Compare commits
139 Commits
ca375976b7
...
fable-lean
| Author | SHA1 | Date | |
|---|---|---|---|
| 904f6375be | |||
| 8cd053a242 | |||
| 0e6976f9b4 | |||
| 10b8fa97ca | |||
| 8ed48cf444 | |||
| 37d88f070a | |||
| 6c05e401c1 | |||
| fe5098095a | |||
| 59afbdaf71 | |||
| 490c472d22 | |||
| d1a11a9b2c | |||
| 2598df690c | |||
| 47d54f5b4b | |||
| 8fa822b2e6 | |||
| d66a7d0e3e | |||
| 778e974dfb | |||
| 319fa272ac | |||
| 86bc33ee26 | |||
| 9e0702b5f5 | |||
| 445187837c | |||
| 1a49689edc | |||
| b1b3b0d2fe | |||
| 379438ec17 | |||
| 1120e01605 | |||
| b6b30958aa | |||
| 5737805125 | |||
| e738eb4294 | |||
| 6a6ed521ca | |||
| c38c10fe9e | |||
| c367f130cf | |||
| a5f533d67a | |||
| c281d78d1d | |||
| 1a843747bf | |||
| 352e0bb8cc | |||
| a12b6c0c3c | |||
| cbad43efdc | |||
| acef0f202b | |||
| c2ad0db668 | |||
| a5235f6fbc | |||
| e2df847139 | |||
| 5c9c8ac55c | |||
| ec2e789d5c | |||
| a3ecefd415 | |||
| 5ac881559d | |||
| c4e5747b6d | |||
| 341a0b80b4 | |||
| 4506f7c242 | |||
| 94278a6389 | |||
| a721a8be8b | |||
| 9ab43b34ef | |||
| 97a9150bf3 | |||
| 93f913a699 | |||
| 7fb9d9aa19 | |||
| f23705a93e | |||
| b1dc725ced | |||
| ed88f4ce94 | |||
| 8ce6e5e4e4 | |||
| 6afa7df444 | |||
| 7f753a4f38 | |||
| 21b2e3dd98 | |||
| 5e0c002fd5 | |||
| 20daf817e4 | |||
| 2044d4b2b6 | |||
| 8c37a4c049 | |||
| 2ee32580a2 | |||
| b16f14fdfd | |||
| b26d6b5acd | |||
| a82d54666a | |||
| 739fbb503c | |||
| 2cfd0a2fb7 | |||
| 781d7947e0 | |||
| 4c337afa9c | |||
| ae030386b4 | |||
| 1c2bcc2d92 | |||
| da2b6dd5c6 | |||
| c64504b819 | |||
| 4a9e7492f4 | |||
| ba57e2558d | |||
| 1c37141234 | |||
| 9072da4ab6 | |||
| 3f923c2d7d | |||
| 01555ee203 | |||
| a083f2f4ae | |||
| 27f65c10f7 | |||
| c6e525ad7c | |||
| ccc3c7d5c7 | |||
| 05c55498ce | |||
| 6b462f1a83 | |||
| 7382c632bc | |||
| aa32706120 | |||
| 4b0541caf5 | |||
| 299938d97e | |||
| 927030c337 | |||
| ef3c351bb0 | |||
| 84c4ea6936 | |||
| a277c8f969 | |||
| d1700f23fa | |||
| eb2d64f3b5 | |||
| 14214ab5e7 | |||
| baece236d3 | |||
| 6f642d85e0 | |||
| 25fa0140f0 | |||
| 27621992ad | |||
| e409cceae5 | |||
| 8cb082e3c5 | |||
| c199e9616f | |||
| f5457d8841 | |||
| d99d4a2893 | |||
| fbb98de40f | |||
| 706b593d1d | |||
| 45606679f5 | |||
| 7e099a2561 | |||
| 2808759338 | |||
| 42bb8f8792 | |||
| 05e693594d | |||
| 90e0046707 | |||
| 13eee93255 | |||
| 6243326665 | |||
| 7b2114cd0f | |||
| 36ae125e1e | |||
| 6055a79e6a | |||
| 01f7f678d3 | |||
| 14f1494fc3 | |||
| d3bac2fe60 | |||
| 5705f256fd | |||
| d59ae90cef | |||
| c1c34c69a5 | |||
| d2faada90a | |||
| 7fdbf0397d | |||
| fdef8c0a60 | |||
| c48bd0272e | |||
| d251915772 | |||
| da6e82d04b | |||
| dd101c6e9b | |||
| a611dd0f31 | |||
| 33cc0f9fe9 | |||
| 9f2790c500 | |||
| 105321971f | |||
| 236c92a5ef |
9
.claude/settings.json
Normal file
9
.claude/settings.json
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"permissions": {
|
||||
"allow": [
|
||||
"Bash(lake build)",
|
||||
"Bash(lake build *)",
|
||||
"Bash(export PATH=\"$HOME/.elan/bin:$PATH\")"
|
||||
]
|
||||
}
|
||||
}
|
||||
223
Analysis/Constant.agda
Normal file
223
Analysis/Constant.agda
Normal file
@@ -0,0 +1,223 @@
|
||||
|
||||
module Analysis.Constant where
|
||||
|
||||
open import Data.Integer as Int using (ℤ; +_; -[1+_]; _≟_)
|
||||
open import Data.Integer.Show as IntShow using ()
|
||||
open import Data.Nat as Nat using (ℕ; suc; zero)
|
||||
open import Data.Product using (Σ; proj₁; proj₂; _,_)
|
||||
open import Data.Sum using (inj₁; inj₂)
|
||||
open import Data.Empty using (⊥; ⊥-elim)
|
||||
open import Data.Unit using (⊤; tt)
|
||||
open import Data.List.Membership.Propositional as MemProp using () renaming (_∈_ to _∈ˡ_)
|
||||
open import Relation.Binary.PropositionalEquality using (_≡_; refl; sym; trans; subst)
|
||||
open import Relation.Nullary using (¬_; yes; no)
|
||||
|
||||
open import Equivalence
|
||||
open import Language
|
||||
open import Lattice
|
||||
open import Showable using (Showable; show)
|
||||
open import Utils using (_⇒_; _∧_; _∨_)
|
||||
open import Analysis.Utils using (eval-combine₂)
|
||||
import Analysis.Forward
|
||||
|
||||
instance
|
||||
showable : Showable ℤ
|
||||
showable = record
|
||||
{ show = IntShow.show
|
||||
}
|
||||
|
||||
instance
|
||||
≡-equiv : IsEquivalence ℤ _≡_
|
||||
≡-equiv = record
|
||||
{ ≈-refl = refl
|
||||
; ≈-sym = sym
|
||||
; ≈-trans = trans
|
||||
}
|
||||
|
||||
≡-Decidable-ℤ : IsDecidable {_} {ℤ} _≡_
|
||||
≡-Decidable-ℤ = record { R-dec = _≟_ }
|
||||
|
||||
-- embelish 'ℕ' with a top and bottom element.
