Changeset 25
 Timestamp:
 Aug 27, 2010, 3:29:51 PM (8 years ago)
 Location:
 Csemantics
 Files:

 4 edited
Legend:
 Unmodified
 Added
 Removed

Csemantics/CexecIO.ma
r24 r25 614 614 (* Interactions are function calls that return a value and do not change 615 615 the rest of the Clight program's state. *) 616 ndefinition io ≝ mk_interaction (ident × (list eventval)) eventval.617 618 ndefinition do_io : ident → list eventval → IO ioeventval ≝619 λfn,args. Interact io eventval 〈fn,args〉 (λres. Value ioeventval res).620 621 ndefinition ret: ∀T. T → (IO ioT) ≝622 λT,x.(Value ioT x).616 ndefinition io_out ≝ (ident × (list eventval)). 617 618 ndefinition do_io : ident → list eventval → IO eventval io_out eventval ≝ 619 λfn,args. Interact ?? eventval 〈fn,args〉 (λres. Value ?? eventval res). 620 621 ndefinition ret: ∀T. T → (IO eventval io_out T) ≝ 622 λT,x.(Value ?? T x). 623 623 624 624 (* Checking types of values given to / received from an external function call. *) … … 659 659 (* execution *) 660 660 661 nlet rec exec_step (ge:genv) (st:state) on st : (IO io(Σr:trace × state. step ge st (\fst r) (\snd r))) ≝661 nlet rec exec_step (ge:genv) (st:state) on st : (IO eventval io_out (Σr:trace × state. step ge st (\fst r) (\snd r))) ≝ 662 662 match st with 663 663 [ State f s k e m ⇒ … … 695 695 match fn_return f with 696 696 [ Tvoid ⇒ Some ? (ret ? 〈E0, Returnstate Vundef k (free_list m (blocks_of_env e))〉) 697  _ ⇒ Some ? (Wrong ?? )697  _ ⇒ Some ? (Wrong ???) 698 698 ] 699 699  Kcall _ _ _ _ ⇒ 700 700 match fn_return f with 701 701 [ Tvoid ⇒ Some ? (ret ? 〈E0, Returnstate Vundef k (free_list m (blocks_of_env e))〉) 702  _ ⇒ Some ? (Wrong ?? )702  _ ⇒ Some ? (Wrong ???) 703 703 ] 704 704  Kwhile a s' k' ⇒ Some ? (ret ? 〈E0, State f (Swhile a s') k' e m〉) … … 713 713  Kfor3 a2 a3 s' k' ⇒ Some ? (ret ? 〈E0, State f (Sfor Sskip a2 a3 s') k' e m〉) 714 714  Kswitch k' ⇒ Some ? (ret ? 〈E0, State f Sskip k' e m〉) 715  _ ⇒ Some ? (Wrong ?? )715  _ ⇒ Some ? (Wrong ???) 716 716 ] 717 717  Scontinue ⇒ … … 728 728  Kfor2 a2 a3 s' k' ⇒ Some ? (ret ? 〈E0, State f a3 (Kfor3 a2 a3 s' k') e m〉) 729 729  Kswitch k' ⇒ Some ? (ret ? 〈E0, State f Scontinue k' e m〉) 730  _ ⇒ Some ? (Wrong ?? )730  _ ⇒ Some ? (Wrong ???) 731 731 ] 732 732  Sbreak ⇒ … … 737 737  Kfor2 a2 a3 s' k' ⇒ Some ? (ret ? 〈E0, State f Sskip k' e m〉) 738 738  Kswitch k' ⇒ Some ? (ret ? 〈E0, State f Sskip k' e m〉) 739  _ ⇒ Some ? (Wrong ?? )739  _ ⇒ Some ? (Wrong ???) 740 740 ] 741 741  Sifthenelse a s1 s2 ⇒ Some ? ( … … 761 761 [ None ⇒ match fn_return f with 762 762 [ Tvoid ⇒ Some ? (ret ? 