI], N6. split. search. search. search.
search. search.
intros M MX. M: case M. NS': apply names_same_symmetric to NS.
M': apply names_same_names to NS' Names2 Names MX.
apply fresh_name_not_mem to Pr1 _. case M.
EvE': apply evalExpr_newNameScopes_exists_ES to _ _ _ _ R4 NNS+.
EvE'': apply drop_ext_size_evalExpr to EvE'.
NNS'': apply evalExpr_newNameScopes_ctx to _ _ _ _ EvE'' Ev1 _.
Len4: apply evalExpr_keep_scopes to _ _ _ Ev1 Len2.
Eq: assert EE_A'1 = [(SaveI, intVal N1)]::EE4.
NN: case NNS''.
Take: case NN2. Take: case Take1. compute Take.
apply drop_one to NN1. search.
LenBR: case Len4. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NN LenBR.
apply less_lesseq_flip_false to L LEq.
case Eq.
apply IH to EvE' A2 _ _ _.
EvAE: assert <evalStmt {P}> FE ([(SaveI, intVal N1)]::EE2)
(declare intTy SaveE E)
([(SaveE, V), (SaveI, intVal N1)]::EE4) O3.
apply fresh_name_is to _ Pr3. apply evalExpr_isValue to _ _ _ Ev1.
IsEE4: apply evalExpr_isCtx to _ _ _ Ev1.
EvMI: assert <evalStmt {P}>
FE ([(SaveE, V), (SaveI, intVal N1)]::EE4)
(assign SaveI (name SaveI))
([(SaveI, intVal N1), (SaveE, V)]::EE4) [].
assert SaveE = SaveI -> false. intros E. case E. backchain NEqIE.
search.
IsEE4: apply evalExpr_isCtx to _ _ _ Ev1.
Names4: apply names_exists to IsEE4. apply names_is to _ Names4.
EvH: assert <evalStmt {P}>
FE ([(SaveI, intVal N1), (SaveE, V)]::EE4)
(declare intTy Hold (exactEval:list:nil intTy))
([(Hold, recVal [("null", trueVal)]),
(SaveI, intVal N1),
(SaveE, V)]::EE4) []. search 6.
IsSaveI: apply fresh_name_is to _ Pr1.
IsHold: apply fresh_name_is to _ Pr2. search 6.
IsCopy: apply fresh_name_is to _ Pr4.
GEq: apply updateListIndex_pos to R6.
apply evalExpr_isValue to _ _ _ Ev1.
Main: apply proj_listUpdate_eval to
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ with
OldL = LV, I = N1, V = V, NewL = LV2, Hold = Hold,
Copy = Copy, SaveI = SaveI, SaveE = SaveE, G = EE4, L = L,
HoldL = recVal [("null", trueVal)]. search 12.
exists G'. IsO3: apply evalExpr_isOutput to _ _ _ Ev1.
apply is_list_values_append_nil to IsO3. search 20.
IsS: case IsS.
apply ext_size_is_int_evalExpr to R3.
apply ext_size_is_int_iterateList to R4.
apply ext_size_pos_evalExpr to R3.
apply ext_size_pos_iterateList to R4.
apply plus_integer_is_integer to _ _ R2.
L4: apply lt_plus_one to R1 _. Acc': case Acc (keep).
L2: assert N2 < N.
Or: apply lt_left to R2 _ _. L': case Or.
apply less_integer_transitive to L' L4. search.
search.
L3: assert N3 < N.
Or: apply lt_right to R2 _ _ _. L': case Or.
apply less_integer_transitive to L' L4. search.
search.
A2: apply Acc' to _ L2. apply IH to R3 A2 _ _ _.
Ev: apply drop_ext_size_evalExpr to R3.
apply evalExpr_isValue to _ _ _ Ev. apply evalExpr_isCtx to _ _ _ Ev.
A3: apply Acc' to _ L3. ILP: apply IH10 to R4 A3 _ _ _ _ _.
EvE: apply drop_ext_size_evalExpr to R3.
IsEE3: apply evalExpr_isCtx to _ _ _ EvE.