|
||||
open import Lattice.AboveBelow ℤ _ as AB
|
||||
using ()
|
||||
renaming
|
||||
( AboveBelow to ConstLattice
|
||||
; ≈-dec to ≈ᶜ-dec
|
||||
; ⊥ to ⊥ᶜ
|
||||
; ⊤ to ⊤ᶜ
|
||||
; [_] to [_]ᶜ
|
||||
; _≈_ to _≈ᶜ_
|
||||
; ≈-⊥-⊥ to ≈ᶜ-⊥ᶜ-⊥ᶜ
|
||||
; ≈-⊤-⊤ to ≈ᶜ-⊤ᶜ-⊤ᶜ
|
||||
; ≈-lift to ≈ᶜ-lift
|
||||
; ≈-refl to ≈ᶜ-refl
|
||||
)
|
||||
-- 'ℕ''s structure is not finite, so just use a 'plain' above-below Lattice.
|
||||
open AB.Plain (+ 0) using ()
|
||||
renaming
|
||||
( isLattice to isLatticeᶜ
|
||||
; isFiniteHeightLattice to isFiniteHeightLatticeᵍ
|
||||
; _≼_ to _≼ᶜ_
|
||||
; _⊔_ to _⊔ᶜ_
|
||||
; _⊓_ to _⊓ᶜ_
|
||||
; ≼-trans to ≼ᶜ-trans
|
||||
; ≼-refl to ≼ᶜ-refl
|
||||
)
|
||||
|
||||
plus : ConstLattice → ConstLattice → ConstLattice
|
||||
plus ⊥ᶜ _ = ⊥ᶜ
|
||||
plus _ ⊥ᶜ = ⊥ᶜ
|
||||
plus ⊤ᶜ _ = ⊤ᶜ
|
||||
plus _ ⊤ᶜ = ⊤ᶜ
|
||||
plus [ z₁ ]ᶜ [ z₂ ]ᶜ = [ z₁ Int.+ z₂ ]ᶜ
|
||||
|
||||
-- this is incredibly tedious: 125 cases per monotonicity proof, and tactics
|
||||
-- are hard. postulate for now.
|
||||
postulate plus-Monoˡ : ∀ (s₂ : ConstLattice) → Monotonic _≼ᶜ_ _≼ᶜ_ (λ s₁ → plus s₁ s₂)
|
||||
postulate plus-Monoʳ : ∀ (s₁ : ConstLattice) → Monotonic _≼ᶜ_ _≼ᶜ_ (plus s₁)
|
||||
|
||||
plus-Mono₂ : Monotonic₂ _≼ᶜ_ _≼ᶜ_ _≼ᶜ_ plus
|
||||
plus-Mono₂ = (plus-Monoˡ , plus-Monoʳ)
|
||||
|
||||
minus : ConstLattice → ConstLattice → ConstLattice
|
||||
minus ⊥ᶜ _ = ⊥ᶜ
|
||||
minus _ ⊥ᶜ = ⊥ᶜ
|
||||
minus ⊤ᶜ _ = ⊤ᶜ
|
||||
minus _ ⊤ᶜ = ⊤ᶜ
|
||||
minus [ z₁ ]ᶜ [ z₂ ]ᶜ = [ z₁ Int.- z₂ ]ᶜ
|
||||
|
||||
postulate minus-Monoˡ : ∀ (s₂ : ConstLattice) → Monotonic _≼ᶜ_ _≼ᶜ_ (λ s₁ → minus s₁ s₂)
|
||||
postulate minus-Monoʳ : ∀ (s₁ : ConstLattice) → Monotonic _≼ᶜ_ _≼ᶜ_ (minus s₁)
|
||||
|
||||
minus-Mono₂ : Monotonic₂ _≼ᶜ_ _≼ᶜ_ _≼ᶜ_ minus
|
||||
minus-Mono₂ = (minus-Monoˡ , minus-Monoʳ)
|
||||
|
||||
⟦_⟧ᶜ : ConstLattice → Value → Set
|
||||
⟦_⟧ᶜ ⊥ᶜ _ = ⊥
|
||||
⟦_⟧ᶜ ⊤ᶜ _ = ⊤
|
||||
⟦_⟧ᶜ [ z ]ᶜ v = v ≡ ↑ᶻ z
|
||||
|
||||
⟦⟧ᶜ-respects-≈ᶜ : ∀ {s₁ s₂ : ConstLattice} → s₁ ≈ᶜ s₂ → ⟦ s₁ ⟧ᶜ ⇒ ⟦ s₂ ⟧ᶜ
|
||||
⟦⟧ᶜ-respects-≈ᶜ ≈ᶜ-⊥ᶜ-⊥ᶜ v bot = bot
|
||||
⟦⟧ᶜ-respects-≈ᶜ ≈ᶜ-⊤ᶜ-⊤ᶜ v top = top
|
||||
⟦⟧ᶜ-respects-≈ᶜ (≈ᶜ-lift { z } { z } refl) v proof = proof
|
||||
|
||||
⟦⟧ᶜ-⊔ᶜ-∨ : ∀ {s₁ s₂ : ConstLattice} → (⟦ s₁ ⟧ᶜ ∨ ⟦ s₂ ⟧ᶜ) ⇒ ⟦ s₁ ⊔ᶜ s₂ ⟧ᶜ
|
||||
⟦⟧ᶜ-⊔ᶜ-∨ {⊥ᶜ} x (inj₂ px₂) = px₂
|
||||
⟦⟧ᶜ-⊔ᶜ-∨ {⊤ᶜ} x _ = tt
|
||||
⟦⟧ᶜ-⊔ᶜ-∨ {[ s₁ ]ᶜ} {[ s₂ ]ᶜ} x px
|
||||
with s₁ ≟ s₂
|
||||
... | no _ = tt
|
||||
... | yes refl
|
||||
with px
|
||||
... | inj₁ px₁ = px₁
|
||||
... | inj₂ px₂ = px₂
|
||||
⟦⟧ᶜ-⊔ᶜ-∨ {[ s₁ ]ᶜ} {⊥ᶜ} x (inj₁ px₁) = px₁
|
||||
⟦⟧ᶜ-⊔ᶜ-∨ {[ s₁ ]ᶜ} {⊤ᶜ} x _ = tt
|
||||
|
||||
s₁≢s₂⇒¬s₁∧s₂ : ∀ {z₁ z₂ : ℤ} → ¬ z₁ ≡ z₂ → ∀ {v} → ¬ ((⟦ [ z₁ ]ᶜ ⟧ᶜ ∧ ⟦ [ z₂ ]ᶜ ⟧ᶜ) v)
|
||||
s₁≢s₂⇒¬s₁∧s₂ { z₁ } { z₂ } z₁≢z₂ {v} (v≡z₁ , v≡z₂)
|
||||
with refl ← trans (sym v≡z₁) v≡z₂ = z₁≢z₂ refl
|
||||
|
||||
⟦⟧ᶜ-⊓ᶜ-∧ : ∀ {s₁ s₂ : ConstLattice} → (⟦ s₁ ⟧ᶜ ∧ ⟦ s₂ ⟧ᶜ) ⇒ ⟦ s₁ ⊓ᶜ s₂ ⟧ᶜ