〈E0, Returnstate Vundef (call_cont k) (free_list m (blocks_of_env e))〉) 763  _ ⇒ Some ? (Wrong ?? )763  _ ⇒ Some ? (Wrong ???) 764 764 ] 765 765  Some a ⇒ Some ? ( … … 771 771 ! v ← exec_expr ge e m a;: 772 772 match v with [ Vint n ⇒ ret ? 〈E0, State f (seq_of_labeled_statement (select_switch n sl)) (Kswitch k) e m〉 773  _ ⇒ Wrong ?? ])773  _ ⇒ Wrong ??? ]) 774 774  Slabel lbl s' ⇒ Some ? (ret ? 〈E0, State f s' k e m〉) 775 775  Sgoto lbl ⇒ 776 776 match find_label lbl (fn_body f) (call_cont k) with 777 777 [ Some sk' ⇒ match sk' with [ mk_pair s' k' ⇒ Some ? (ret ? 〈E0, State f s' k' e m〉) ] 778  None ⇒ Some ? (Wrong ?? )778  None ⇒ Some ? (Wrong ???) 779 779 ] 780 780 ] … … 799 799 match res with 800 800 [ Vundef ⇒ Some ? (ret ? 〈E0, (State f Sskip k' e m)〉) 801  _ ⇒ Some ? (Wrong ?? )801  _ ⇒ Some ? (Wrong ???) 802 802 ] 803 803  Some r' ⇒ … … 809 809 ] 810 810 ] 811  _ ⇒ Some ? (Wrong ?? )811  _ ⇒ Some ? (Wrong ???) 812 812 ] 813 813 ]. nwhd; //; … … 883 883 nqed. 884 884 885 nlet rec make_initial_state (p:program) : IO io(Σs:state. initial_state p s) ≝885 nlet rec make_initial_state (p:program) : IO eventval io_out (Σs:state. initial_state p s) ≝ 886 886 let ge ≝ globalenv Genv ?? p in 887 887 let m0 ≝ init_mem Genv ?? p in … … 915 915 916 916 nlet rec exec_steps (n:nat) (ge:genv) (s:state) : 917 IO io(Σts:trace×state. star (mk_transrel ?? step) ge s (\fst ts) (\snd ts)) ≝917 IO eventval io_out (Σts:trace×state. star (mk_transrel ?? step) ge s (\fst ts) (\snd ts)) ≝ 918 918 match is_final_state s with 919 919 [ inl _ ⇒ Some ? (ret ? 〈E0, s〉) 
Csemantics/IOMonad.ma
r24 r25 5 5 (* IO monad *) 6 6 7 n record interaction : Type[1]≝8 { output : Type 9 ; input : Type 10 }.7 ninductive IO (input,output:Type) (T:Type) : Type ≝ 8  Interact : output → (input → IO input output T) → IO input output T 9  Value : T → IO input output T 10  Wrong : IO input output T. 11 11 12 ninductive IO (IT:interaction) (T:Type) : Type ≝ 13  Interact : output IT → (input IT → IO IT T) → IO IT T 14  Value : T → IO IT T 15  Wrong : IO IT T. 16 17 nlet rec bindIO (IT:interaction) (T,T':Type) (v:IO IT T) (f:T → IO IT T') on v : IO IT T' ≝ 12 nlet rec bindIO (I,O,T,T':Type) (v:IO I O T) (f:T → IO I O T') on v : IO I O T' ≝ 18 13 match v with 19 [ Interact out k ⇒ (Interact ?? out (λres. bindIO ITT T' (k res) f))14 [ Interact out k ⇒ (Interact ??? out (λres. bindIO I O T T' (k res) f)) 20 15  Value v' ⇒ (f v') 21  Wrong ⇒ Wrong I TT'16  Wrong ⇒ Wrong I O T' 22 17 ]. 