Inicio Explorar Ayuda
Iniciar sesión
ariadne
/
shttpd
Seguir 1
Destacar 0
Fork 0
Archivos Incidencias 7 Pull Requests 0 Wiki
Rama: verification
Ramas Etiquetas
shttpd
/
coq
/
Trace.v

Trace.v 4.2 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 
  1. (* Copyright © 2019 Ariadne Devos
    2. 

  2.    SPDX-License-Identifier: GPL-2.0 or GPL-3.0 *)
    3. 

  3. 

  4. Require Import Coq.Setoids.Setoid.
    5. 

  5. 

  6. (* Traces can be finite (like lists) or infintie (like streams).
    7. 

  7.    Equality of each element is 'eq', not an arbitrary
    8. 

  8.    equivalence relationship. *)
    9. 

  9. Section trace.
    10. 

  10. 

  11. (* Presumably an event, can be anything *)
    12. 

  12. Variable A : Type.
    13. 

  13. 

  14. CoInductive trace :=
    15. 

  15. | Done : trace
    16. 

  16. | More : A -> trace -> trace.
    17. 

  17. 

  18. (* Witnesses of extensional equality *)
    19. 

  19. CoInductive trace_eq_proof : trace -> trace -> Prop :=
    20. 

  20. | EqDone : trace_eq_proof Done Done
    21. 

  21. | EqMore : forall a t u, trace_eq_proof t u -> trace_eq_proof (More a t) (More a u).
    22. 

  22. 

  23. Axiom streameq_leibniz : forall t u, trace_eq_proof t u <-> t = u.
    24. 

  24. 

  25. (* Trick Coq in reducing seq.
    26. 

  26. 

  27.    Adapted from: adam.chlipala.net/cpdt/html/Coinductive.html. *)
    28. 

  28. Definition frob (t : trace) : trace :=
    29. 

  29.   match t with
    30. 

  30.   | Done => Done
    31. 

  31.   | More a t' => More a t'
    32. 

  32.   end.
    33. 

  33. 

  34. Lemma frob_idem (t : trace) : t = frob t.
    35. 

  35. Proof.
    36. 

  36.   destruct t.
    37. 

  37.   all : reflexivity.
    38. 

  38. Qed.
    39. 

  39. 

  40. Section Concatenation.
    41. 

  41. 

  42. CoFixpoint seq (u : trace) (v : trace) :=
    43. 

  43.   match u with
    44. 

  44.   | Done => v
    45. 

  45.   | More s u' => More s (seq u' v)
    46. 

  46.   end.
    47. 

  47. 

  48. (* Neutrality of nil *)
    49. 

  49. 

  50. Lemma seq_nil_l (t : trace) : seq Done t = t.
    51. 

  51. Proof.
    52. 

  52.   set (t' := seq Done t).
    53. 

  53.   rewrite (frob_idem t).
    54. 

  54.   rewrite (frob_idem t').
    55. 

  55.   destruct t.
    56. 

  56.   all : (simpl; reflexivity).
    57. 

  57. Qed.
    58. 

  58. 

  59. CoFixpoint seq_nil_r' (t : trace) : trace_eq_proof (seq t Done) t.
    60. 

  60. Proof.
    61. 

  61.   refine (match t with
    62. 

  62.     | Done => _
    63. 

  63.     | More a t' => _
    64. 

  64.     end).
    65. 

  65.   - set (u := seq Done Done).
    66. 

  66.     rewrite (frob_idem u).
    67. 

  67.     simpl. constructor.
    68. 

  68.   - set (u := seq (More a t') Done).
    69. 

  69.     rewrite (frob_idem u).
    70. 

  70.     simpl.
    71. 

  71.     constructor.
    72. 

  72.     + apply seq_nil_r'.
    73. 

  73. Qed.
    74. 

  74. 

  75. Definition seq_nil_r (t : trace) : seq t Done = t.
    76. 

  76. Proof. rewrite <- streameq_leibniz. exact (seq_nil_r' t). Qed.
    77. 

  77. 

  78. (* Associativity of seq *)
    79. 

  79. CoFixpoint seq_assoc' (t : trace) (u : trace) (v : trace) : trace_eq_proof (seq (seq t u) v) (seq t (seq u v)).
    80. 

  80. Proof.
    81. 

  81.   refine (match t with
    82. 

  82.     | Done => _
    83. 

  83.     | More a t' => _
    84. 

  84.   end).
    85. 

  85.   + repeat rewrite seq_nil_l.
    86. 

  86.     rewrite streameq_leibniz.
    87. 

  87.     reflexivity.
    88. 

  88.   + set (x := seq (More a t') u).
    89. 

  89.     set (y := seq (More a t') (seq u v)).
    90. 