|
||||
⟦⟧ᶜ-⊓ᶜ-∧ {⊥ᶜ} x (bot , _) = bot
|
||||
⟦⟧ᶜ-⊓ᶜ-∧ {⊤ᶜ} x (_ , px₂) = px₂
|
||||
⟦⟧ᶜ-⊓ᶜ-∧ {[ s₁ ]ᶜ} {[ s₂ ]ᶜ} x (px₁ , px₂)
|
||||
with s₁ ≟ s₂
|
||||
... | no s₁≢s₂ = s₁≢s₂⇒¬s₁∧s₂ s₁≢s₂ (px₁ , px₂)
|
||||
... | yes refl = px₁
|
||||
⟦⟧ᶜ-⊓ᶜ-∧ {[ g₁ ]ᶜ} {⊥ᶜ} x (_ , bot) = bot
|
||||
⟦⟧ᶜ-⊓ᶜ-∧ {[ g₁ ]ᶜ} {⊤ᶜ} x (px₁ , _) = px₁
|
||||
|
||||
instance
|
||||
latticeInterpretationᶜ : LatticeInterpretation isLatticeᶜ
|
||||
latticeInterpretationᶜ = record
|
||||
{ ⟦_⟧ = ⟦_⟧ᶜ
|
||||
; ⟦⟧-respects-≈ = ⟦⟧ᶜ-respects-≈ᶜ
|
||||
; ⟦⟧-⊔-∨ = ⟦⟧ᶜ-⊔ᶜ-∨
|
||||
; ⟦⟧-⊓-∧ = ⟦⟧ᶜ-⊓ᶜ-∧
|
||||
}
|
||||
|
||||
module WithProg (prog : Program) where
|
||||
open Program prog
|
||||
|
||||
open import Analysis.Forward.Lattices ConstLattice prog
|
||||
open import Analysis.Forward.Evaluation ConstLattice prog
|
||||
open import Analysis.Forward.Adapters ConstLattice prog
|
||||
|
||||
eval : ∀ (e : Expr) → VariableValues → ConstLattice
|
||||
eval (e₁ + e₂) vs = plus (eval e₁ vs) (eval e₂ vs)
|
||||
eval (e₁ - e₂) vs = minus (eval e₁ vs) (eval e₂ vs)
|
||||
eval (` k) vs
|
||||
with ∈k-decᵛ k (proj₁ (proj₁ vs))
|
||||
... | yes k∈vs = proj₁ (locateᵛ {k} {vs} k∈vs)
|
||||
... | no _ = ⊤ᶜ
|
||||
eval (# n) _ = [ + n ]ᶜ
|
||||
|
||||
eval-Monoʳ : ∀ (e : Expr) → Monotonic _≼ᵛ_ _≼ᶜ_ (eval e)
|
||||
eval-Monoʳ (e₁ + e₂) {vs₁} {vs₂} vs₁≼vs₂ =
|
||||
eval-combine₂ (λ {x} {y} {z} → ≼ᶜ-trans {x} {y} {z})
|
||||
plus plus-Mono₂ {o₁ = eval e₁ vs₁}
|
||||
(eval-Monoʳ e₁ vs₁≼vs₂) (eval-Monoʳ e₂ vs₁≼vs₂)
|
||||
eval-Monoʳ (e₁ - e₂) {vs₁} {vs₂} vs₁≼vs₂ =
|
||||
eval-combine₂ (λ {x} {y} {z} → ≼ᶜ-trans {x} {y} {z})
|
||||
minus minus-Mono₂ {o₁ = eval e₁ vs₁}
|
||||
(eval-Monoʳ e₁ vs₁≼vs₂) (eval-Monoʳ e₂ vs₁≼vs₂)
|
||||
eval-Monoʳ (` k) {vs₁@((kvs₁ , _) , _)} {vs₂@((kvs₂ , _), _)} vs₁≼vs₂
|
||||
with ∈k-decᵛ k kvs₁ | ∈k-decᵛ k kvs₂
|
||||
... | yes k∈kvs₁ | yes k∈kvs₂ =
|
||||
let
|
||||
(v₁ , k,v₁∈vs₁) = locateᵛ {k} {vs₁} k∈kvs₁
|
||||
(v₂ , k,v₂∈vs₂) = locateᵛ {k} {vs₂} k∈kvs₂
|
||||
in
|
||||
m₁≼m₂⇒m₁[k]ᵛ≼m₂[k]ᵛ vs₁ vs₂ vs₁≼vs₂ k,v₁∈vs₁ k,v₂∈vs₂
|
||||
... | yes k∈kvs₁ | no k∉kvs₂ = ⊥-elim (k∉kvs₂ (subst (λ l → k ∈ˡ l) (all-equal-keysᵛ vs₁ vs₂) k∈kvs₁))
|
||||
... | no k∉kvs₁ | yes k∈kvs₂ = ⊥-elim (k∉kvs₁ (subst (λ l → k ∈ˡ l) (all-equal-keysᵛ vs₂ vs₁) k∈kvs₂))
|
||||
... | no k∉kvs₁ | no k∉kvs₂ = IsLattice.≈-refl isLatticeᶜ
|
||||
eval-Monoʳ (# n) _ = ≼ᶜ-refl ([ + n ]ᶜ)
|
||||
|
||||
instance
|
||||
ConstEval : ExprEvaluator
|
||||
ConstEval = record { eval = eval; eval-Monoʳ = eval-Monoʳ }
|
||||
|
||||
-- For debugging purposes, print out the result.
|
||||
output = show (Analysis.Forward.WithProg.result ConstLattice prog)
|
||||
|
||||
-- This should have fewer cases -- the same number as the actual 'plus' above.
|
||||
-- But agda only simplifies on first argument, apparently, so we are stuck
|
||||
-- listing them all.
