Mercurial > hg > Members > ryokka > HoareLogic
annotate whileTestGears.agda @ 81:0122f980427c
clean up
| author | Shinji KONO <kono@ie.u-ryukyu.ac.jp> |
|---|---|
| date | Thu, 02 Jan 2020 15:33:49 +0900 |
| parents | 148feaa1e346 |
| children | 33a6fd61c3e6 |
| rev | line source |
|---|---|
| 4 | 1 module whileTestGears where |
| 2 | |
| 3 open import Function | |
| 4 open import Data.Nat | |
| 34 | 5 open import Data.Bool hiding ( _≟_ ; _≤?_ ; _≤_ ; _<_) |
| 62 | 6 open import Data.Product |
| 4 | 7 open import Level renaming ( suc to succ ; zero to Zero ) |
| 8 open import Relation.Nullary using (¬_; Dec; yes; no) | |
| 9 open import Relation.Binary.PropositionalEquality | |
| 62 | 10 open import Agda.Builtin.Unit |
| 4 | 11 |
| 10 | 12 open import utilities |
| 13 open _/\_ | |
| 4 | 14 |
| 81 | 15 -- original codeGear (with non terminatinng ) |
| 16 | |
| 42 | 17 record Env : Set (succ Zero) where |
| 6 | 18 field |
| 19 varn : ℕ | |
| 20 vari : ℕ | |
| 42 | 21 open Env |
| 6 | 22 |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
23 whileTest : {l : Level} {t : Set l} → (c10 : ℕ) → (Code : Env → t) → t |
|
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
24 whileTest c10 next = next (record {varn = c10 ; vari = 0 } ) |
| 4 | 25 |
| 26 {-# TERMINATING #-} | |
| 33 | 27 whileLoop : {l : Level} {t : Set l} → Env → (Code : Env → t) → t |
| 4 | 28 whileLoop env next with lt 0 (varn env) |
| 29 whileLoop env next | false = next env | |
| 30 whileLoop env next | true = | |
| 42 | 31 whileLoop (record env {varn = (varn env) - 1 ; vari = (vari env) + 1}) next |
| 4 | 32 |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
33 test1 : Env |
|
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
34 test1 = whileTest 10 (λ env → whileLoop env (λ env1 → env1 )) |
| 4 | 35 |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
36 proof1 : whileTest 10 (λ env → whileLoop env (λ e → (vari e) ≡ 10 )) |
|
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
37 proof1 = refl |
| 4 | 38 |
| 81 | 39 -- codeGear with pre-condtion and post-condition |
| 40 -- | |
| 16 | 41 -- ↓PostCondition |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
42 whileTest' : {l : Level} {t : Set l} → {c10 : ℕ } → (Code : (env : Env ) → ((vari env) ≡ 0) /\ ((varn env) ≡ c10) → t) → t |
|
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
43 whileTest' {_} {_} {c10} next = next env proof2 |
| 4 | 44 where |
| 42 | 45 env : Env |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
46 env = record {vari = 0 ; varn = c10 } |
| 16 | 47 proof2 : ((vari env) ≡ 0) /\ ((varn env) ≡ c10) -- PostCondition |
| 4 | 48 proof2 = record {pi1 = refl ; pi2 = refl} |
| 11 | 49 |
| 50 open import Data.Empty | |
| 51 open import Data.Nat.Properties | |
| 52 | |
| 53 | |
| 16 | 54 {-# TERMINATING #-} -- ↓PreCondition(Invaliant) |
| 42 | 55 whileLoop' : {l : Level} {t : Set l} → (env : Env ) → {c10 : ℕ } → ((varn env) + (vari env) ≡ c10) → (Code : Env → t) → t |
| 9 | 56 whileLoop' env proof next with ( suc zero ≤? (varn env) ) |
| 57 whileLoop' env proof next | no p = next env | |
| 14 | 58 whileLoop' env {c10} proof next | yes p = whileLoop' env1 (proof3 p ) next |
| 4 | 59 where |
| 42 | 60 env1 = record env {varn = (varn env) - 1 ; vari = (vari env) + 1} |
| 11 | 61 1<0 : 1 ≤ zero → ⊥ |
| 62 1<0 () | |
| 14 | 63 proof3 : (suc zero ≤ (varn env)) → varn env1 + vari env1 ≡ c10 |
