summaryrefslogtreecommitdiff
path: root/backends/hol4/primitivesScript.sml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--backends/hol4/primitivesScript.sml44
1 files changed, 16 insertions, 28 deletions
diff --git a/backends/hol4/primitivesScript.sml b/backends/hol4/primitivesScript.sml
index b1dd770b..b7bc978f 100644
--- a/backends/hol4/primitivesScript.sml
+++ b/backends/hol4/primitivesScript.sml
@@ -1,7 +1,7 @@
open HolKernel boolLib bossLib Parse
open boolTheory arithmeticTheory integerTheory intLib listTheory stringTheory
-open primitivesArithTheory primitivesBaseTacLib
+open primitivesArithTheory primitivesBaseTacLib ilistTheory
val primitives_theory_name = "primitives"
val _ = new_theory primitives_theory_name
@@ -1169,12 +1169,11 @@ val _ = new_constant ("vec_to_list", “:'a vec -> 'a list”)
(* TODO: we could also make ‘mk_vec’ return ‘'a vec’ (no result) *)
val _ = new_constant ("mk_vec", “:'a list -> 'a vec result”)
-
val vec_to_list_num_bounds =
new_axiom ("vec_to_list_num_bounds",
- “!v. let l = LENGTH (vec_to_list v) in
- (0:num) <= l /\ l <= Num usize_max”)
+ “!v. (0:num) <= LENGTH (vec_to_list v) /\ LENGTH (vec_to_list v) <= Num usize_max”)
+(*
Theorem vec_to_list_int_bounds:
!v. 0 <= int_of_num (LENGTH (vec_to_list v)) /\ int_of_num (LENGTH (vec_to_list v)) <= usize_max
Proof
@@ -1252,13 +1251,16 @@ Proof
Induct_on ‘ls’ >> Cases_on ‘i’ >> rw [update_def] >>
Cases_on ‘j’ >> fs []
QED
+*)
+(*
(* TODO: this is the base definition for index. Shall we remove the ‘return’ type? *)
val vec_index_def = Define ‘
vec_index i v =
if usize_to_int i ≤ usize_to_int (vec_len v)
then Return (EL (Num (usize_to_int i)) (vec_to_list v))
else Fail Failure’
+*)
(* TODO: shortcut for qspec_then ... ASSUME_TAC *)
(* TODO: use cooper_tac everywhere *)
@@ -1300,6 +1302,7 @@ QED
&n < &m
*)
+(*
val vec_insert_back_def = Define ‘
vec_insert_back (v : 'a vec) (i : usize) (x : 'a) = mk_vec (update (vec_to_list v) (Num (usize_to_int i)) x)’
@@ -1326,7 +1329,7 @@ Proof
sg ‘Num (usize_to_int i) < LENGTH (vec_to_list v)’ >-(
(* TODO: automate *)
pure_once_rewrite_tac [gsym INT_LT] >>
- dep_pure_once_rewrite_tac [primitivesArithTheory.int_of_num] >>
+ dep_pure_once_rewrite_tac [int_of_num_id] >>
qspec_assume ‘i’ usize_to_int_bounds >> fs []
) >>
fs [] >>
@@ -1336,33 +1339,16 @@ Proof
rw [] >-(
(* TODO: automate *)
irule int_of_num_neq_inj >>
- dep_pure_rewrite_tac [primitivesArithTheory.int_of_num] >>
+ dep_pure_rewrite_tac [int_of_num_id] >>
rw [usize_to_int_bounds] >>
metis_tac [int_to_usize_usize_to_int]
) >>
(* TODO: automate *)
pure_once_rewrite_tac [gsym INT_LT] >>
- dep_pure_once_rewrite_tac [primitivesArithTheory.int_of_num] >>
+ dep_pure_once_rewrite_tac [int_of_num_id] >>
qspec_assume ‘j’ usize_to_int_bounds >> fs []
QED
-
-
-(* Small experiment: trying to redefine common functions with integers instead of nums *)
-val index_def = Define ‘
- index (i : int) (x :: ls) = if i = 0 then x else (if 0 < i then index (i - 1) ls else ARB)
-’
-
-val len_def = Define ‘
- len [] : int = 0 /\
- len (x :: ls) : int = 1 + len ls
-’
-
-val update_def = Define ‘
- update ([] : 'a list) (i : int) (y : 'a) : 'a list = [] ∧
-
- update (x :: ls) (i : int) y =
- if i = 0 then y :: ls else (if 0 < i then x :: update ls (i - 1) y else x :: ls)
-’
+*)
Theorem update_len:
∀ls i y. len (update ls i y) = len ls
@@ -1417,8 +1403,11 @@ QED
Theorem vec_to_list_int_bounds:
!v. 0 <= len (vec_to_list v) /\ len (vec_to_list v) <= usize_max
Proof
- (* TODO *)
- cheat
+ gen_tac >>
+ qspec_assume ‘v’ vec_to_list_num_bounds >>
+ fs [len_eq_LENGTH] >>
+ assume_tac usize_bounds >> fs [u16_max_def] >>
+ cooper_tac
QED
val vec_len_def = Define ‘vec_len v = int_to_usize (len (vec_to_list v))’
@@ -1438,7 +1427,6 @@ val vec_index_def = Define ‘
then Return (index (usize_to_int i) (vec_to_list v))
else Fail Failure’
-(* TODO: *)
val mk_vec_spec = new_axiom ("mk_vec_spec",
“∀l. len l ≤ usize_max ⇒ ∃v. mk_vec l = Return v ∧ vec_to_list v = l”)