pl/frap
1
0
Fork 0
mirror of https://github.com/achlipala/frap.git synced 2025-02-26 03:22:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

OperationalSemantics: a model-checking example

Browse source
This commit is contained in:
Adam Chlipala 2016-02-21 13:39:22 -05:00
parent f67d9b5e32
commit 6e0b98c8b4
2 changed files with 25 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Frap.v
View file

@ -107,10 +107,10 @@ Ltac singletoner :=
Ltac model_check_step := Ltac model_check_step :=
eapply MscStep; [ eapply MscStep; [
repeat ((apply oneStepClosure_empty; simplify) repeat (apply oneStepClosure_empty
|| (apply oneStepClosure_split; [ simplify; || (apply oneStepClosure_split; [ simplify;
repeat match goal with repeat match goal with
| [ H : _ |- _ ] => invert H; try congruence | [ H : _ |- _ ] => invert H; simplify; try congruence
end; solve [ singletoner ] | ])) end; solve [ singletoner ] | ]))
| simplify ]. | simplify ].

27
OperationalSemantics.v
View file

@ -36,15 +36,15 @@ Infix "-" := Minus : arith_scope.
Infix "*" := Times : arith_scope. Infix "*" := Times : arith_scope.
Delimit Scope arith_scope with arith. Delimit Scope arith_scope with arith.
Notation "x <- e" := (Assign x e%arith) (at level 75). Notation "x <- e" := (Assign x e%arith) (at level 75).
Infix ";" := Sequence (at level 76). Infix ";;" := Sequence (at level 76). (* This one changed slightly, to avoid parsing clashes. *)
Notation "'when' e 'do' then_ 'else' else_ 'done'" := (If e%arith then_ else_) (at level 75, e at level 0). Notation "'when' e 'do' then_ 'else' else_ 'done'" := (If e%arith then_ else_) (at level 75, e at level 0).
Notation "'while' e 'do' body 'done'" := (While e%arith body) (at level 75). Notation "'while' e 'do' body 'done'" := (While e%arith body) (at level 75).
(* Here's an adaptation of our factorial example from Chapter 3. *) (* Here's an adaptation of our factorial example from Chapter 3. *)
Example factorial := Example factorial :=
"output" <- 1; "output" <- 1;;
while "input" do while "input" do
"output" <- "output" * "input"; "output" <- "output" * "input";;
"input" <- "input" - 1 "input" <- "input" - 1
done. done.
@ -160,7 +160,7 @@ Fixpoint fact (n : nat) : nat :=
Example factorial_loop := Example factorial_loop :=
while "input" do while "input" do
"output" <- "output" * "input"; "output" <- "output" * "input";;
"input" <- "input" - 1 "input" <- "input" - 1
done. done.
@ -497,3 +497,22 @@ Theorem small_big_snazzy : forall v c v', step^* (v, c) (v', Skip)
Proof. Proof.
eauto. eauto.
Qed. Qed.
(** * Small-step semantics gives rise to transition systems. *)
Definition trsys_of (v : valuation) (c : cmd) : trsys (valuation * cmd) := {|
Initial := {(v, c)};
Step := step
|}.
Theorem simple_invariant :
invariantFor (trsys_of ($0 $+ ("a", 1)) ("b" <- "a" + 1;; "c" <- "b" + "b"))
(fun s => snd s = Skip -> fst s $? "c" = Some 4).
Proof.
model_check.
Qed.
(* We'll return to these systems and their abstractions in the next few
* chapters. *)