23 18 24 nlet rec bindIO2 (I T:interaction) (T1,T2,T':Type) (v:IO IT (T1×T2)) (f:T1 → T2 → IO IT T') on v : IO ITT' ≝19 nlet rec bindIO2 (I,O,T1,T2,T':Type) (v:IO I O (T1×T2)) (f:T1 → T2 → IO I O T') on v : IO I O T' ≝ 25 20 match v with 26 [ Interact out k ⇒ (Interact ?? out (λres. bindIO2? T1 T2 T' (k res) f))21 [ Interact out k ⇒ (Interact ??? out (λres. bindIO2 ?? T1 T2 T' (k res) f)) 27 22  Value v' ⇒ match v' with [ mk_pair v1 v2 ⇒ f v1 v2 ] 28  Wrong ⇒ Wrong ? T'23  Wrong ⇒ Wrong ?? T' 29 24 ]. 30 25 31 ndefinition err_to_io : ∀I T,T. res T → IO ITT ≝32 λI T,T,v. match v with [ OK v' ⇒ Value IT T v'  Error ⇒ Wrong ITT ].33 (*ncoercion err_to_io : ∀I T,A.∀c:res A.IO IT A ≝ err_to_io on _c:res ? to IO??.*)34 ndefinition err_to_io_sig : ∀I T,T.∀P:T → Prop. res (sigma T P) → IO IT(sigma T P) ≝35 λI T,T,P,v. match v with [ OK v' ⇒ Value IT (sigma T P) v'  Error ⇒ Wrong IT(sigma T P) ].36 ncoercion err_to_io_sig : ∀I T,A.∀P:A → Prop.∀c:res (sigma A P).IO IT (sigma A P) ≝ err_to_io_sig on _c:res (sigma ??) to IO? (sigma ??).26 ndefinition err_to_io : ∀I,O,T. res T → IO I O T ≝ 27 λI,O,T,v. match v with [ OK v' ⇒ Value I O T v'  Error ⇒ Wrong I O T ]. 28 (*ncoercion err_to_io : ∀I,O,A.∀c:res A.IO I O A ≝ err_to_io on _c:res ? to IO ???.*) 29 ndefinition err_to_io_sig : ∀I,O,T.∀P:T → Prop. res (sigma T P) → IO I O (sigma T P) ≝ 30 λI,O,T,P,v. match v with [ OK v' ⇒ Value I O (sigma T P) v'  Error ⇒ Wrong I O (sigma T P) ]. 31 ncoercion err_to_io_sig : ∀I,O,A.∀P:A → Prop.∀c:res (sigma A P).IO I O (sigma A P) ≝ err_to_io_sig on _c:res (sigma ??) to IO ?? (sigma ??). 37 32 38 33 … … 40 35 notation "! ident v ← e;: e'" right associative with precedence 40 for @{'bindIO ${e} (λ${ident v}.${e'})}. 41 36 notation "! 〈ident v1, ident v2〉 ← e;: e'" right associative with precedence 40 for @{'bindIO2 ${e} (λ${ident v1}.λ${ident v2}.${e'})}. 42 interpretation "IO monad bind" 'bindIO e f = (bindIO ??? e f).43 interpretation "IO monad pair bind" 'bindIO2 e f = (bindIO2 ???? e f).37 interpretation "IO monad bind" 'bindIO e f = (bindIO ???? e f). 38 interpretation "IO monad pair bind" 'bindIO2 e f = (bindIO2 ????? e f). 44 39 (**) 45 nlet rec P_io (I T:interaction) (A:Type) (P:A → Prop) (v:IO ITA) on v : Prop ≝40 nlet rec P_io (I,O,A:Type) (P:A → Prop) (v:IO I O A) on v : Prop ≝ 46 41 match v return λ_.Prop with 47 42 [ Wrong ⇒ True 48 43  Value z ⇒ P z 49  Interact out k ⇒ ∀v'.P_io I TA P (k v')44  Interact out k ⇒ ∀v'.P_io I O A P (k v') 50 45 ]. 51 46 52 nlet rec P_io' (I T:interaction) (A:Type) (P:A → Prop) (v:IO ITA) on v : Prop ≝47 nlet rec P_io' (I,O,A:Type) (P:A → Prop) (v:IO I O A) on v : Prop ≝ 53 48 match v return λ_.Prop with 54 49 [ Wrong ⇒ False 55 50  Value z ⇒ P z 56  Interact out k ⇒ ∀v'.P_io ITA P (k v')51  Interact out k ⇒ ∀v'.P_io' I O A P (k v') 57 52 ]. 