Extensibella Example: simple_imp:repeatWhile

Language Specification

File: repeatWhile.sos

Module simple_imp:repeatWhile

Builds on simple_imp:host

/*Add a repeat-while construct*/
c ::= ...
    | repeatWhile(c, e)


------------------------------------- [Proj-RepeatWhile]
|{c}- repeatWhile(Body, Cond) ~~>
         seq(Body, while(Cond, Body))



/*Evaluation*/

eval_c G Body G1
eval_e G1 Cond trueVal
eval_c G1 repeatWhile(Body, Cond) G2
------------------------------------ [E-RepeatWhileTrue]
eval_c G repeatWhile(Body, Cond) G2


eval_c G Body G1
eval_e G1 Cond falseVal
----------------------------------- [E-RepeatWhileFalse]
eval_c G repeatWhile(Body, Cond) G1



/*Typing*/

typeOK G Body GB
typeOf G E boolTy
---------------------------------- [T-RepeatWhile]
typeOK G repeatWhile(Body, Cond) G
/*body opens a new scope*/

Reasoning

[Show All Proofs] [Hide All Proofs] [Raw File]

Click on a command or tactic to see a detailed view of its use.

Module simple_imp:repeatWhile.


Prove_Constraint simple_imp:host:proj_e_unique.
Prove_Constraint simple_imp:host:proj_e_is.
Prove_Constraint simple_imp:host:proj_rf_unique.
Prove_Constraint simple_imp:host:proj_rf_is.


Prove_Constraint simple_imp:host:proj_c_unique. [Show Proof]

%repeatWhile
 case Hyp1. search.

Prove_Constraint simple_imp:host:proj_c_is. [Show Proof]

%repeatWhile
 case Hyp1. search.


Prove_Constraint simple_imp:host:proj_recFields_unique.
Prove_Constraint simple_imp:host:proj_recFields_is.
Prove_Constraint simple_imp:host:proj_ty_unique.
Prove_Constraint simple_imp:host:proj_ty_is.
Prove_Constraint simple_imp:host:proj_value_unique.
Prove_Constraint simple_imp:host:proj_value_is.


Prove simple_imp:host:vars_join,
      simple_imp:host:vars_rf_join.
Prove simple_imp:host:vars_unique,
      simple_imp:host:vars_rf_unique.


Prove_Constraint simple_imp:host:proj_e_vars_exist.
Prove_Constraint simple_imp:host:proj_e_vars.
Prove_Constraint simple_imp:host:proj_rf_vars_exist.
Prove_Constraint simple_imp:host:proj_rf_vars.


Prove simple_imp:host:vars_is,
      simple_imp:host:vars_rf_is.
Prove simple_imp:host:vars_exist,
      simple_imp:host:vars_rf_exist.


Prove simple_imp:host:typeOf_unique,
      simple_imp:host:typeRecFields_unique.


Prove simple_imp:host:typeOK_unique. [Show Proof]

%repeatWhile
 case Ty2. search.


Prove_Constraint simple_imp:host:proj_eval_e.


Prove simple_imp:host:eval_e_unique,
      simple_imp:host:eval_rf_unique.

Prove simple_imp:host:update_rec_fields_unique.


Theorem repeatWhile_projEval : forall G Body Cond G1,
    eval_c G (repeatWhile Body Cond) G1 ->
    exists G2, eval_c G (seq Body (while Cond Body)) G2. [Show Proof]

induction on 1. intros Ev. Ev: case Ev (keep).
%E-RepeatWhileTrue
 EvSeq: apply IH to Ev3. EvSeq: case EvSeq. search.
%E-RepeatWhileFalse
 search.

Prove_Constraint simple_imp:host:proj_c_eval. [Show Proof]

%repeatWhile
 apply repeatWhile_projEval to Hyp1. search.


Add_Ext_Size simple_imp:host:eval_c.
Add_Proj_Rel simple_imp:host:eval_c.


Theorem RW_to_SW: forall C B EG EG' N,
  <eval_c {ES}> EG (repeatWhile B C) EG' N ->
  exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N. [Show Proof]

induction on 1. intros EvalRep. Ev: case EvalRep.
  %E-RepeatWhileTrue
   SubSeq: apply IH to Ev4. EvSub: case SubSeq.
   IsN8: apply ext_size_is_int_eval_c to EvSub1.
   IsN9: apply ext_size_is_int_eval_c to EvSub2.
   IsN': apply plus_integer_is_integer to _ _ EvSub.
   IsN5: apply ext_size_is_int_eval_c to Ev2.
   N5+N': apply plus_integer_total to IsN5 IsN'.
   exists N6. split.
     %eval for the sequence
      search.
     %N10 < N1
      IsN6: apply ext_size_is_int_eval_c to Ev4.
      IsN7: apply plus_integer_is_integer to _ _ Ev1.
      LN7N1: apply lt_plus_one to Ev _.
      LN10N7: apply less_sums to N5+N' Ev1 _ _.
      apply less_integer_transitive to LN10N7 LN7N1. search.
  %E-RepeatWhileFalse
   IsN5: apply ext_size_is_int_eval_c to Ev1.
   LN5N1: apply lt_plus_one to Ev _.
   N5+0: apply plus_integer_total to IsN5 _ with N2 = 0.
   apply plus_zero_right to N5+0. search.