|
||||
plus-valid : ∀ {g₁ g₂} {z₁ z₂} → ⟦ g₁ ⟧ᶜ (↑ᶻ z₁) → ⟦ g₂ ⟧ᶜ (↑ᶻ z₂) → ⟦ plus g₁ g₂ ⟧ᶜ (↑ᶻ (z₁ Int.+ z₂))
|
||||
plus-valid {⊥ᶜ} {_} ⊥ _ = ⊥
|
||||
plus-valid {[ z ]ᶜ} {⊥ᶜ} _ ⊥ = ⊥
|
||||
plus-valid {⊤ᶜ} {⊥ᶜ} _ ⊥ = ⊥
|
||||
plus-valid {⊤ᶜ} {[ z ]ᶜ} _ _ = tt
|
||||
plus-valid {⊤ᶜ} {⊤ᶜ} _ _ = tt
|
||||
plus-valid {[ z₁ ]ᶜ} {[ z₂ ]ᶜ} refl refl = refl
|
||||
plus-valid {[ z ]ᶜ} {⊤ᶜ} _ _ = tt
|
||||
--
|
||||
-- Same for this one. It should be easier, but Agda won't simplify.
|
||||
minus-valid : ∀ {g₁ g₂} {z₁ z₂} → ⟦ g₁ ⟧ᶜ (↑ᶻ z₁) → ⟦ g₂ ⟧ᶜ (↑ᶻ z₂) → ⟦ minus g₁ g₂ ⟧ᶜ (↑ᶻ (z₁ Int.- z₂))
|
||||
minus-valid {⊥ᶜ} {_} ⊥ _ = ⊥
|
||||
minus-valid {[ z ]ᶜ} {⊥ᶜ} _ ⊥ = ⊥
|
||||
minus-valid {⊤ᶜ} {⊥ᶜ} _ ⊥ = ⊥
|
||||
minus-valid {⊤ᶜ} {[ z ]ᶜ} _ _ = tt
|
||||
minus-valid {⊤ᶜ} {⊤ᶜ} _ _ = tt
|
||||
minus-valid {[ z₁ ]ᶜ} {[ z₂ ]ᶜ} refl refl = refl
|
||||
minus-valid {[ z ]ᶜ} {⊤ᶜ} _ _ = tt
|
||||
|
||||
eval-valid : IsValidExprEvaluator
|
||||
eval-valid (⇒ᵉ-+ ρ e₁ e₂ z₁ z₂ ρ,e₁⇒z₁ ρ,e₂⇒z₂) ⟦vs⟧ρ =
|
||||
plus-valid (eval-valid ρ,e₁⇒z₁ ⟦vs⟧ρ) (eval-valid ρ,e₂⇒z₂ ⟦vs⟧ρ)
|
||||
eval-valid (⇒ᵉ-- ρ e₁ e₂ z₁ z₂ ρ,e₁⇒z₁ ρ,e₂⇒z₂) ⟦vs⟧ρ =
|
||||
minus-valid (eval-valid ρ,e₁⇒z₁ ⟦vs⟧ρ) (eval-valid ρ,e₂⇒z₂ ⟦vs⟧ρ)
|
||||
eval-valid {vs} (⇒ᵉ-Var ρ x v x,v∈ρ) ⟦vs⟧ρ
|
||||
with ∈k-decᵛ x (proj₁ (proj₁ vs))
|
||||
... | yes x∈kvs = ⟦vs⟧ρ (proj₂ (locateᵛ {x} {vs} x∈kvs)) x,v∈ρ
|
||||
... | no x∉kvs = tt
|
||||
eval-valid (⇒ᵉ-ℕ ρ n) _ = refl
|
||||
|
||||
instance
|
||||
ConstEvalValid : ValidExprEvaluator ConstEval latticeInterpretationᶜ
|
||||
ConstEvalValid = record { valid = eval-valid }
|
||||
|
||||
analyze-correct = Analysis.Forward.WithProg.analyze-correct ConstLattice prog tt
|
||||
@@ -8,6 +8,7 @@ module Analysis.Forward
|
||||
{{≈ˡ-dec : IsDecidable _≈ˡ_}} where
|
||||
|
||||
open import Data.Empty using (⊥-elim)
|
||||
open import Data.Unit using (⊤)
|
||||
open import Data.String using (String)
|
||||
open import Data.Product using (_,_)
|
||||
open import Data.List using (_∷_; []; foldr; foldl)
|
||||
@@ -20,7 +21,7 @@ open IsFiniteHeightLattice isFiniteHeightLatticeˡ
|
||||
using () renaming (isLattice to isLatticeˡ)
|
||||
|
||||
module WithProg (prog : Program) where
|
||||
open import Analysis.Forward.Lattices L prog hiding (≈ᵛ-Decidable) -- to disambiguate instance resolution
|
||||
open import Analysis.Forward.Lattices L prog hiding (≈ᵛ-Decidable; ≈ᵐ-Decidable) -- to disambiguate instance resolution
|
||||
open import Analysis.Forward.Evaluation L prog
|
||||
open Program prog
|
||||
|
||||
@@ -65,7 +66,7 @@ module WithProg (prog : Program) where
|
||||
(joinAll-Mono {sv₁} {sv₂} sv₁≼sv₂)
|
||||
|
||||
-- The fixed point of the 'analyze' function is our final goal.