Names: apply names_exists to IsEE. IsN1: apply names_is to _ Names.
Fr: apply fresh_name_exists to _ _ with Base = "L", Names = X::N1.
LenEE3: apply length_exists_list_pair_string_value to IsEE3.
rename F to SaveL. rename N5 to Len.
Names3: apply names_exists to IsEE3.
NS: apply evalExpr_names_same to _ _ _ EvE.
NNS: assert newNameScopes [[(SaveL, LV)]] Len
([(SaveL, LV)]::EE3) EE3.
unfold. exists 1, [SaveL], N5. split. search. search. search.
search. search. intros MSL MX. MSL: case MSL.
NS': apply names_same_symmetric to NS.
MX1: apply names_same_names to NS' Names3 Names MX.
apply fresh_name_not_mem to Fr _. case MSL.
apply fresh_name_is to _ Fr.
ILP': apply iterateList_newNameScopes_exists_ES to
_ _ _ _ _ _ R4 NNS.
IL: apply drop_ext_size_iterateList to R4.
IL': apply drop_ext_size_iterateList to ILP'.
NNS': apply iterateList_newNameScopes to _ _ _ _ _ _ IL' IL NNS.
NNS': case NNS'.
Take: case NNS'2. case Take1. compute Take. Drop: case NNS'1.
IsN8: apply drop_is_integer to Drop1.
apply plus_integer_unique_addend to _ _ _ Take Drop.
Eq: assert L1 = EE'.
D: case Drop1. search. GEq: apply drop_geq_0 to D1.
apply drop_is_integer to D1. P: assert 1 + -1 = 0.
apply plus_integer_unique_addend to _ _ _ P D.
LEq: case GEq. case LEq.
case Eq. clear Take Drop Drop1 IsN8.
ILP'': apply IH4 to ILP' A3 _ _ _ _ _.
Fr': assert fresh_name "L" (X::N5) SaveL.
apply names_is to _ Names3.
Fr': apply fresh_name_exists to
_ _ with Base = "L", Names = X::N5.
apply fresh_name_unique_mems to Fr Fr' _ _.
intros M. M: case M. search.
NS': apply names_same_symmetric to NS.
apply names_same_names to NS' Names3 Names M. search.
intros M. M: case M. search.
apply names_same_names to NS Names Names3 M. search.
search.
Plus: apply plus_integer_total to _ _ with N1 = 1, N2 = N3.
EvWP: assert exists V',
<evalStmt {P}> FE ([(SaveL, LV)]::EE3)
(while (not (null (name SaveL)))
(seq (declare intTy X (head (name SaveL)))
(seq (assign SaveL (tail (name SaveL))) Body)))
([(SaveL, V')]::EE') O3.
Or: apply lt_right to R2 _ _ _. L: case Or.
LEq: apply less_integer_step_lesseq to _ _ L Plus.
Or: apply lesseq_integer_less_or_eq to LEq. L': case Or.
L9: apply less_integer_transitive to L' L4.
apply lesseq_integer__add_positive to _ _ Plus with
Base = 0. A9: apply Acc' to _ L9.
apply IH_IL_W to _ _ _ _ _ R4 Plus A9 Names3 Fr'. search.
apply lesseq_integer__add_positive to _ _ R2 with
Base = 0. A4: apply Acc' to _ L4.
apply IH_IL_W to _ _ _ _ _ R4 Plus A4 Names3 Fr'. search.
apply plus_integer_unique to Plus R1.
apply IH_IL_W to _ _ _ _ _ R4 Plus Acc Names3 Fr'.
search.
EvWP: case EvWP.
LenEE: apply length_exists_list_pair_string_value to IsEE.
NNS_: assert newNameScopes [[]] N11 ([]::EE) EE.
unfold. exists 1, [], N1. split. search. search. search.
search. search. intros M. case M.
EvE+: apply evalExpr_newNameScopes_exists_ES to _ _ _ _ R3 NNS_.
EvE+': apply drop_ext_size_evalExpr to EvE+.
