Mercurial > hg > Members > ryokka > HoareLogic

annotate Readme.md @ 98:2d2b0b06945b default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
simplfied version
author Shinji KONO <kono@ie.u-ryukyu.ac.jp>
date Sat, 08 Apr 2023 17:00:53 +0900
parents e152d7afbb58
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
96
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
1 -title: Hoare Logic
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
2
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
3 -- files
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
4
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
5 Hoare.agda Hoare logic data structre
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
6 HoareSoundness.agda Hoare logic soundness
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
7 RelOp.agda Set theoretic operation
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
8 whileTestPrim.agda definition of simple program and conditions as a Hoare logic command
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
9 whileTestPrimProof.agda proof using HoareSoundness
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
10
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
11 whileTestGears.agda Gears form of proof
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
12 simple.agda
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
13 utilities.agda
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
14
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
15 -- Hoare logic Programm commands
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
16
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
17 data Comm : Set where
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
18 Skip : Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
19 Abort : Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
20 PComm : PrimComm -> Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
21 Seq : Comm -> Comm -> Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
22 If : Cond -> Comm -> Comm -> Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
23 While : Cond -> Comm -> Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
24
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
25 -- Example
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
26
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
27 record Env : Set where
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
28 field
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
29 varn : ℕ
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
30 vari : ℕ
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
31
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
32 program : ℕ → Comm
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
33 program c10 =
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
34 Seq ( PComm (λ env → record env {varn = c10})) --- n = c10 ;
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
35 $ Seq ( PComm (λ env → record env {vari = 0})) --- i = 0 ;
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
36 $ While (λ env → lt zero (varn env ) ) --- while ( 0 < n ) {
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
37 (Seq (PComm (λ env → record env {vari = ((vari env) + 1)} )) --- i = i + 1
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
38 $ PComm (λ env → record env {varn = ((varn env) - 1)} )) --- n = n - 1 }
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
39
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
40 This is a syntax tree of a program.
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
41
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
42 -- Interpretation of the example
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
43
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
44 {-# TERMINATING #-}
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
45 interpret : Env → Comm → Env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
46 interpret env Skip = env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
47 interpret env Abort = env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
48 interpret env (PComm x) = x env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
49 interpret env (Seq comm comm1) = interpret (interpret env comm) comm1
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
50 interpret env (If x then else) with x env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
51 ... | true = interpret env then
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
52 ... | false = interpret env else
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
53 interpret env (While x comm) with x env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
54 ... | true = interpret (interpret env comm) (While x comm)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
55 ... | false = env
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
56
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
57 -- Hoare logic Programm commands with Post and Pre conditions
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
58
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
59 A syntax tree of a program with conditions.
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
60
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
61 data HTProof : Cond -> Comm -> Cond -> Set where
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
62 PrimRule : {bPre : Cond} -> {pcm : PrimComm} -> {bPost : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
63 (pr : Axiom bPre pcm bPost) ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
64 HTProof bPre (PComm pcm) bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
65 SkipRule : (b : Cond) -> HTProof b Skip b
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
66 AbortRule : (bPre : Cond) -> (bPost : Cond) ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
67 HTProof bPre Abort bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
68 WeakeningRule : {bPre : Cond} -> {bPre' : Cond} -> {cm : Comm} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
69 {bPost' : Cond} -> {bPost : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
70 Tautology bPre bPre' ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
71 HTProof bPre' cm bPost' ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
72 Tautology bPost' bPost ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
73 HTProof bPre cm bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
74 SeqRule : {bPre : Cond} -> {cm1 : Comm} -> {bMid : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
75 {cm2 : Comm} -> {bPost : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
76 HTProof bPre cm1 bMid ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
77 HTProof bMid cm2 bPost ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
78 HTProof bPre (Seq cm1 cm2) bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
79 IfRule : {cmThen : Comm} -> {cmElse : Comm} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
80 {bPre : Cond} -> {bPost : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
81 {b : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
82 HTProof (bPre and b) cmThen bPost ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
83 HTProof (bPre and neg b) cmElse bPost ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
84 HTProof bPre (If b cmThen cmElse) bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
85 WhileRule : {cm : Comm} -> {bInv : Cond} -> {b : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
86 HTProof (bInv and b) cm bInv ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
87 HTProof bInv (While b cm) (bInv and neg b)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
88
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
89 -- Example of proposition
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
90
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
91 proof1 : (c10 : ℕ) → HTProof initCond (program c10 ) (termCond {c10})
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
92 proof1 c10 =
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
93 SeqRule {λ e → true} ( PrimRule (init-case {c10} ))
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
94 $ SeqRule {λ e → Equal (varn e) c10} ( PrimRule lemma1 )
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
95 $ WeakeningRule {λ e → (Equal (varn e) c10) ∧ (Equal (vari e) 0)} lemma2 (
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
96 WhileRule {_} {λ e → Equal ((varn e) + (vari e)) c10}
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
97 $ SeqRule (PrimRule {λ e → whileInv e ∧ lt zero (varn e) } lemma3 )
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
98 $ PrimRule {whileInv'} {_} {whileInv} lemma4 ) lemma5
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
99
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
100 This defines a connected sequence of conditions.
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
101
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
102 -- Semantics of commands
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
103
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
104 SemComm : Comm -> Rel State (Level.zero)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
105 SemComm Skip = RelOpState.deltaGlob
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
106 SemComm Abort = RelOpState.emptyRel
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
107 SemComm (PComm pc) = PrimSemComm pc
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
108 SemComm (Seq c1 c2) = RelOpState.comp (SemComm c1) (SemComm c2)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
109 SemComm (If b c1 c2)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
110 = RelOpState.union
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
111 (RelOpState.comp (RelOpState.delta (SemCond b))
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
112 (SemComm c1))
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
113 (RelOpState.comp (RelOpState.delta (NotP (SemCond b)))
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
114 (SemComm c2))
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
115 SemComm (While b c)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
116 = RelOpState.unionInf
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
117 (λ (n : ℕ) ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
118 RelOpState.comp (RelOpState.repeat n
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
119 (RelOpState.comp (RelOpState.delta (SemCond b)) (SemComm c))) (RelOpState.delta (NotP (SemCond b))))
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
120
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
121 This defines a proposition of Hoare conditions. It is not proved yet.
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
122
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
123 The semantics of while-command is defined as any countable sequence of the body.
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
124
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
125 -- Soundness
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
126
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
127 Soundness : {bPre : Cond} -> {cm : Comm} -> {bPost : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
128 HTProof bPre cm bPost -> Satisfies bPre cm bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
129
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
130 The proof of the soundness of the semantics of HTProof.
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
131
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
132 -- An example of the soundness
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
133
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
134 proof1 : (c10 : ℕ) → HTProof initCond (program c10 ) (termCond {c10})
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
135
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
136 PrimSoundness : {bPre : Cond} -> {cm : Comm} -> {bPost : Cond} ->
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
137 HTProof bPre cm bPost -> Satisfies bPre cm bPost
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
138 PrimSoundness {bPre} {cm} {bPost} ht = Soundness ht
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
139
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
140 proofOfProgram : (c10 : ℕ) → (input output : Env )
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
141 → initCond input ≡ true
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
142 → (SemComm (program c10) input output)
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
143 → termCond {c10} output ≡ true
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
144 proofOfProgram c10 input output ic sem = PrimSoundness (proof1 c10) input output ic sem
e152d7afbb58 add readme
Shinji KONO <kono@ie.u-ryukyu.ac.jp>
parents:
diff changeset
145