Prove_Ext_Ind simple_imp:host:eval_c. [Show Proof]

%E-RepeatWhileTrue
 Acc: case Acc. IsN2: apply ext_size_is_int_eval_c to R3.
 IsN3: apply ext_size_is_int_eval_c to R5.
 IsN4: apply plus_integer_is_integer to _ _ R2.
 PosN2: apply ext_size_pos_eval_c to R3.
 PosN3: apply ext_size_pos_eval_c to R5.
 LN4N: apply lt_plus_one to R1 _.
 LN2N: assert N2 < N.
    OrN2: apply lt_left to R2 _ _. L: case OrN2.
       apply less_integer_transitive to L LN4N. search.
       search.
 LN3N: assert N3 < N.
    OrN3: apply lt_right to R2 _ _ _. L: case OrN3.
       apply less_integer_transitive to L LN4N. search.
       search.
 AccN2: apply Acc to _ LN2N. AccN3: apply Acc to _ LN3N.
 EvalTBody: apply IH to R3 AccN2. EvalTRep: apply IH to R5 AccN3.
 Proj: assert |{c}- repeatWhile Body Cond ~~>
                    seq Body (while Cond Body).
 SW: apply RW_to_SW to R5.
 LN'N: apply less_integer_transitive to SW1 LN3N.
 L0N': apply ext_size_pos_eval_c to SW. AccN': apply Acc to _ LN'N.
 EvalTSeq: apply IH to SW AccN'. EvalTParts: case EvalTSeq.
 unfold. exists seq Body (while Cond Body), G2. search.
%E-RepeatWhileFalse
 Acc: case Acc. L0N2: apply ext_size_pos_eval_c to R2.
 IsN2: apply ext_size_is_int_eval_c to R2.
 LN2N: apply lt_plus_one to R1 _. AccN2: apply Acc to _ LN2N.
 EvalTBody: apply IH to R2 AccN2.
 Proj: assert |{c}- repeatWhile Body Cond ~~>
                    seq Body (while Cond Body). search 3.


Prove simple_imp:host:eval_c_unique. [Show Proof]

%E-RepeatWhileTrue
 Ev2: case Ev2.
   %E-RepeatWhileTrue for 2
    apply IH to Ev3 Ev2. apply IH to Ev5 Ev7. search.
   %E-RepeatWhileFalse for 2
    apply IH to Ev3 Ev2. apply eval_e_unique to Ev4 Ev6.
%E-RepeatWhileFalse
 Ev2: case Ev2.
   %E-RepeatWhileTrue for 2
    apply IH to Ev3 Ev2. apply eval_e_unique to Ev4 Ev5.
   %E-RepeatWhileFalse for 2
    apply IH to Ev3 Ev2. search.


Theorem repeatWhile_projSame : forall G Body Cond G1 G2,
    eval_c G (repeatWhile Body Cond) G1 ->
    eval_c G (seq Body (while Cond Body)) G2 ->
    G1 = G2. [Show Proof]

induction on 1. intros EvRW EvSW. EvRW: case EvRW (keep).
%E-RepeatWhileTrue
 EvSW: case EvSW. apply eval_c_unique to EvRW1 EvSW. EvW': case EvSW1.
   %E-WhileFalse
    apply eval_e_unique to EvRW2 EvW'.
   %E-WhileTrue
    EvSeq: assert eval_c G4 (seq Body (while Cond Body)) G2.
    apply IH to EvRW3 EvSeq. search.
%E-RepeatWhileFalse
 EvSW: case EvSW. apply eval_c_unique to EvRW1 EvSW. EvW: case EvSW1.
   %E-WhileFalse
    search.
   %E-WhileTrue
    apply eval_e_unique to EvRW2 EvW.

Prove_Constraint simple_imp:host:proj_c_eval_results. [Show Proof]

%repeatWhile
 apply repeatWhile_projSame to Hyp1 Hyp2. search.


Prove_Constraint simple_imp:host:proj_c_eval_results_back. [Show Proof]

%repeatWhile
 apply repeatWhile_projSame to Hyp1 Hyp2. search.


Prove simple_imp:host:vars_eval_same_result,
      simple_imp:host:vars_equal_rf_same_result.

Back to example home