58 53 59 ndefinition P_to_P_option_io : ∀I T,A.∀P:A → Prop.option (IO ITA) → Prop ≝60 λI T,A,P,a.match a with54 ndefinition P_to_P_option_io : ∀I,O,A.∀P:A → Prop.option (IO I O A) → Prop ≝ 55 λI,O,A,P,a.match a with 61 56 [ None ⇒ False 62  Some y ⇒ P_io I TA P y57  Some y ⇒ P_io I O A P y 63 58 ]. 64 59 65 nlet rec io_inject_0 (I T:interaction) (A:Type) (P:A → Prop) (a:IO IT A) (p:P_io IT A P a) on a : IO IT(sigma A P) ≝60 nlet rec io_inject_0 (I,O,A:Type) (P:A → Prop) (a:IO I O A) (p:P_io I O A P a) on a : IO I O (sigma A P) ≝ 66 61 (match a return λa'.a=a' → ? with 67 [ Wrong ⇒ λ_. Wrong I T?68  Value c ⇒ λe2. Value ?? (sig_intro A P c ?)69  Interact out k ⇒ λe2. Interact ?? out (λv. io_inject_0 ITA P (k v) ?)62 [ Wrong ⇒ λ_. Wrong I O ? 63  Value c ⇒ λe2. Value ??? (sig_intro A P c ?) 64  Interact out k ⇒ λe2. Interact ??? out (λv. io_inject_0 I O A P (k v) ?) 70 65 ]) (refl ? a). 71 (* XXX: odd, can't do both cases at once. *) 72 ##[ nrewrite > e2 in p; nwhd in ⊢ (% → ?); //; 73 ## nrewrite > e2 in p; nwhd in ⊢ (% → ?); //; 74 ##] nqed. 66 nrewrite > e2 in p; nwhd in ⊢ (% → ?); //; 67 nqed. 75 68 76 ndefinition io_inject : ∀I T,A.∀P:A → Prop.∀a:option (IO IT A).∀p:P_to_P_option_io IT A P a.IO IT(sigma A P) ≝77 λI T,A.λP:A → Prop.λa:option (IO IT A).λp:P_to_P_option_io ITA P a.78 (match a return λa'.a=a' → IO I T(sigma A P) with69 ndefinition io_inject : ∀I,O,A.∀P:A → Prop.∀a:option (IO I O A).∀p:P_to_P_option_io I O A P a.IO I O (sigma A P) ≝ 70 λI,O,A.λP:A → Prop.λa:option (IO I O A).λp:P_to_P_option_io I O A P a. 71 (match a return λa'.a=a' → IO I O (sigma A P) with 79 72 [ None ⇒ λe1.? 80  Some b ⇒ λe1. io_inject_0 I TA P b ?73  Some b ⇒ λe1. io_inject_0 I O A P b ? 81 74 ]) (refl ? a). 82 75 ##[ nrewrite > e1 in p; nnormalize; *; … … 84 77 ##] nqed. 85 78 86 nlet rec io_eject (I T:interaction) (A:Type) (P: A → Prop) (a:IO IT (sigma A P)) on a : IO ITA ≝79 nlet rec io_eject (I,O,A:Type) (P: A → Prop) (a:IO I O (sigma A P)) on a : IO I O A ≝ 87 80 match a with 88 [ Wrong ⇒ Wrong ?? 89  Value b ⇒ match b with [ sig_intro w p ⇒ Value ?? w]90  Interact out k ⇒ Interact ?? out (λv. io_eject? A P (k v))81 [ Wrong ⇒ Wrong ??? 82  Value b ⇒ match b with [ sig_intro w p ⇒ Value ??? w] 83  Interact out k ⇒ Interact ??? out (λv. io_eject ?? A P (k v)) 91 84 ]. 92 85 93 86 ncoercion io_inject : 94 ∀I T,A.∀P:A → Prop.∀a.