|
||||
open import Fixedpoint ≈ᵐ-Decidable isFiniteHeightLatticeᵐ analyze (λ {m₁} {m₂} m₁≼m₂ → analyze-Mono {m₁} {m₂} m₁≼m₂)
|
||||
open import Fixedpoint analyze (λ {m₁} {m₂} m₁≼m₂ → analyze-Mono {m₁} {m₂} m₁≼m₂)
|
||||
using ()
|
||||
renaming (aᶠ to result; aᶠ≈faᶠ to result≈analyze-result)
|
||||
public
|
||||
@@ -77,7 +78,7 @@ module WithProg (prog : Program) where
|
||||
updateAll-k∈ks-≡ {l = sv} (states-complete s) s,vs∈usv
|
||||
|
||||
module WithValidInterpretation {{latticeInterpretationˡ : LatticeInterpretation isLatticeˡ}}
|
||||
{{validEvaluator : ValidStmtEvaluator evaluator latticeInterpretationˡ}} where
|
||||
{{validEvaluator : ValidStmtEvaluator evaluator latticeInterpretationˡ}} (dummy : ⊤) where
|
||||
open ValidStmtEvaluator validEvaluator
|
||||
|
||||
eval-fold-valid : ∀ {s bss vs ρ₁ ρ₂} → ρ₁ , bss ⇒ᵇˢ ρ₂ → ⟦ vs ⟧ᵛ ρ₁ → ⟦ foldl (flip (eval s)) vs bss ⟧ᵛ ρ₂
|
||||
|
||||
@@ -16,6 +16,7 @@ open import Lattice
|
||||
open import Equivalence
|
||||
open import Showable using (Showable; show)
|
||||
open import Utils using (_⇒_; _∧_; _∨_)
|
||||
open import Analysis.Utils using (eval-combine₂)
|
||||
import Analysis.Forward
|
||||
|
||||
data Sign : Set where
|
||||
@@ -101,6 +102,9 @@ plus [ 0ˢ ]ᵍ [ 0ˢ ]ᵍ = [ 0ˢ ]ᵍ
|
||||
postulate plus-Monoˡ : ∀ (s₂ : SignLattice) → Monotonic _≼ᵍ_ _≼ᵍ_ (λ s₁ → plus s₁ s₂)
|
||||
postulate plus-Monoʳ : ∀ (s₁ : SignLattice) → Monotonic _≼ᵍ_ _≼ᵍ_ (plus s₁)
|
||||
|
||||
plus-Mono₂ : Monotonic₂ _≼ᵍ_ _≼ᵍ_ _≼ᵍ_ plus
|
||||
plus-Mono₂ = (plus-Monoˡ , plus-Monoʳ)
|
||||
|
||||
minus : SignLattice → SignLattice → SignLattice
|
||||
minus ⊥ᵍ _ = ⊥ᵍ
|
||||
minus _ ⊥ᵍ = ⊥ᵍ
|
||||
@@ -119,6 +123,9 @@ minus [ 0ˢ ]ᵍ [ 0ˢ ]ᵍ = [ 0ˢ ]ᵍ
|
||||
postulate minus-Monoˡ : ∀ (s₂ : SignLattice) → Monotonic _≼ᵍ_ _≼ᵍ_ (λ s₁ → minus s₁ s₂)
|
||||
postulate minus-Monoʳ : ∀ (s₁ : SignLattice) → Monotonic _≼ᵍ_ _≼ᵍ_ (minus s₁)
|
||||
|
||||
minus-Mono₂ : Monotonic₂ _≼ᵍ_ _≼ᵍ_ _≼ᵍ_ minus
|
||||
minus-Mono₂ = (minus-Monoˡ , minus-Monoʳ)
|
||||
|
||||
⟦_⟧ᵍ : SignLattice → Value → Set
|
||||
⟦_⟧ᵍ ⊥ᵍ _ = ⊥
|
||||
⟦_⟧ᵍ ⊤ᵍ _ = ⊤
|
||||
@@ -195,29 +202,13 @@ module WithProg (prog : Program) where
|
||||
|
||||
eval-Monoʳ : ∀ (e : Expr) → Monotonic _≼ᵛ_ _≼ᵍ_ (eval e)
|
||||
eval-Monoʳ (e₁ + e₂) {vs₁} {vs₂} vs₁≼vs₂ =
|
||||
let
|
||||
-- TODO: can this be done with less boilerplate?
|
||||
g₁vs₁ = eval e₁ vs₁
|
||||
g₂vs₁ = eval e₂ vs₁
|
||||
g₁vs₂ = eval e₁ vs₂
|
||||
g₂vs₂ = eval e₂ vs₂
|
||||
in
|
||||
≼ᵍ-trans
|
||||
{plus g₁vs₁ g₂vs₁} {plus g₁vs₂ g₂vs₁} {plus g₁vs₂ g₂vs₂}
|
||||
(plus-Monoˡ g₂vs₁ {g₁vs₁} {g₁vs₂} (eval-Monoʳ e₁ {vs₁} {vs₂} vs₁≼vs₂))
|
||||
(plus-Monoʳ g₁vs₂ {g₂vs₁} {g₂vs₂} (eval-Monoʳ e₂ {vs₁} {vs₂} vs₁≼vs₂))
|
||||
eval-combine₂ (λ {x} {y} {z} → ≼ᵍ-trans {x} {y} {z})
|
||||
plus plus-Mono₂ {o₁ = eval e₁ vs₁}
|
||||
(eval-Monoʳ e₁ vs₁≼vs₂) (eval-Monoʳ e₂ vs₁≼vs₂)
|
||||
eval-Monoʳ (e₁ - e₂) {vs₁} {vs₂} vs₁≼vs₂ =
|
||||
let
|
||||
-- TODO: here too -- can this be done with less boilerplate?
|
||||
g₁vs₁ = eval e₁ vs₁
|
||||
g₂vs₁ = eval e₂ vs₁
|
||||
g₁vs₂ = eval e₁ vs₂
|
||||
g₂vs₂ = eval e₂ vs₂
|
||||
in
|
||||
≼ᵍ-trans
|
||||
{minus g₁vs₁ g₂vs₁} {minus g₁vs₂ g₂vs₁} {minus g₁vs₂ g₂vs₂}
|
||||
(minus-Monoˡ g₂vs₁ {g₁vs₁} {g₁vs₂} (eval-Monoʳ e₁ {vs₁} {vs₂} vs₁≼vs₂))
|
||||
(minus-Monoʳ g₁vs₂ {g₂vs₁} {g₂vs₂} (eval-Monoʳ e₂ {vs₁} {vs₂} vs₁≼vs₂))
|
||||
eval-combine₂ (λ {x} {y} {z} → ≼ᵍ-trans {x} {y} {z})
|
||||
minus minus-Mono₂ {o₁ = eval e₁ vs₁}
|
||||
(eval-Monoʳ e₁ vs₁≼vs₂) (eval-Monoʳ e₂ vs₁≼vs₂)
|
||||
eval-Monoʳ (` k) {vs₁@((kvs₁ , _) , _)} {vs₂@((kvs₂ , _), _)} vs₁≼vs₂
|
||||
with ∈k-decᵛ k kvs₁ | ∈k-decᵛ k kvs₂
|
||||
... | yes k∈kvs₁ | yes k∈kvs₂ =
|
||||
@@ -301,4 +292,8 @@ module WithProg (prog : Program) where
|
||||
eval-valid (⇒ᵉ-ℕ ρ 0) _ = refl
|
||||
eval-valid (⇒ᵉ-ℕ ρ (suc n')) _ = (n' , refl)
|
||||
|
||||
analyze-correct = Analysis.Forward.WithProg.analyze-correct
|
||||
instance
|
||||
SignEvalValid : ValidExprEvaluator SignEval latticeInterpretationᵍ
|
||||
SignEvalValid = record { valid = eval-valid }
|
||||
|
||||
analyze-correct = Analysis.Forward.WithProg.analyze-correct SignLattice prog tt
|
||||
|
||||
15
Analysis/Utils.agda
Normal file
15
Analysis/Utils.agda
Normal file
@@ -0,0 +1,15 @@
|
||||
module Analysis.Utils where
|
||||
|
||||
open import Data.Product using (_,_)
|
||||
open import Lattice
|
||||
|
||||
module _ {o} {O : Set o} {_≼ᴼ_ : O → O → Set o}
|
||||
(≼ᴼ-trans : ∀ {o₁ o₂ o₃} → o₁ ≼ᴼ o₂ → o₂ ≼ᴼ o₃ → o₁ ≼ᴼ o₃)