| 47 | 64 proof3 (s≤s lt) with varn env |
| 65 proof3 (s≤s z≤n) | zero = ⊥-elim (1<0 p) | |
| 66 proof3 (s≤s (z≤n {n'}) ) | suc n = let open ≡-Reasoning in | |
| 67 begin | |
| 68 n' + (vari env + 1) | |
| 69 ≡⟨ cong ( λ z → n' + z ) ( +-sym {vari env} {1} ) ⟩ | |
| 70 n' + (1 + vari env ) | |
| 71 ≡⟨ sym ( +-assoc (n') 1 (vari env) ) ⟩ | |
| 72 (n' + 1) + vari env | |
| 73 ≡⟨ cong ( λ z → z + vari env ) +1≡suc ⟩ | |
| 74 (suc n' ) + vari env | |
| 75 ≡⟨⟩ | |
| 76 varn env + vari env | |
| 77 ≡⟨ proof ⟩ | |
| 78 c10 | |
| 79 ∎ | |
| 6 | 80 |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
81 -- Condition to Invariant |
| 42 | 82 conversion1 : {l : Level} {t : Set l } → (env : Env ) → {c10 : ℕ } → ((vari env) ≡ 0) /\ ((varn env) ≡ c10) |
| 83 → (Code : (env1 : Env ) → (varn env1 + vari env1 ≡ c10) → t) → t | |
| 14 | 84 conversion1 env {c10} p1 next = next env proof4 |
| 6 | 85 where |
| 14 | 86 proof4 : varn env + vari env ≡ c10 |
| 6 | 87 proof4 = let open ≡-Reasoning in |
| 88 begin | |
| 89 varn env + vari env | |
| 90 ≡⟨ cong ( λ n → n + vari env ) (pi2 p1 ) ⟩ | |
| 14 | 91 c10 + vari env |
| 92 ≡⟨ cong ( λ n → c10 + n ) (pi1 p1 ) ⟩ | |
| 93 c10 + 0 | |
| 94 ≡⟨ +-sym {c10} {0} ⟩ | |
| 95 c10 | |
| 6 | 96 ∎ |
| 4 | 97 |
| 81 | 98 -- all proofs are connected |
|
46
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
99 proofGears : {c10 : ℕ } → Set |
|
8bf82026e4fe
simplified env with state condition
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
43
diff
changeset
|
100 proofGears {c10} = whileTest' {_} {_} {c10} (λ n p1 → conversion1 n p1 (λ n1 p2 → whileLoop' n1 p2 (λ n2 → ( vari n2 ≡ c10 )))) |
| 9 | 101 |
| 81 | 102 -- but we cannot prove the soundness of the last condition |
| 103 -- | |
| 49 | 104 -- proofGearsMeta : {c10 : ℕ } → proofGears {c10} |
| 105 -- proofGearsMeta {c10} = {!!} -- net yet done | |
| 43 | 106 |
| 41 | 107 -- |
| 81 | 108 -- codeGear with loop step and closed environment |
| 41 | 109 -- |
| 110 | |
| 111 open import Relation.Binary | |
| 112 | |
| 53 | 113 record Envc : Set (succ Zero) where |
| 114 field | |
| 115 c10 : ℕ | |
| 116 varn : ℕ | |
| 117 vari : ℕ | |
| 71 | 118 open Envc |
| 49 | 119 |
| 53 | 120 whileTestP : {l : Level} {t : Set l} → (c10 : ℕ) → (Code : Envc → t) → t |
| 121 whileTestP c10 next = next (record {varn = c10 ; vari = 0 ; c10 = c10 } ) | |
| 122 | |
| 123 whileLoopP : {l : Level} {t : Set l} → Envc → (next : Envc → t) → (exit : Envc → t) → t | |
| 49 | 124 whileLoopP env next exit with <-cmp 0 (varn env) |
| 125 whileLoopP env next exit | tri≈ ¬a b ¬c = exit env | |
| 71 | 126 whileLoopP env next exit | tri< a ¬b ¬c = |
| 127 next (record env {varn = (varn env) - 1 ; vari = (vari env) + 1 }) | |
| 128 | |
| 81 | 129 -- equivalent of whileLoopP but it looks like an induction on varn |
| 71 | 130 whileLoopP' : {l : Level} {t : Set l} → Envc → (next : Envc → t) → (exit : Envc → t) → t |
| 79 | 131 whileLoopP' env@record { c10 = c10 ; varn = zero ; vari = vari } _ exit = exit env |
| 132 whileLoopP' record { c10 = c10 ; varn = suc varn1 ; vari = vari } next _ = next (record {c10 = c10 ; varn = varn1 ; vari = suc vari }) | |
| 71 | 133 |
| 81 | 134 -- normal loop without termination |
| 49 | 135 {-# TERMINATING #-} |
| 53 | 136 loopP : {l : Level} {t : Set l} → Envc → (exit : Envc → t) → t |
| 49 | 137 loopP env exit = whileLoopP env (λ env → loopP env exit ) exit |
| 138 | |
| 53 | 139 whileTestPCall : (c10 : ℕ ) → Envc |
| 140 whileTestPCall c10 = whileTestP {_} {_} c10 (λ env → loopP env (λ env → env)) | |
|
30
dd66b94bf365
loop causes agda inifinite loop
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
29
diff
changeset
|
141 |
| 81 | 142 -- |
| 143 -- codeGears with states of condition | |
| 144 -- | |
| 53 | 145 data whileTestState : Set where |
| 146 s1 : whileTestState | |
| 147 s2 : whileTestState | |
| 148 sf : whileTestState | |
| 49 | 149 |
| 53 | 150 whileTestStateP : whileTestState → Envc → Set |
| 151 whileTestStateP s1 env = (vari env ≡ 0) /\ (varn env ≡ c10 env) | |
| 152 whileTestStateP s2 env = (varn env + vari env ≡ c10 env) | |
| 153 whileTestStateP sf env = (vari env ≡ c10 env) | |
| 50 | 154 |
| 53 | 155 whileTestPwP : {l : Level} {t : Set l} → (c10 : ℕ) → ((env : Envc ) → whileTestStateP s1 env → t) → t |
| 156 whileTestPwP c10 next = next env record { pi1 = refl ; pi2 = refl } where | |
| 157 env : Envc | |
| 158 env = whileTestP c10 ( λ env → env ) | |
| 50 | 159 |
| 56 | 160 whileLoopPwP : {l : Level} {t : Set l} → (env : Envc ) → whileTestStateP s2 env |
| 53 | 161 → (next : (env : Envc ) → whileTestStateP s2 env → t) |
| 162 → (exit : (env : Envc ) → whileTestStateP sf env → t) → t | |
| 54 | 163 whileLoopPwP env s next exit with <-cmp 0 (varn env) |
| 55 | 164 whileLoopPwP env s next exit | tri≈ ¬a b ¬c = exit env (lem (sym b) s) |
| 165 where | |
| 166 lem : (varn env ≡ 0) → (varn env + vari env ≡ c10 env) → vari env ≡ c10 env | |
| 167 lem p1 p2 rewrite p1 = p2 | |
| 56 | 168 whileLoopPwP env s next exit | tri< a ¬b ¬c = next (record env {varn = (varn env) - 1 ; vari = (vari env) + 1 }) (proof5 a) |
| 169 where | |
| 170 1<0 : 1 ≤ zero → ⊥ | |
| 171 1<0 () | |
| 172 proof5 : (suc zero ≤ (varn env)) → (varn env - 1) + (vari env + 1) ≡ c10 env | |
| 173 proof5 (s≤s lt) with varn env | |
| 174 proof5 (s≤s z≤n) | zero = ⊥-elim (1<0 a) | |
| 175 proof5 (s≤s (z≤n {n'}) ) | suc n = let open ≡-Reasoning in | |
| 176 begin | |
| 177 n' + (vari env + 1) | |
| 178 ≡⟨ cong ( λ z → n' + z ) ( +-sym {vari env} {1} ) ⟩ | |
| 179 n' + (1 + vari env ) | |
| 180 ≡⟨ sym ( +-assoc (n') 1 (vari env) ) ⟩ | |
| 181 (n' + 1) + vari env | |
| 182 ≡⟨ cong ( λ z → z + vari env ) +1≡suc ⟩ | |
| 183 (suc n' ) + vari env | |
| 184 ≡⟨⟩ | |
| 185 varn env + vari env | |
| 186 ≡⟨ s ⟩ | |
| 187 c10 env | |
| 188 ∎ | |
| 51 | 189 |
| 81 | 190 {-# TERMINATING #-} |
| 191 loopPwP : {l : Level} {t : Set l} → (env : Envc ) → whileTestStateP s2 env → (exit : (env : Envc ) → whileTestStateP sf env → t) → t | |
| 192 loopPwP env s exit = whileLoopPwP env s (λ env s → loopPwP env s exit ) exit | |
| 193 | |
| 194 -- all codtions are correctly connected and required condtion is proved in the continuation | |
| 195 -- use required condition as t in (env → t) → t | |
| 196 whileTestPCallwP : (c : ℕ ) → Set | |
| 197 whileTestPCallwP c = whileTestPwP {_} {_} c ( λ env s → loopPwP env (conv env s) ( λ env s → vari env ≡ c ) ) where | |
| 198 conv : (env : Envc ) → (vari env ≡ 0) /\ (varn env ≡ c10 env) → varn env + vari env ≡ c10 env | |
| 199 conv e record { pi1 = refl ; pi2 = refl } = +zero | |
| 200 | |
| 201 -- | |
| 202 -- Using imply relation to make soundness explicit | |
| 203 -- termination is shown by induction on varn | |
| 204 -- | |
| 205 | |
| 66 | 206 data _implies_ (A B : Set ) : Set (succ Zero) where |
| 207 proof : ( A → B ) → A implies B | |
| 208 | |
| 209 implies2p : {A B : Set } → A implies B → A → B | |
| 210 implies2p (proof x) = x | |
| 211 | |
| 68 | 212 whileTestPSem : (c : ℕ) → whileTestP c ( λ env → ⊤ implies (whileTestStateP s1 env) ) |
| 213 whileTestPSem c = proof ( λ _ → record { pi1 = refl ; pi2 = refl } ) | |
| 64 | 214 |
| 67 | 215 SemGears : (f : {l : Level } {t : Set l } → (e0 : Envc ) → ((e : Envc) → t) → t ) → Set (succ Zero) |
| 216 SemGears f = Envc → Envc → Set | |
| 217 | |
| 68 | 218 GearsUnitSound : (e0 e1 : Envc) {pre : Envc → Set} {post : Envc → Set} |
| 219 → (f : {l : Level } {t : Set l } → (e0 : Envc ) → (Envc → t) → t ) | |
| 220 → (fsem : (e0 : Envc ) → f e0 ( λ e1 → (pre e0) implies (post e1))) | |
| 221 → f e0 (λ e1 → pre e0 implies post e1) | |
| 69 | 222 GearsUnitSound e0 e1 f fsem = fsem e0 |
| 223 | |
| 224 whileTestPSemSound : (c : ℕ ) (output : Envc ) → output ≡ whileTestP c (λ e → e) → ⊤ implies ((vari output ≡ 0) /\ (varn output ≡ c)) | |
| 71 | 225 whileTestPSemSound c output refl = whileTestPSem c |
| 64 | 226 |
| 81 | 227 loopPP : (n : ℕ) → (input : Envc ) → (n ≡ varn input) → Envc |
| 228 loopPP zero input refl = input | |
| 229 loopPP (suc n) input refl = | |
| 230 loopPP n (record input { varn = pred (varn input) ; vari = suc (vari input)}) refl | |
| 231 | |
| 69 | 232 whileLoopPSem : {l : Level} {t : Set l} → (input : Envc ) → whileTestStateP s2 input |
| 72 | 233 → (next : (output : Envc ) → (whileTestStateP s2 input ) implies (whileTestStateP s2 output) → t) |
| 234 → (exit : (output : Envc ) → (whileTestStateP s2 input ) implies (whileTestStateP sf output) → t) → t | |
| 81 | 235 whileLoopPSem env s next exit with varn env | s |
| 236 ... | zero | _ = exit env (proof (λ z → z)) | |
| 237 ... | (suc varn ) | refl = next ( record env { varn = varn ; vari = suc (vari env) } ) (proof λ x → +-suc varn (vari env) ) | |
| 79 | 238 |
| 81 | 239 loopPPSem : (input output : Envc ) → output ≡ loopPP (varn input) input refl |
| 74 | 240 → (whileTestStateP s2 input ) → (whileTestStateP s2 input ) implies (whileTestStateP sf output) |
| 79 | 241 loopPPSem input output refl s2p = loopPPSemInduct (varn input) input refl refl s2p |
| 73 | 242 where |
| 80 | 243 lem : (n : ℕ) → (env : Envc) → n + suc (vari env) ≡ suc (n + vari env) |
| 244 lem n env = +-suc (n) (vari env) | |
| 81 | 245 loopPPSemInduct : (n : ℕ) → (current : Envc) → (eq : n ≡ varn current) → (loopeq : output ≡ loopPP n current eq) |
| 75 | 246 → (whileTestStateP s2 current ) → (whileTestStateP s2 current ) implies (whileTestStateP sf output) |
| 81 | 247 loopPPSemInduct zero current refl loopeq refl rewrite loopeq = proof (λ x → refl) |
| 248 loopPPSemInduct (suc n) current refl loopeq refl rewrite (sym (lem n current)) = | |
| 249 whileLoopPSem current refl | |
| 250 (λ output x → loopPPSemInduct n (record { c10 = n + suc (vari current) ; varn = n ; vari = suc (vari current) }) refl loopeq refl) | |
| 251 (λ output x → loopPPSemInduct n (record { c10 = n + suc (vari current) ; varn = n ; vari = suc (vari current) }) refl loopeq refl) | |
| 72 | 252 |
| 79 | 253 whileLoopPSemSound : {l : Level} → (input output : Envc ) |
| 69 | 254 → whileTestStateP s2 input |
| 81 | 255 → output ≡ loopPP (varn input) input refl |
| 69 | 256 → (whileTestStateP s2 input ) implies ( whileTestStateP sf output ) |
| 79 | 257 whileLoopPSemSound {l} input output pre eq = loopPPSem input output eq pre |
| 73 | 258 |