∀p:P_to_P_option_io IT ? P a.IO IT(sigma A P) ≝ io_inject95 on a:option (IO ?? ) to IO? (sigma ? ?).96 ncoercion io_eject : ∀I T,A.∀P:A → Prop.∀c:IO IT (sigma A P).IO ITA ≝ io_eject97 on _c:IO ? (sigma ? ?) to IO??.87 ∀I,O,A.∀P:A → Prop.∀a.∀p:P_to_P_option_io I O ? P a.IO I O (sigma A P) ≝ io_inject 88 on a:option (IO ???) to IO ?? (sigma ? ?). 89 ncoercion io_eject : ∀I,O,A.∀P:A → Prop.∀c:IO I O (sigma A P).IO I O A ≝ io_eject 90 on _c:IO ?? (sigma ? ?) to IO ???. 98 91 99 ndefinition opt_to_io : ∀I T,T.option T → IO ITT ≝100 λI T,T,v. match v with [ None ⇒ Wrong IT T  Some v' ⇒ Value ITT v' ].101 ncoercion opt_to_io : ∀I T,T.∀v:option T. IO IT T ≝ opt_to_io on _v:option ? to IO??.92 ndefinition opt_to_io : ∀I,O,T.option T → IO I O T ≝ 93 λI,O,T,v. match v with [ None ⇒ Wrong I O T  Some v' ⇒ Value I O T v' ]. 94 ncoercion opt_to_io : ∀I,O,T.∀v:option T. IO I O T ≝ opt_to_io on _v:option ? to IO ???. 102 95 103 nlemma sig_bindIO_OK: ∀I T,A,B. ∀P:A → Prop. ∀P':B → Prop. ∀e:IO IT (sigma A P). ∀f:sigma A P → IO ITB.104 (∀v:A. ∀p:P v. P_io I T? P' (f (sig_intro A P v p))) →105 P_io I T ? P' (bindIO IT(sigma A P) B e f).106 #I TA B P P' e f; nelim e;96 nlemma sig_bindIO_OK: ∀I,O,A,B. ∀P:A → Prop. ∀P':B → Prop. ∀e:IO I O (sigma A P). ∀f:sigma A P → IO I O B. 97 (∀v:A. ∀p:P v. P_io I O ? P' (f (sig_intro A P v p))) → 98 P_io I O ? P' (bindIO I O (sigma A P) B e f). 99 #I O A B P P' e f; nelim e; 107 100 ##[ #out k IH; #IH'; nwhd; #res; napply IH; //; 108 101 ## #v0; nelim v0; #v Hv IH; nwhd; napply IH; … … 110 103 ##] nqed. 111 104 112 nlemma sig_bindIO2_OK: ∀I T,A,B,C. ∀P:(A×B) → Prop. ∀P':C → Prop. ∀e:IO IT (sigma (A×B) P). ∀f: A → B → IO ITC.113 (∀vA:A.∀vB:B. ∀p:P 〈vA,vB〉. P_io I T? P' (f vA vB)) →114 P_io I T ? P' (bindIO2 ITA B C e f).115 #I TA B C P P' e f; nelim e;105 nlemma sig_bindIO2_OK: ∀I,O,A,B,C. ∀P:(A×B) → Prop. ∀P':C → Prop. ∀e:IO I O (sigma (A×B) P). ∀f: A → B → IO I O C. 106 (∀vA:A.∀vB:B. ∀p:P 〈vA,vB〉. P_io I O ? P' (f vA vB)) → 107 P_io I O ? P' (bindIO2 I O A B C e f). 108 #I O A B C P P' e f; nelim e; 116 109 ##[ #out k IH; #IH'; nwhd; #res; napply IH; napply IH'; 117 110 ## #v0; nelim v0; #v; nelim v; #vA vB Hv IH; napply IH; //; … … 119 112 ##] nqed. 120 113 121 nlemma opt_bindIO_OK: ∀I T,A,B. ∀P:B → Prop. ∀e:option A. ∀f: A → IO ITB.122 (∀v:A. e = Some A v → P_io I T? P (f v)) →123 P_io I T ? P (bindIO ITA B e f).124 #I TA B P e; nelim e; //; #v f H; napply H; //;114 nlemma opt_bindIO_OK: ∀I,O,A,B. ∀P:B → Prop. ∀e:option A. ∀f: A → IO I O B. 115 (∀v:A. e = Some A v → P_io I O ? P (f v)) → 116 P_io I O ? P (bindIO I O A B e f). 