NNS+: apply evalExpr_newNameScopes_ctx to _ _ _ _ EvE+' EvE _.
NNS+: case NNS+.
Take: case NNS+2. case Take1. compute Take. Drop: case NNS+1.
Eq: assert L2 = EE3.
apply drop_is_integer to Drop1. D: case Drop1. search.
apply plus_integer_unique_addend to _ _ _ Take Drop.
P: assert 1 + -1 = 0. apply drop_is_integer to D1.
apply plus_integer_unique_addend to _ _ _ P D.
GEq: apply drop_geq_0 to D1. LEq: case GEq. case LEq.
case Eq. clear Take Drop Drop1 NNS+4 NNS+3 NNS+5 NNS+.
unfold. exists N1,
scopeStmt
(seq (declare intTy SaveL L)
(while (not (null (name SaveL)))
(seq (declare intTy X (head (name SaveL)))
(seq (assign SaveL (tail (name SaveL))) Body)))),
EE', O, LV, EE3, O2, O3. split.
search.
search.
search.
search.
search.
unfold. exists [(SaveL, V')]. unfold.
exists [(SaveL, LV)]::EE3, O2, O3. split.
apply IH to EvE+ A2 _ _ _. search.
search.
search.
NSE: apply evalExpr_names_same to _ _ _ EvE.
LenBR+: apply names_same_length to NSE LenEE.
LenBR: case LenBR+. apply length_is to LenBR.
L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS+ LenBR.
apply less_lesseq_flip_false to L LEq.
NSI: apply iterateList_names_same to _ _ _ _ _ IL.
LenBR+: apply names_same_length to NSI LenEE3. LenBR: case LenBR+.
apply length_is to LenBR. L: apply lt_plus_one to LenBR1 _.
LEq: apply newNameScopes_length to NNS' LenBR.
apply less_lesseq_flip_false to L LEq.
search.
case IsV. apply lookup_is_value to _ R3.
apply lookup_is_value to _ R5.
Ev: apply drop_ext_size_evalStmt to R4.
IL: apply drop_ext_size_iterateList to R6.
IsEE3+: apply evalStmt_isCtx to _ _ _ Ev. case IsEE3+.
apply ext_size_is_int_evalStmt to R4.
apply ext_size_is_int_iterateList to R6.
apply plus_integer_is_integer to _ _ R1.
Acc': case Acc (keep). apply ext_size_pos_evalStmt to R4.
apply ext_size_pos_iterateList to R6.
assert <evalStmt {P}> FE ([(X, Hd)]::EE) Body (Scope::EE3) O2.
Or: apply lt_left to R1 _ _. L': case Or.
A2: apply Acc' to _ L'. apply IH9 to R4 A2 _ _ _. search.
apply IH9 to R4 Acc _ _ _. search.
assert <iterateList {P}> FE EE3 Tl X Body EE' O3.
Or: apply lt_right to R1 _ _ _. L': case Or.
A3: apply Acc' to _ L'. apply IH10 to R6 A3 _ _ _ _ _. search.
apply IH10 to R6 Acc _ _ _ _ _. search.
search.
search 20.
IsFields: case IsV.
assert <evalExpr {P}> FE ([(SaveL, recVal Fields)]::EE)
(not (null (name SaveL))) trueVal
([(SaveL, recVal Fields)]::EE) []. search 20.
assert <evalStmt {P}> FE ([]::[(SaveL, recVal Fields)]::EE)
(declare intTy X (head (name SaveL)))
([(X, Hd)]::[(SaveL, recVal Fields)]::EE) [].
search 20.
NEq: assert X = SaveL -> false.
intros E. case E. apply fresh_name_not_mem to Fr _.
assert <evalStmt {P}> FE ([(X, Hd)]::[(SaveL, recVal Fields)]::EE)
(assign SaveL (tail (name SaveL)))
([(X, Hd)]::[(SaveL, Tl)]::EE) []. search 20.
IsSaveL: apply fresh_name_is to _ Fr.
IsHd: apply lookup_is_value to _ IL3.
IsTl: apply lookup_is_value to _ IL5. IsEE: case IsEE.