  90.     rewrite (frob_idem x).
    91. 

  91.     rewrite (frob_idem y).
    92. 

  92.     simpl.
    93. 

  93.     clear x y.
    94. 

  94.     set (x := seq (More a (seq t' u)) v).
    95. 

  95.     rewrite (frob_idem x).
    96. 

  96.     simpl.
    97. 

  97.     constructor.
    98. 

  98.     apply seq_assoc'.
    99. 

  99. Qed.
    100. 

  100. 

  101. Lemma seq_assoc (t : trace) (u : trace) (v : trace) : seq (seq t u) v = seq t (seq u v).
    102. 

  102. Proof. pose seq_assoc'. pose streameq_leibniz. firstorder. Qed.
    103. 

  103. 

  104. (* Therefore, seq is a monoid. *)
    105. 

  105. 

  106. (* induction lemma *)
    107. 

  107. Theorem seq_more_lift : forall a t u, seq (More a t) u = More a (seq t u).
    108. 

  108. Proof.
    109. 

  109.   intros.
    110. 

  110.   set (x := seq (More a t) u).
    111. 

  111.   rewrite (frob_idem x).
    112. 

  112.   cbn.
    113. 

  113.   reflexivity.
    114. 

  114. Qed.
    115. 

  115. 

  116. End Concatenation.
    117. 

  117. End trace.
    118. 

  118. 

  119. Section tmap.
    120. 

  120. 

  121. CoFixpoint tmap A B (f : A -> B) (t : trace A) : trace B :=
    122. 

  122.   match t with
    123. 

  123.   | Done _ => Done _
    124. 

  124.   | More _ a t' => More _ (f a) (tmap A B f t')
    125. 

  125.   end.
    126. 

  126. 

  127. Theorem tmap_empty A B f : tmap A B f (Done _) = Done _.
    128. 

  128. Proof.
    129. 

  129.   rewrite (frob_idem _ (tmap _ _ f (Done _))).
    130. 

  130.   cbn.
    131. 

  131.   reflexivity.
    132. 

  132. Qed.
    133. 

  133. 

  134. Theorem tmap_peel A B (f : A -> B) (a : A) (t' : trace A) : tmap _ _ f (More _ a t') = More _ (f a) (tmap _ _ f t').
    135. 

  135. Proof.
    136. 

  136.   rewrite (frob_idem _ (tmap _ _ f (More _ _ _))).
    137. 

  137.   cbn.
    138. 

  138.   reflexivity.
    139. 

  139. Qed.
    140. 

  140. 

  141. CoFixpoint tmap_compose' A B C (g : B -> C) (f : A -> B) (t : trace A) : trace_eq_proof _ (tmap _ _ g (tmap _ _ f t)) (tmap _ _ (Basics.compose g f) t).
    142. 

  142. Proof.
    143. 

  143.   destruct t.
    144. 

  144.   + repeat rewrite tmap_empty.
    145. 

  145.     constructor.
    146. 

  146.   + repeat rewrite tmap_peel.
    147. 

  147.     constructor.
    148. 

  148.     apply tmap_compose'.
    149. 

  149. Qed.
    150. 

  150. 

  151. Theorem tmap_compose A B C (g : B -> C) (f : A -> B) (t : trace A) : tmap _ _ g (tmap _ _ f t) = tmap _ _ (Basics.compose g f) t.
    152. 

  152. Proof. rewrite <- streameq_leibniz. apply tmap_compose'. Qed.
    153. 

  153. 

  154. CoFixpoint tmap_merge' A B (f : A -> B) t u : trace_eq_proof _ (seq _ (tmap _ _ f t) (tmap _ _ f u)) (tmap _ _ f (seq _ t u)).
    155. 

  155. Proof.
    156. 

  156.   destruct t.
    157. 

  157.   + rewrite tmap_empty.
    158. 

  158.     repeat rewrite seq_nil_l.
    159. 

  159.     rewrite streameq_leibniz.
    160. 

  160.     reflexivity.
    161. 

  161.   + rewrite seq_more_lift.
    162. 

  162.     repeat rewrite tmap_peel.
    163. 

  163.     rewrite seq_more_lift.
    164. 

  164.     constructor.
    165. 

  165.     apply tmap_merge'.
    166. 

  166. Qed.
    167. 

  167. 

  168. Theorem tmap_merge A B (f : A -> B) t u : seq _ (tmap _ _ f t) (tmap _ _ f u) = tmap _ _ f (seq _ t u).
    169. 

  169. Proof.
    170. 

  170.   rewrite <- streameq_leibniz.
    171. 

  171.   apply tmap_merge'.
    172. 

  172. Qed.
    173. 

  173. 

  174. End tmap.
    175. 

  175.