ホーム エクスプローラ ヘルプ
サインイン
ariadne
/
shttpd
Watch 1
Star 0
Fork 0
ファイル 課題 7 プルリクエスト 0 Wiki
ツリー: 3ad28c4ba8
ブランチ タグ
shttpd
/
coq
/
S
/
Lucid
/
Sequential.v

Sequential.v 2.1 KB
履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. (* Copyright © 2019 Ariadne Devos
    2. 

  2.    SPDX-License-Identifier: GPL-2.0 or GPL-3.0 *)
    3. 

  3. 

  4. Require Import S.Lucid.Arrow.
    5. 

  5. Require Import Coq.Sets.Ensembles.
    6. 

  6. 

  7. Section definitions.
    8. 

  8. 

  9. Variable World : Type.
    10. 

  10. 

  11. Variable A B C : Type.
    12. 

  12. 

  13. (* The signature of the sequential composition of two arrows.
    14. 

  14.    (This only gives the properties of such a composition,
    15. 

  15.    the resulting pre-condition may be impossible.)
    16. 

  16. 

  17.    TODO: whether this is correct, will be verified if
    18. 

  18.    some Arrow type is lowered to some concurrent Monad (or
    19. 

  19.    C, or ... assembly) and a bisimulation is proven to
    20. 

  20.    be maintained *)
    21. 

  21. Definition seq_sig (stop : ArrowSig World A B) (start : ArrowSig World B C) : ArrowSig World A C
    22. 

  22.   := {| rely := fun p w => rely stop p w /\ forall q, post stop p q -> rely start q w;
    23. 

  23.         (* guaranteed-p? Both arrows must keep up with the promise.
    24. 

  24.            (Remember, the frame condition specifies instants in time)
    25. 

  25. 

  26.            `guarantee stop p w`: first arrow.
    27. 

  27.            `forall q, post stop p q -> _`: like the first arrow,
    28. 

  28.              except that the intermediate value must be introduced.
    29. 

  29.              Since we are speaking of *guarantees*, it must hold for
    30. 

  30.              all *posssible* (hence post stop p q) intermediates. *)
    31. 

  31.         guarantee := fun (p : Situation A) w => guarantee stop p w
    32. 

  32.           /\ forall (q : Situation B), post stop p q -> guarantee start q w;
    33. 

  33.         (* In the original formulation,
    34. 

  34.              { P } S1 { Q }, { Q } S2 { R }
    35. 

  35.              |- { P } S1 S2 { R }.
    36. 

  36.            In ours,
    37. 

  37.              { P } S1 { Q }, { R } S2 { S }
    38. 

  38.              |- { P /\ Q -> R } S1 { S }
    39. 

  39.              (except for the qualifiers and binders)
    40. 

  40.            (Is this weakest precondition?) *)
    41. 

  41.         pre := fun (p : Situation A) => pre stop p /\ (forall (q : Situation B), post stop p q -> pre start q);
    42. 

  42.         (* The post-condition is given as a set of possibilities dependent on the input.
    43. 

  43.            Possible -> exists.
    44. 

  44.            This is an ordinary Hoare composition rule. *)
    45. 

  45.         post := fun (p : Situation A) (r : Situation C) =>
    46. 

  46.          exists (q : Situation B), post stop p q /\ post start q r;
    47. 

  47.       |}.
    48. 

  48. 

  49. End definitions.
    50. 

  50. 

  51. Arguments seq_sig { _ _ _ _ } _ _.
    52. 

  52. 

  53.