LenEE: apply length_exists_list_pair_string_value to IsEE1.
rename N1 to Len. Acc': case Acc (keep).
NNS: assert newNameScopes [[(SaveL, Tl)]] Len
([(SaveL, Tl)]::EE) EE.
unfold. exists 1, [SaveL], Names. split. search. search. search.
search. search. intros ML MN. ML: case ML.
apply fresh_name_not_mem to Fr _.
case ML.
Ev: apply evalStmt_newNameScopes_exists_ES to _ _ _ _ IL4 NNS.
apply ext_size_is_int_iterateList to IL.
LN: apply lt_plus_one to Plus _.
EvP: assert <evalStmt {P}> FE ([(X, Hd)]::([(SaveL, Tl)]::EE)) Body
EE_A' O2.
apply ext_size_is_int_evalStmt to IL4.
apply ext_size_pos_evalStmt to IL4.
apply ext_size_pos_iterateList to IL6.
Or: apply lt_left to IL1 _ _. L: case Or.
L': apply less_integer_transitive to L LN.
A2: apply Acc' to _ L'. apply IH3 to Ev A2 _ _ _. search.
A2: apply Acc' to _ LN. apply IH3 to Ev A2 _ _ _. search.
Ev': apply drop_ext_size_evalStmt to Ev.
EvB: apply drop_ext_size_evalStmt to IL4.
Eq: assert EE_A' = Scope::[(SaveL, Tl)]::EE3.
NNS+: apply evalStmt_newNameScopes to _ _ _ _ Ev' EvB NNS.
NNS+: case NNS+.
IsLen: apply length_is to LenEE.
P: apply plus_integer_total to _ IsLen with N1 = 1.
LenEE+: assert length ([(X, Hd)]::EE) N4.
LenEE3+: apply evalStmt_keep_scopes to _ _ _ EvB LenEE+.
apply length_unique to LenEE3+ NNS+.
L: apply lt_plus_one to P _. apply less_integer_not_eq to L.
NNS+: case NNS+.
Take: case NNS+2. case Take1. compute Take.
Drop: case NNS+1. apply drop_is_integer to Drop1.
apply plus_integer_unique_addend to _ _ _ Take Drop.
Eq: assert L = EE3.
Drop': case Drop1. search.
GEq: apply drop_geq_0 to Drop'1. P: assert 1 + -1 = 0.
apply drop_is_integer to Drop'1.
apply plus_integer_unique_addend to _ _ _ P Drop'.
LEq: case GEq. case LEq.
case Eq. search.
IsLen: apply length_is to LenEE.
P: apply plus_integer_total to _ IsLen with N1 = 1.
LenEE+: assert length ([(X, Hd)]::EE) N1.
LenBR++: apply evalStmt_keep_scopes to _ _ _ EvB LenEE+.
LenBR+: case LenBR++. apply length_is to LenBR+.
LenBR: case LenBR+. apply length_is to LenBR.
LEq: apply newNameScopes_length to NNS+ LenBR.
apply plus_integer_unique_addend to _ _ _ P LenBR+1.
L: apply lt_plus_one to LenBR1 _.
apply less_lesseq_flip_false to L LEq.
case Eq. Is': apply evalStmt_isCtx to _ _ _ Ev'. Is': case Is'.
IsN3: apply ext_size_is_int_iterateList to IL6.
apply ext_size_pos_iterateList to IL6.
P: apply plus_integer_total to _ IsN3 with N1 = 1.
apply lesseq_integer__add_positive to _ _ P with Base = 0.
apply ext_size_pos_evalStmt to IL4.
Is'': case Is'1. N: apply names_exists to Is''1.
apply names_is to _ N.
Fr': apply fresh_name_exists to _ _ with Base = "L", Names = X::N4.
NS: apply evalStmt_names_same to _ _ _ EvB.
apply fresh_name_unique_mems to Fr' Fr _ _.
intros M. M: case M. search.
apply names_same_names to NS Names N M. search.
intros M. M: case M. search.
