pl/frap
1
0
Fork 0
mirror of https://github.com/achlipala/frap.git synced 2024-09-19 19:57:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revising for Tuesday's lecture

Browse source
This commit is contained in:
Adam Chlipala 2022-02-20 12:02:38 -05:00
parent 23a0972d11
commit ddacd030e6
3 changed files with 4 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ModelChecking.v
View file

@ -290,7 +290,7 @@ Qed.
* states. Here is a definition of some tactics to do the work. * states. Here is a definition of some tactics to do the work.
* BEGIN CODE THAT WILL NOT BE EXPLAINED IN DETAIL! *) * BEGIN CODE THAT WILL NOT BE EXPLAINED IN DETAIL! *)
Hint Rewrite fact_init_is. Local Hint Rewrite fact_init_is.
Ltac model_check_done := Ltac model_check_done :=
apply MscDone; apply prove_oneStepClosure; simplify; propositional; subst; apply MscDone; apply prove_oneStepClosure; simplify; propositional; subst;
@ -607,7 +607,7 @@ Qed.
(* We ask Coq to remember this lemma as a hint, which will be used by the (* We ask Coq to remember this lemma as a hint, which will be used by the
* model-checking tactics that we refrain from explaining in detail. *) * model-checking tactics that we refrain from explaining in detail. *)
Hint Rewrite add2_init_is. Local Hint Rewrite add2_init_is.
(* Now, let's verify the original system. *) (* Now, let's verify the original system. *)
Theorem add2_ok : Theorem add2_ok :

4
ModelChecking_template.v
View file

@ -238,7 +238,7 @@ Qed.
(* BEGIN CODE THAT WILL NOT BE EXPLAINED IN DETAIL! *) (* BEGIN CODE THAT WILL NOT BE EXPLAINED IN DETAIL! *)
Hint Rewrite fact_init_is. Local Hint Rewrite fact_init_is.
Ltac model_check_done := Ltac model_check_done :=
apply MscDone; apply prove_oneStepClosure; simplify; propositional; subst; apply MscDone; apply prove_oneStepClosure; simplify; propositional; subst;
@ -508,7 +508,7 @@ Qed.
(* We ask Coq to remember this lemma as a hint, which will be used by the (* We ask Coq to remember this lemma as a hint, which will be used by the
* model-checking tactics that we refrain from explaining in detail. *) * model-checking tactics that we refrain from explaining in detail. *)
Hint Rewrite add2_init_is. Local Hint Rewrite add2_init_is.
(* Now, let's verify the original system. *) (* Now, let's verify the original system. *)
Theorem add2_ok : Theorem add2_ok :

2
frap_book.tex
View file

@ -1782,14 +1782,12 @@ For our purposes, the key pay-off from this connection is that we may translate
We can apply this theorem to the two example programs from earlier in the section, now imagining that we run two parallel-thread copies of each program, using last chapter's approach to modeling threads with transition systems. We can apply this theorem to the two example programs from earlier in the section, now imagining that we run two parallel-thread copies of each program, using last chapter's approach to modeling threads with transition systems.
The concrete system can be represented with thread-local states $\{\mathsf{Read}\} \cup \{\mathsf{Write}(n) \mid n \in \mathbb N\}$ and the abstract system with $\{\mathsf{BRead}\} \cup \{\mathsf{BWrite}(b) \mid b \in \mathbb B\}$, for the Booleans $\mathbb B$. The concrete system can be represented with thread-local states $\{\mathsf{Read}\} \cup \{\mathsf{Write}(n) \mid n \in \mathbb N\}$ and the abstract system with $\{\mathsf{BRead}\} \cup \{\mathsf{BWrite}(b) \mid b \in \mathbb B\}$, for the Booleans $\mathbb B$.
We define compatibility between local states. We define compatibility between local states.
$$\infer{\mathsf{Read} \sim \mathsf{BRead}}{} $$\infer{\mathsf{Read} \sim \mathsf{BRead}}{}
\quad \infer{\mathsf{Write}(n) \sim \mathsf{BWrite}(b)}{ \quad \infer{\mathsf{Write}(n) \sim \mathsf{BWrite}(b)}{
n \; \textrm{even} \Leftrightarrow b = \mathsf{true} n \; \textrm{even} \Leftrightarrow b = \mathsf{true}
}$$ }$$
We also define the overall state simulation relation $R$, which also covers state shared by threads. We also define the overall state simulation relation $R$, which also covers state shared by threads.
$$\infer{(n, (\ell_1, \ell_2)) \; R \; (b, (\ell'_1, \ell'_2))}{ $$\infer{(n, (\ell_1, \ell_2)) \; R \; (b, (\ell'_1, \ell'_2))}{
(n \; \textrm{even} \Leftrightarrow b = \mathsf{true}) (n \; \textrm{even} \Leftrightarrow b = \mathsf{true})
& \ell_1 \sim \ell'_1 & \ell_1 \sim \ell'_1