Skip to content

Commit 342576e

Browse files
lyonel2017bgregoirstrub
committed
Add exception declaration, raise, and update logic
Co-Authored-By: Benjamin Gregoire <[email protected]> Co-Authored-By: Pierre-Yves Strub <[email protected]>
1 parent 322e303 commit 342576e

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

69 files changed

+2045
-688
lines changed

examples/exception.ec

Lines changed: 254 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,254 @@
1+
require import AllCore.
2+
3+
exception assume.
4+
exception assert.
5+
6+
op p1: int -> bool.
7+
op p2: int -> bool.
8+
9+
module M' ={
10+
proc truc (x:int) : int = {
11+
if (! p1 x \/ ! p2 x) else raise assume;
12+
if (!p1 x \/ !p2 x) raise assert;
13+
return x;
14+
}
15+
}.
16+
17+
lemma assume_assert (_x:int):
18+
hoare [M'.truc : _x = x ==>
19+
false | assume => p1 _x | assert => !(p1 _x /\ p2 _x)
20+
].
21+
proof.
22+
proc.
23+
wp.
24+
auto => &hr <- /> /#.
25+
qed.
26+
27+
print assume_assert.
28+
29+
lemma assert_assume (_x:int):
30+
hoare [M'.truc : _x = x ==>
31+
false | assume => p2 _x | assert => !(p2 _x /\ p1 _x)
32+
].
33+
proof.
34+
proc.
35+
wp.
36+
auto => &hr <- /> /#.
37+
qed.
38+
39+
lemma assert_assume' ( _x:int) :
40+
hoare [M'.truc : _x = x ==>
41+
false | assume => p1 _x /\ p2 _x | assert => !(p2 _x /\ p1 _x) ].
42+
proof.
43+
conseq (assume_assert _x) (assert_assume _x).
44+
+ auto.
45+
+ auto.
46+
qed.
47+
48+
exception e1.
49+
exception e2.
50+
exception e3.
51+
52+
module M ={
53+
proc f1 (x:int) : int = {
54+
if (x <> 3) else raise e1;
55+
x <- 5;
56+
return x;
57+
}
58+
59+
proc f2 (x:int) : int = {
60+
if (x = 3) {
61+
x <- x;
62+
x <@ f1(x);
63+
} else {
64+
x <@ f1(x);
65+
}
66+
return x;
67+
}
68+
}.
69+
70+
op pe: bool.
71+
op pe1: bool.
72+
op pe2: bool.
73+
op pe3: bool.
74+
op pe4: bool.
75+
op pd1: bool.
76+
op pd2: bool.
77+
op pd3: bool.
78+
79+
axiom a1: pd2 => pd1.
80+
axiom a2: pe => pd1.
81+
axiom a3: pd2 => pe3.
82+
axiom a4: pd2 => pe4.
83+
axiom a5: pd1 => pd2.
84+
85+
lemma l_f1 (_x: int):
86+
hoare [M.f1 : _x = x ==> (res <= 5) | e1 => _x <= 3 | _ => pd1].
87+
proof.
88+
proc.
89+
conseq (: _ ==> x = 5 | e1 => _x = 3 | e2 => pe | _ => pd2).
90+
+ move => &hr h x. smt(a1 a2).
91+
+ wp. auto.
92+
qed.
93+
94+
lemma l_f2 (_x: int):
95+
hoare [M.f2 : _x = x ==> res < 6 | e1 => _x < 4 | e2 => pe3 | e3 => pe4 | _ => pd2 ].
96+
proof.
97+
proc.
98+
if.
99+
+ call (: _x = x ==> res = 5 | e1 => 3 = _x | e2 => pd2 | _ => pd2).
100+
+ proc.
101+
by auto.
102+
auto.
103+
smt(a3 a4).
104+
call (l_f1 _x).
105+
auto. smt(a5 a3 a4).
106+
qed.
107+
108+
op o : exn = e2.
109+
110+
module M1 ={
111+
var i:int
112+
113+
proc f1 (x:int) : int = {
114+
i <- 0;
115+
raise o;
116+
return x;
117+
}
118+
119+
proc f2 (x:int) : int = {
120+
i <- 1;
121+
x <@ f1(x);
122+
return x;
123+
}
124+
}.
125+
126+
lemma test (_x: int):
127+
hoare [M1.f2 : true ==> true |e2 => M1.i = 0].
128+
proof.
129+
proc.
130+
call (: true ==> true | e2 => M1.i = 0).
131+
+ proc. wp. auto.
132+
by auto.
133+
qed.
134+
135+
lemma test2 (_x: int):
136+
hoare [M1.f1 : true ==> true |e2 => M1.i = 0].
137+
proof.
138+
proc.
139+
conseq (: _ ==> _ | e2 => M1.i = 0).
140+
auto.
141+
qed.
142+
143+
module M2 ={
144+
145+
proc f1 (x:int) : int = {
146+
return x;
147+
}
148+
149+
proc f2 (x:int) : int = {
150+
x <- x + 1;
151+
x <@ f1(x);
152+
return x;
153+
}
154+
}.
155+
156+
lemma test3 (_x: int):
157+
hoare [M2.f1 : _x = x ==> res = _x | e2 => _x = 0].
158+
proof.
159+
proc.
160+
auto.
161+
qed.
162+
163+
lemma test4 (_x: int):
164+
hoare [M2.f2 : _x = x ==> res = _x + 1 | e2 => _x + 1 = 0 ].
165+
proof.
166+
proc.
167+
ecall(test3 x).
168+
auto.
169+
qed.
170+
171+
exception arg1 of int.
172+
173+
op toto i = arg1 i.
174+
175+
module M3 = {
176+
proc f () = {
177+
raise (toto 3);
178+
}
179+
180+
}.
181+
182+
lemma test5 :
183+
hoare [M3.f : true ==> false | arg1 x => x = 3].
184+
proof.
185+
proc. wp. skip => //.
186+
qed.
187+
188+
lemma test6 :
189+
hoare [M3.f : true ==> false | arg1 x => x = 3].
190+
proof.
191+
conseq (: _ ==> _ | arg1 x => 3 = x).
192+
+ done.
193+
proc. wp. skip => //.
194+
qed.
195+
196+
197+
abstract theory Et.
198+
199+
type t.
200+
201+
op test : t -> bool.
202+
203+
op truc : t -> exn.
204+
205+
exception et of t.
206+
exception et2 of t * t.
207+
208+
print et2.
209+
210+
module Truc = {
211+
proc f (x:t):t = {
212+
if (test x) {raise (et x);}
213+
return x;
214+
}
215+
}.
216+
217+
axiom hf : forall (_x :t), hoare [Truc.f : _x = x ==> res = _x | et x => test x = false].
218+
end Et.
219+
220+
require import List.
221+
print list.
222+
223+
exception et1 of int.
224+
225+
clone Et as H with
226+
type t <- int(* , *)
227+
(* op et <- et1 *).
228+
229+
print H.
230+
print H.truc.
231+
print H.et.
232+
print H.et2.
233+
234+
(* exception arg ['a] of 'a. *)
235+
236+
exception evar of int.
237+
238+
op v : int.
239+
240+
module Mv ={
241+
var i:int
242+
243+
proc f1 (x:int) : int = {
244+
i <- 0;
245+
raise (evar (v + i)) ;
246+
return x;
247+
}
248+
}.
249+
250+
lemma testv :
251+
hoare [Mv.f1 : true ==> false | evar a => a = v].
252+
proof.
253+
proc. wp. skip => //.
254+
qed.

0 commit comments

Comments
 (0)