NS': apply names_same_symmetric to NS.
apply names_same_names to NS' N Names M. search.
Or: apply lt_right to IL1 _ _ _. L: case Or.
LEq: apply less_integer_step_lesseq to _ _ L P.
Or: apply lesseq_integer_less_or_eq to LEq. L': case Or.
L'': apply less_integer_transitive to L' LN.
A: apply Acc' to _ L''.
apply IH_IL_W to _ _ _ _ _ IL6 P A N Fr'. search.
A: apply Acc' to _ LN.
apply IH_IL_W to _ _ _ _ _ IL6 P A N Fr'. search.
apply IH_IL_W to _ _ _ _ _ IL6 Plus Acc N Fr'. search.
Prove exactEval:host:paramName_unique.
Prove_Constraint exactEval:host:proj_paramName_forward.
Prove_Constraint exactEval:host:proj_paramName_back.
Prove exactEval:host:getFunEvalInfo_unique.
Prove_Constraint exactEval:host:proj_getFunEvalInfo_forward.
Prove_Constraint exactEval:host:proj_getFunEvalInfo_back.
Prove exactEval:host:evalProgram_unique.
Prove_Constraint exactEval:host:proj_evalProgram_forward.
Prove_Constraint exactEval:host:proj_evalProgram_back.
Theorem listIndex_typePres : forall L Ty I V,
valueType L (listTy Ty) -> listIndex L I V -> valueType V Ty. [Show Proof]
Theorem updateListIndex_typePres : forall L Ty I V Out,
valueType L (listTy Ty) -> valueType V Ty ->
updateListIndex L I V Out -> valueType Out (listTy Ty). [Show Proof]
Prove exactEval:host:evalExpr_typePres_ctx,
exactEval:host:evalExpr_typePres,
exactEval:host:evalStmt_typePres,
exactEval:host:evalArgs_typePres_Ctx,
exactEval:host:evalArgs_typePres,
exactEval:host:evalRecFields_typePres_Ctx,
exactEval:host:evalRecFields_typePres
with
iterateList_typePres : forall V X Body FT ET Ty Sc ET' FE EE EE' O,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFT : is_list (is_pair is_string
(is_pair is_typ (is_list is_typ))) FT ->
IsET : is_list (is_list (is_pair is_string is_typ)) ET ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value)) EE ->
Ty : stmtOK FT ([(X, Ty)]::ET) Body (Sc::ET') ->
VTy : valueType V (listTy Ty) ->
IsTy : is_typ Ty ->
IL : iterateList FE EE V X Body EE' O ->
Funs : (forall F RetTy ArgTys ArgNames Body RetVar RVVal,
lookup FT F (RetTy, ArgTys) ->
lookup FE F (RetVar, RVVal, ArgNames, Body) ->
exists Scope TyEnv',
zip ArgNames ArgTys Scope /\
valueType RVVal RetTy /\
stmtOK FT [((RetVar, RetTy)::Scope)] Body TyEnv') ->
Ctxs : related_all_scopes ET EE ->
related_all_scopes ET' EE'
on IL as IH_IL. [Show Proof]
Prove exactEval:host:paramTy_paramName_same.
Prove exactEval:host:funOK_getFunEvalInfo_related.
Prove exactEval:host:evalExpr_output_forms,
exactEval:host:evalStmt_output_forms,
exactEval:host:evalArgs_output_forms,
exactEval:host:evalRecFields_output_forms
with
iterateList_output_forms : forall V X Body FE EE EE' O,
IsV : is_value V ->
IsX : is_string X ->
IsBody : is_stmt Body ->
IsFE : is_list (is_pair is_string
(is_pair is_string
(is_pair is_value
(is_pair (is_list is_string) is_stmt)))) FE ->
IsEE : is_list (is_list (is_pair is_string is_value)) EE ->
IL : iterateList FE EE V X Body EE' O ->
output_forms O
on IL as IH_IL. [Show Proof]
Prove exactEval:host:evalProgram_output_forms.
Prove exactEval:host:paramName_exists.
Prove exactEval:host:getFunEvalInfo_exists.