|
||||
(combine : O → O → O) (combine-Mono₂ : Monotonic₂ _≼ᴼ_ _≼ᴼ_ _≼ᴼ_ combine) where
|
||||
|
||||
eval-combine₂ : {o₁ o₂ o₃ o₄ : O} → o₁ ≼ᴼ o₃ → o₂ ≼ᴼ o₄ →
|
||||
combine o₁ o₂ ≼ᴼ combine o₃ o₄
|
||||
eval-combine₂ {o₁} {o₂} {o₃} {o₄} o₁≼o₃ o₂≼o₄ =
|
||||
let (combine-Monoˡ , combine-Monoʳ) = combine-Mono₂
|
||||
in ≼ᴼ-trans (combine-Monoˡ o₂ o₁≼o₃)
|
||||
(combine-Monoʳ o₃ o₂≼o₄)
|
||||
@@ -2,7 +2,7 @@ module Equivalence where
|
||||
|
||||
open import Data.Product using (_×_; Σ; _,_; proj₁; proj₂)
|
||||
open import Relation.Binary.Definitions
|
||||
open import Relation.Binary.PropositionalEquality as Eq using (_≡_; sym)
|
||||
open import Relation.Binary.PropositionalEquality as Eq using (_≡_; refl; sym; trans)
|
||||
|
||||
module _ {a} (A : Set a) (_≈_ : A → A → Set a) where
|
||||
IsReflexive : Set a
|
||||
@@ -19,3 +19,10 @@ module _ {a} (A : Set a) (_≈_ : A → A → Set a) where
|
||||
≈-refl : IsReflexive
|
||||
≈-sym : IsSymmetric
|
||||
≈-trans : IsTransitive
|
||||
|
||||
isEquivalence-≡ : ∀ {a} {A : Set a} → IsEquivalence A _≡_
|
||||
isEquivalence-≡ = record
|
||||
{ ≈-refl = refl
|
||||
; ≈-sym = sym
|
||||
; ≈-trans = trans
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@ module Fixedpoint {a} {A : Set a}
|
||||
{h : ℕ}
|
||||
{_≈_ : A → A → Set a}
|
||||
{_⊔_ : A → A → A} {_⊓_ : A → A → A}
|
||||
(≈-Decidable : IsDecidable _≈_)
|
||||
(flA : IsFiniteHeightLattice A h _≈_ _⊔_ _⊓_)
|
||||
{{ ≈-Decidable : IsDecidable _≈_ }}
|
||||
{{flA : IsFiniteHeightLattice A h _≈_ _⊔_ _⊓_}}
|
||||
(f : A → A)
|
||||
(Monotonicᶠ : Monotonic (IsFiniteHeightLattice._≼_ flA)
|
||||
(IsFiniteHeightLattice._≼_ flA) f) where
|
||||
@@ -28,24 +28,9 @@ private
|
||||
using ()
|
||||
renaming
|
||||
( ⊥ to ⊥ᴬ
|
||||
; longestChain to longestChainᴬ
|
||||
; bounded to boundedᴬ
|
||||
)
|
||||
|
||||
|
||||
⊥ᴬ≼ : ∀ (a : A) → ⊥ᴬ ≼ a
|
||||
⊥ᴬ≼ a with ≈-dec a ⊥ᴬ
|
||||
... | yes a≈⊥ᴬ = ≼-cong a≈⊥ᴬ ≈-refl (≼-refl a)
|
||||
... | no a̷≈⊥ᴬ with ≈-dec ⊥ᴬ (a ⊓ ⊥ᴬ)
|
||||
... | yes ⊥ᴬ≈a⊓⊥ᴬ = ≈-trans (⊔-comm ⊥ᴬ a) (≈-trans (≈-⊔-cong (≈-refl {a}) ⊥ᴬ≈a⊓⊥ᴬ) (absorb-⊔-⊓ a ⊥ᴬ))
|
||||
... | no ⊥ᴬ̷≈a⊓⊥ᴬ = ⊥-elim (ChainA.Bounded-suc-n boundedᴬ (ChainA.step x≺⊥ᴬ ≈-refl longestChainᴬ))
|
||||
where
|
||||
⊥ᴬ⊓a̷≈⊥ᴬ : ¬ (⊥ᴬ ⊓ a) ≈ ⊥ᴬ
|
||||
⊥ᴬ⊓a̷≈⊥ᴬ = λ ⊥ᴬ⊓a≈⊥ᴬ → ⊥ᴬ̷≈a⊓⊥ᴬ (≈-trans (≈-sym ⊥ᴬ⊓a≈⊥ᴬ) (⊓-comm _ _))
|
||||
|
||||
x≺⊥ᴬ : (⊥ᴬ ⊓ a) ≺ ⊥ᴬ
|
||||
x≺⊥ᴬ = (≈-trans (⊔-comm _ _) (≈-trans (≈-refl {⊥ᴬ ⊔ (⊥ᴬ ⊓ a)}) (absorb-⊔-⊓ ⊥ᴬ a)) , ⊥ᴬ⊓a̷≈⊥ᴬ)
|
||||
|
||||
-- using 'g', for gas, here helps make sure the function terminates.
|
||||
-- since A forms a fixed-height lattice, we must find a solution after
|
||||
-- 'h' steps at most. Gas is set up such that as soon as it runs
|
||||
@@ -65,7 +50,7 @@ private
|
||||
c' rewrite +-comm 1 hᶜ = ChainA.concat c (ChainA.step a₂≺fa₂ ≈-refl (ChainA.done (≈-refl {f a₂})))
|
||||
|
||||
fix : Σ A (λ a → a ≈ f a)
|
||||
fix = doStep (suc h) 0 ⊥ᴬ ⊥ᴬ (ChainA.done ≈-refl) (+-comm (suc h) 0) (⊥ᴬ≼ (f ⊥ᴬ))
|
||||
fix = doStep (suc h) 0 ⊥ᴬ ⊥ᴬ (ChainA.done ≈-refl) (+-comm (suc h) 0) (⊥≼ (f ⊥ᴬ))
|
||||
|
||||
aᶠ : A
|
||||
aᶠ = proj₁ fix
|
||||
@@ -85,4 +70,4 @@ private
|
||||
... | no _ = stepPreservesLess g' _ _ _ b b≈fb (≼-cong ≈-refl (≈-sym b≈fb) (Monotonicᶠ a₂≼b)) _ _ _
|
||||
|
||||
aᶠ≼ : ∀ (a : A) → a ≈ f a → aᶠ ≼ a
|
||||
aᶠ≼ a a≈fa = stepPreservesLess (suc h) 0 ⊥ᴬ ⊥ᴬ a a≈fa (⊥ᴬ≼ a) (ChainA.done ≈-refl) (+-comm (suc h) 0) (⊥ᴬ≼ (f ⊥ᴬ))
|
||||
aᶠ≼ a a≈fa = stepPreservesLess (suc h) 0 ⊥ᴬ ⊥ᴬ a a≈fa (⊥≼ a) (ChainA.done ≈-refl) (+-comm (suc h) 0) (⊥≼ (f ⊥ᴬ))
|
||||
|
||||
@@ -68,6 +68,7 @@ module TransportFiniteHeight
|
||||
renaming (⊥ to ⊥₁; ⊤ to ⊤₁; bounded to bounded₁; longestChain to c)
|
||||
|
||||
instance
|
||||
fixedHeight : IsLattice.FixedHeight lB height
|
||||
fixedHeight = record
|
||||
{ ⊥ = f ⊥₁
|
||||
; ⊤ = f ⊤₁
|
||||
|
||||
117
LEAN_MIGRATION.md
Normal file
117
LEAN_MIGRATION.md
Normal file
@@ -0,0 +1,117 @@
|
||||
# Agda → Lean 4 (mathlib) migration plan
|
||||
|
||||
Goal: port the static-analysis framework to Lean 4 + mathlib, preserving the
|
||||
overall structure and **the same theorems/lemmas** (modulo language details),
|
||||
while lifting custom machinery into mathlib wherever a standard counterpart
|
||||
exists. Per discussion, the setoid equality (`_≈_`) is **dropped in favor of
|
||||
propositional `=`** — it existed mainly so that unordered key-value maps could
|
||||
be "equal"; representations below are chosen to be canonical so `=` works.
