pl/frap
1
0
Fork 0
mirror of https://github.com/achlipala/frap.git synced 2024-09-19 19:57:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of github.com:achlipala/frap

Browse source
This commit is contained in:
Adam Chlipala 2020-04-05 09:30:12 -04:00
commit 583605fded
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
HoareLogic.v
View file

@ -138,8 +138,10 @@ Inductive hoare_triple : assertion -> cmd -> assertion -> Prop :=
-> hoare_triple P' c Q'. -> hoare_triple P' c Q'.
(* Let's prove that the intuitive description given above really applies to this (* Let's prove that the intuitive description given above really applies to this
* predicate. First, a lemma, which is difficult to summarize intuitively! * predicate. First, a helper lemma which we will need in the main proof below.
* More or less precisely this obligation shows up in the main proof below. *) * It says that if the loop body preserves the invariant, and executing the loop
* terminates, then after executing the loop, the invariant still holds, and the
* loop condition is false. *)
Lemma hoare_triple_big_step_while: forall (I : assertion) b c, Lemma hoare_triple_big_step_while: forall (I : assertion) b c,
(forall h v h' v', exec h v c h' v' (forall h v h' v', exec h v c h' v'
-> I h v -> I h v