117 #I O A B P e; nelim e; //; #v f H; napply H; //; 125 118 nqed. 126 119 127 nlemma bindIO_OK: ∀I T,A,B. ∀P:B → Prop. ∀e:IO IT A. ∀f: A → IO ITB.128 (∀v:A. P_io I T? P (f v)) →129 P_io I T ? P (bindIO ITA B e f).130 #I TA B P e; nelim e;120 nlemma bindIO_OK: ∀I,O,A,B. ∀P:B → Prop. ∀e:IO I O A. ∀f: A → IO I O B. 121 (∀v:A. P_io I O ? P (f v)) → 122 P_io I O ? P (bindIO I O A B e f). 123 #I O A B P e; nelim e; 131 124 ##[ #out k IH; #f H; nwhd; #res; napply IH; //; 132 125 ## #v f H; napply H; … … 143 136 *) 144 137 145 nlemma extract_subset_pair_io: ∀I T,A,B,C,P. ∀e:{e:A×B  P e}. ∀Q:A→B→IO ITC. ∀R:C→Prop.146 (∀a,b. eject ?? e = 〈a,b〉 → P 〈a,b〉 → P_io I T? R (Q a b)) →147 P_io I T? R (match eject ?? e with [ mk_pair a b ⇒ Q a b ]).148 #I TA B C P e Q R; ncases e; #e'; ncases e'; nnormalize;138 nlemma extract_subset_pair_io: ∀I,O,A,B,C,P. ∀e:{e:A×B  P e}. ∀Q:A→B→IO I O C. ∀R:C→Prop. 139 (∀a,b. eject ?? e = 〈a,b〉 → P 〈a,b〉 → P_io I O ? R (Q a b)) → 140 P_io I O ? R (match eject ?? e with [ mk_pair a b ⇒ Q a b ]). 141 #I O A B C P e Q R; ncases e; #e'; ncases e'; nnormalize; 149 142 ##[ *; 150 143 ## #e''; ncases e''; #a b Pab H; nnormalize; /2/; 
Csemantics/SmallstepExec.ma
r24 r25 8 8 { genv : Type 9 9 ; state : Type 10 ; io : interaction 10 ; input : Type 11 ; output : Type 11 12 ; initial : state → Prop 12 13 ; final : state → int → Prop 13 ; step : genv → state → IO i o(trace×state)14 ; step : genv → state → IO input output (trace×state) 14 15 }. 15 16 16 17 nlet rec repeat (n:nat) (exec:execstep) (g:genv exec) (s:state exec) 17 : IO (i oexec) (trace × (state exec)) ≝18 : IO (input exec) (output exec) (trace × (state exec)) ≝ 18 19 match n with 19 [ O ⇒ Value ?? 〈E0, s〉20 [ O ⇒ Value ??? 〈E0, s〉 20 21  S n' ⇒ ! 〈t1,s1〉 ← step exec g s;: 21 22 repeat n' exec g s1 … … 38 39 { sems :> related_semantics 39 40 ; sim : ∀st1,st2,t,st1'. 40 P_io' (io (sem1 sems))(trace × (state (sem1 sems))) (λr. r = 〈t,st1'〉) (step (sem1 sems) (ge1 sems) st1) →41 P_io' ?? (trace × (state (sem1 sems))) (λr. r = 〈t,st1'〉) (step (sem1 sems) (ge1 sems) st1) → 41 42 match_states sems st1 st2 → 42 ∃st2':(state (sem2 sems)).(∃n:nat.P_io' (io (sem2 sems))(trace × (state (sem2 sems))) (λr. r = 〈t,st2'〉) (repeat n (sem2 sems) (ge2 sems) st2)) ∧43 ∃st2':(state (sem2 sems)).(∃n:nat.P_io' ?? (trace × (state (sem2 sems))) (λr. r = 〈t,st2'〉) (repeat n (sem2 sems) (ge2 sems) st2)) ∧ 43 44 match_states sems st1' st2' 44 45 }. 
Csemantics/test/transform1.ma
r24 r25 44 44 45 45 ndefinition Csem ≝ λp:program.mk_execstep 46 ? 46 47 ? 47 48 ?
Note: See TracChangeset
for help on using the changeset viewer.