|
||||
|
||||
The Lean project lives in `lean/` (library root `Spa`). Each phase ends with a
|
||||
green `lake build` and a correspondence table appended to this file, so you can
|
||||
validate phase by phase.
|
||||
|
||||
## Design mapping
|
||||
|
||||
| Agda | Lean | Notes |
|
||||
|---|---|---|
|
||||
| `Equivalence.agda` | *lifted*: `Eq`, `Equivalence` | module disappears |
|
||||
| `IsDecidable` | *lifted*: `DecidableEq` / `DecidableRel` | mathlib is classical; decidability kept only where functions compute (e.g. the fixpoint iteration) |
|
||||
| `Showable.agda` | *lifted*: `ToString` | |
|
||||
| `Lattice.agda` `IsSemilattice` (`⊔-assoc/comm/idemp`, `≼`, `≼-refl/trans/antisym`, `x≼x⊔y`, `⊔-Monotonicˡ/ʳ`) | *lifted*: `SemilatticeSup` (`sup_assoc`, `sup_comm`, `sup_idem`, `≤` with `sup_eq_right`, `le_refl`, `le_trans`, `le_antisymm`, `le_sup_left`, `sup_le_sup_left/right`) | `a ≼ b := a ⊔ b ≈ b` becomes `a ≤ b` with bridge lemma `sup_eq_right` |
|
||||
| `IsLattice` (`absorb-⊔-⊓`, `absorb-⊓-⊔`) | *lifted*: `Lattice` (`sup_inf_self`, `inf_sup_self`) | |
|
||||
| `Monotonic`, `Monotonicˡ/ʳ/₂` | *lifted*: `Monotone` (+ tiny aliases) | |
|
||||
| `foldr-Mono`, `foldl-Mono`, `foldr-Mono'`, `foldl-Mono'` | custom, `Spa/Lattice.lean` | stated with `List.Forall₂` (≙ `Utils.Pairwise`) |
|
||||
| `Chain.agda` (`Chain`, `concat`, `Chain-map` in `ChainMapping`) | *lifted*: `LTSeries` (`RelSeries.smash`, `LTSeries.map` + `Monotone.strictMono_of_injective`) | with `=`, the ≈-congruence steps in chains vanish |
|
||||
| `Chain.Height`, `Bounded`, `Bounded-suc-n` | custom: `Spa.FixedHeight` structure (`⊥`, `⊤`, longest `LTSeries`, `bounded`) | |
|
||||
| `IsFiniteHeightLattice`, `FiniteHeightLattice` | custom class `Spa.FiniteHeightLattice` | |
|
||||
| `⊥≼` (chain bottom is least, given decidable eq) | custom, same proof shape (prepend `⊥⊓a ≺ ⊥` to longest chain) | decidability hypothesis dropped (classical) |
|
||||
| `Fixedpoint.agda` (`doStep` with gas, `aᶠ`, `aᶠ≈faᶠ`, `aᶠ≼`) | custom, `Spa/Fixedpoint.lean`, same gas-based algorithm | **not** replaced by mathlib `lfp` (would change the proof approach and lose computability) |
|
||||
| `Isomorphism.agda` (`TransportFiniteHeight`) | custom, `Spa/Isomorphism.lean` | much smaller: with `=`, f/g monotone inverse pair transports `FixedHeight` via `LTSeries.map` |
|
||||
| `Lattice/Unit.agda` | *lifted*: mathlib `Lattice PUnit`; custom `FixedHeight PUnit 0` | |
|
||||
| `Lattice/Nat.agda` (max/min lattice) | *lifted*: mathlib `Lattice ℕ` (`Nat.instLattice`) | kept only as a remark; file had no fixed-height content |
|
||||
| `Lattice/Prod.agda` | instance *lifted* (`Prod.instLattice`); custom: `unzip` + `FixedHeight (A×B) (h₁+h₂)` | same proof: split a product chain into component chains |
|
||||
| `Lattice/AboveBelow.agda` (flat lattice ⊥/[x]/⊤) | custom, same datatype; `Plain` module ⇒ `FixedHeight 2` | mathlib has no flat-lattice-on-discrete-type |
|
||||
| `Lattice/ExtendBelow.agda` | *lifted*: `WithBot A` lattice instance; custom `FixedHeight (h+1)` | unused by the pipeline; ported for parity (optional) |
|
||||
| `Lattice/IterProd.agda` | custom, same induction (`IterProd k = A × … × B`), lattice + height-sum by recursion | the `Everything` record trick survives as a recursive definition of bundled instances |
|
||||
| `Lattice/Map.agda` (assoc list with `Unique` keys, setoid) | **deleted**: only existed to support setoid map equality | its consumers move to `Finset` / spine-fixed `FiniteMap` |
|
||||
| `Lattice/MapSet.agda` (`StringSet`) | *lifted*: `Finset String` (`∪`, `{·}`, `∅`, `.toList`, `nodup_toList`) | |
|
||||
| `Lattice/FiniteMap.agda` | custom: `{ l : List (A × B) // l.map Prod.fst = ks }` — key spine fixed ⇒ `=` is pointwise value equality | same API: `locate`, `_[_]`, `GeneralizedUpdate` (`f'`, `f'-Monotonic`, `f'-k∈ks-≡`, `f'-k∉ks-backward`), `m₁≼m₂⇒m₁[k]≼m₂[k]`, `Provenance-union` analog; fixed height **still via isomorphism to `IterProd`** (same approach) |
|
||||
| `Lattice/Builder.agda` | **skipped** — not imported by anything in the repo | flag if you want it |
|
||||
| `Utils.agda` | *lifted*: `Unique`→`List.Nodup`, `Pairwise`→`List.Forall₂`, `fins`→`List.finRange`, `∈-cartesianProduct`→`List.product`/`pair_mem_product`, `x∈xs⇒fx∈fxs`→`List.mem_map_of_mem`, `filter-++`→`List.filter_append`, `iterate`→`f^[n]`, `concat-∈`→`List.mem_join`, `All¬-¬Any` etc. → `List.All`/`Any` API | leftovers (if any) in `Spa/Utils.lean` |
|
||||
| `Language/Base.agda` | custom; `Expr-vars`/`Stmt-vars : Finset String` | commented-out `∈-vars` lemmas stay omitted |
