Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
C
cpdt
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
research
cpdt
Commits
124a805d
Commit
124a805d
authored
Apr 08, 2012
by
Adam Chlipala
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Strengthen last theorem of Coinductive
parent
763b3a1e
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
7 deletions
+20
-7
Coinductive.v
src/Coinductive.v
+20
-7
No files found.
src/Coinductive.v
View file @
124a805d
...
@@ -621,20 +621,33 @@ Qed.
...
@@ -621,20 +621,33 @@ Qed.
Hint
Rewrite
optExp_correct
.
Hint
Rewrite
optExp_correct
.
(
**
The
final
theorem
is
easy
to
establish
,
using
our
co
-
induction
principle
and
a
bit
of
Ltac
smarts
that
we
leave
unexplained
for
now
.
Curious
readers
can
consult
the
Coq
manual
,
or
wait
for
the
later
chapters
of
this
book
about
proof
automation
.
*
)
(
**
The
final
theorem
is
easy
to
establish
,
using
our
co
-
induction
principle
and
a
bit
of
Ltac
smarts
that
we
leave
unexplained
for
now
.
Curious
readers
can
consult
the
Coq
manual
,
or
wait
for
the
later
chapters
of
this
book
about
proof
automation
.
At
a
high
level
,
we
show
inclusions
between
behaviors
,
going
in
both
directions
between
original
and
optimized
programs
.
*
)
Theorem
optCmd_correct
:
forall
vs1
c
vs2
,
evalCmd
vs1
c
vs2
Ltac
finisher
:=
match
goal
with
|
[
H
:
evalCmd
_
_
_
|-
_
]
=>
((
inversion
H
;
[])
||
(
inversion
H
;
[
|
]))
;
subst
end
;
crush
;
eauto
10.
Lemma
optCmd_correct1
:
forall
vs1
c
vs2
,
evalCmd
vs1
c
vs2
->
evalCmd
vs1
(
optCmd
c
)
vs2
.
->
evalCmd
vs1
(
optCmd
c
)
vs2
.
intros
;
apply
(
evalCmd_coind
(
fun
vs1
c
'
vs2
=>
exists
c
,
evalCmd
vs1
c
vs2
intros
;
apply
(
evalCmd_coind
(
fun
vs1
c
'
vs2
=>
exists
c
,
evalCmd
vs1
c
vs2
/
\
c
'
=
optCmd
c
))
;
eauto
;
crush
;
/
\
c
'
=
optCmd
c
))
;
eauto
;
crush
;
match
goal
with
match
goal
with
|
[
H
:
_
=
optCmd
?
E
|-
_
]
=>
destruct
E
;
simpl
in
*;
discriminate
|
[
H
:
_
=
optCmd
?
E
|-
_
]
=>
destruct
E
;
simpl
in
*;
discriminate
||
injection
H
;
intros
;
subst
||
injection
H
;
intros
;
subst
end
;
match
goal
with
end
;
finisher
.
|
[
H
:
evalCmd
_
_
_
|-
_
]
=>
((
inversion
H
;
[])
Qed
.
||
(
inversion
H
;
[
|
]))
;
subst
end
;
crush
;
eauto
10.
Lemma
optCmd_correct2
:
forall
vs1
c
vs2
,
evalCmd
vs1
(
optCmd
c
)
vs2
->
evalCmd
vs1
c
vs2
.
intros
;
apply
(
evalCmd_coind
(
fun
vs1
c
vs2
=>
evalCmd
vs1
(
optCmd
c
)
vs2
))
;
crush
;
finisher
.
Qed
.
Theorem
optCmd_correct
:
forall
vs1
c
vs2
,
evalCmd
vs1
(
optCmd
c
)
vs2
<->
evalCmd
vs1
c
vs2
.
intuition
;
apply
optCmd_correct1
||
apply
optCmd_correct2
;
assumption
.
Qed
.
Qed
.
(
*
end
thide
*
)
(
*
end
thide
*
)
(
**
In
this
form
,
the
theorem
tells
us
that
the
optimizer
preserves
observable
behavior
of
both
terminating
and
nonterminating
programs
,
but
we
did
not
have
to
do
more
work
than
for
the
case
of
terminating
programs
alone
.
We
merely
took
the
natural
inductive
definition
for
terminating
executions
,
made
it
co
-
inductive
,
and
applied
the
appropriate
co
-
induction
principle
.
Curious
readers
might
experiment
with
adding
command
constructs
like
%
\
texttt
{%
#
<
tt
>
#
if
#
</
tt
>
#
%}%;
the
same
proof
should
continue
working
,
after
the
co
-
induction
principle
is
extended
to
the
new
evaluation
rules
.
*
)
(
**
In
this
form
,
the
theorem
tells
us
that
the
optimizer
preserves
observable
behavior
of
both
terminating
and
nonterminating
programs
,
but
we
did
not
have
to
do
more
work
than
for
the
case
of
terminating
programs
alone
.
We
merely
took
the
natural
inductive
definition
for
terminating
executions
,
made
it
co
-
inductive
,
and
applied
the
appropriate
co
-
induction
principle
.
Curious
readers
might
experiment
with
adding
command
constructs
like
%
\
texttt
{%
#
<
tt
>
#
if
#
</
tt
>
#
%}%;
the
same
proof
s
cript
s
hould
continue
working
,
after
the
co
-
induction
principle
is
extended
to
the
new
evaluation
rules
.
*
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment