frap/Invariant.v

Require Import Relations.


Definition invariantFor {state} (initial : state -> Prop) (step : state -> state -> Prop) (invariant : state -> Prop) :=
  forall s, initial s
            -> forall s', step^* s s'
                          -> invariant s'.

Theorem use_invariant : forall {state} (initial : state -> Prop)
  (step : state -> state -> Prop) (invariant : state -> Prop) s s',
  step^* s s'
  -> initial s
  -> invariantFor initial step invariant
  -> invariant s'.
Proof.
  firstorder.
Qed.

Theorem invariantFor_monotone : forall {state} (initial : state -> Prop)
  (step : state -> state -> Prop) (invariant1 invariant2 : state -> Prop),
  (forall s, invariant1 s -> invariant2 s)
  -> invariantFor initial step invariant1
  -> invariantFor initial step invariant2.
Proof.
  unfold invariantFor; intuition eauto.
Qed.

Theorem invariant_induction : forall {state} (initial : state -> Prop)
  (step : state -> state -> Prop) (invariant : state -> Prop),
  (forall s, initial s -> invariant s)
  -> (forall s, invariant s -> forall s', step s s' -> invariant s')
  -> invariantFor initial step invariant.
Proof.
  unfold invariantFor; intros.
  assert (invariant s) by eauto.
  clear H1.
  induction H2; eauto.
Qed.
Start of BasicSyntax code 2015-12-31 20:44:34 +00:00			`Require Import Relations.`


Start TransitionSystems code 2016-02-08 23:04:14 +00:00			`Definition invariantFor {state} (initial : state -> Prop) (step : state -> state -> Prop) (invariant : state -> Prop) :=`
			`forall s, initial s`
			`-> forall s', step^* s s'`
			`-> invariant s'.`

			`Theorem use_invariant : forall {state} (initial : state -> Prop)`
			`(step : state -> state -> Prop) (invariant : state -> Prop) s s',`
			`step^* s s'`
			`-> initial s`
			`-> invariantFor initial step invariant`
			`-> invariant s'.`
			`Proof.`
			`firstorder.`
			`Qed.`

			`Theorem invariantFor_monotone : forall {state} (initial : state -> Prop)`
			`(step : state -> state -> Prop) (invariant1 invariant2 : state -> Prop),`
			`(forall s, invariant1 s -> invariant2 s)`
			`-> invariantFor initial step invariant1`
			`-> invariantFor initial step invariant2.`
			`Proof.`
			`unfold invariantFor; intuition eauto.`
			`Qed.`

			`Theorem invariant_induction : forall {state} (initial : state -> Prop)`
			`(step : state -> state -> Prop) (invariant : state -> Prop),`
			`(forall s, initial s -> invariant s)`
			`-> (forall s, invariant s -> forall s', step s s' -> invariant s')`
			`-> invariantFor initial step invariant.`
			`Proof.`
			`unfold invariantFor; intros.`
			`assert (invariant s) by eauto.`
			`clear H1.`
			`induction H2; eauto.`
			`Qed.`