|
||||
| `Language/Semantics.agda` | custom, same big-step relations; `Value`, `Env = List (String × Value)`, custom `∈` | `ℤ` → `Int` |
|
||||
| `Language/Graphs.agda` | custom; `Vec` → `Vector` (mathlib `List.Vector`), `Fin._↑ˡ/_↑ʳ` → `Fin.castAdd`/`Fin.natAdd` | same `Graph` record, `∙`/`↦`/`loop`/`skipto`/`singleton`/`wrap`/`buildCfg`, `predecessors` + edge lemmas |
|
||||
| `Language/Traces.agda` | custom, same `Trace`/`EndToEndTrace`/`++⟨_⟩` | |
|
||||
| `Language/Properties.agda` | custom, same lemma inventory (`Trace-∙ˡ/ʳ`, `Trace-↦ˡ/ʳ`, `Trace-loop`, `EndToEndTrace-*`, `wrap-preds-∅`, `buildCfg-sufficient`) | the "ugly" `↑-≢` Fin-disjointness block should shrink via `Fin.castAdd_ne_natAdd`-style mathlib lemmas |
|
||||
| `Language.agda` (`Program` record) | custom, same fields/lemmas (`trace`, `vars`, `states`, `incoming`, `initialState-pred-∅`, …) | |
|
||||
| `Analysis/Forward/{Lattices,Evaluation,Adapters}.agda`, `Analysis/Forward.agda` | custom, same structure: `VariableValues`, `StateVariables`, `joinForKey`/`joinAll`, `StmtEvaluator`/`ExprEvaluator` + validity, expr→stmt adapter, `analyze`, `result`, `analyze-correct` | section variables instead of parameterized modules; everything Agda passed as an instance argument (`IsFiniteHeightLattice`, the evaluators, `LatticeInterpretation`, the validity records) is a typeclass resolved by instance search |
|
||||
| `Analysis/Sign.agda`, `Analysis/Constant.agda` | custom, same definitions | the four monotonicity **postulates** become real proofs (any `⊥`-strict/`⊤`-dominating operation on a flat lattice is monotone: `AboveBelow.monotone₂_of_strict`) |
|
||||
| `Main.agda` | `lake exe spa` | same test programs, same printed output |
|
||||
|
||||
## Phases & checkpoints
|
||||
|
||||
- **Phase 0 — scaffold.** `lean/` lake project, mathlib pinned to toolchain
|
||||
v4.17.0 (already installed). ✅ checkpoint: `lake build` green on empty lib.
|
||||
- **Phase 1 — core order theory.** `Spa/Lattice.lean` (Monotone aliases, fold
|
||||
monotonicity, `FixedHeight`, `Bounded`, `FiniteHeightLattice`, chain-bottom-
|
||||
is-least). ✅ checkpoint: build + table below.
|
||||
- **Phase 2 — fixpoint & transport.** `Spa/Fixedpoint.lean`,
|
||||
`Spa/Isomorphism.lean`. ✅ checkpoint: `fix`, `fix_eq`, `fix_le`,
|
||||
`TransportFiniteHeight`.
|
||||
- **Phase 3 — basic lattice instances.** Unit, Prod (+height), AboveBelow
|
||||
(+`Plain`, height 2), ExtendBelow. ✅ checkpoint.
|
||||
- **Phase 4 — map lattices.** IterProd, FiniteMap (+fixed height via IterProd
|
||||
isomorphism), MapSet→`Finset` shims. ✅ checkpoint.
|
||||
- **Phase 5 — language.** Base, Semantics, Graphs, Traces, Properties,
|
||||
`Program`. ✅ checkpoint: `buildCfg_sufficient`, `Program.trace`.
|
||||
- **Phase 6 — forward analysis framework.** Lattices/Evaluation/Adapters/
|
||||
Forward. ✅ checkpoint: `analyze_correct`.
|
||||
- **Phase 7 — concrete analyses + executable.** Sign, Constant, Main.
|
||||
✅ checkpoint: `lake exe spa` output vs Agda `Main` output; postulates now
|
||||
proved.
|
||||
|
||||
## Status
|
||||
|
||||
- [x] Phase 0
|
||||
- [x] Phase 1
|
||||
- [x] Phase 2
|
||||
- [x] Phase 3
|
||||
- [x] Phase 4
|
||||
- [x] Phase 5
|
||||
- [x] Phase 6
|
||||
- [x] Phase 7
|
||||
|
||||
All phases complete: `lake build` is green with zero warnings, zero `sorry`s
|
||||
and zero axioms, and `lake exe spa` prints output **byte-for-byte identical**
|
||||
to the compiled Agda `Main` (verified with `diff`). Per-file `Agda ↦ Lean`
|
||||
correspondence tables live in the header comment of each Lean file.
|
||||
|
||||
## Wins from the migration
|
||||
|
||||
- The four monotonicity **postulates** in `Analysis/Sign.agda` and
|
||||
`Analysis/Constant.agda` are now proved theorems (via
|
||||
`AboveBelow.monotone₂_of_strict`: any operation on the flat lattice that
|
||||
is strict in `⊥` and dominated by `⊤` is monotone, whatever its table),
|
||||
so the Lean development is postulate-free.
|
||||
- ~2200 lines of map machinery (`Lattice/Map.agda`, `Lattice/MapSet.agda`,
|
||||
much of `Lattice/FiniteMap.agda`) collapse into the spine-pinned
|
||||
`FiniteMap` + `Finset`; the `IterProd` isomorphism no longer needs
|
||||
`Unique ks` (the representation is canonical).
|
||||
- `Equivalence.agda`, `Chain.agda`, the `IsSemilattice`/`IsLattice`
|
||||
hierarchy, and most of `Utils.agda` lift into mathlib.
|
||||
|
||||
## Deviations & deferred items
|
||||
|
||||
- `Lattice/Builder.agda`: not ported (nothing in the repo imports it).
|
||||
- `Lattice/ExtendBelow.agda`, `Lattice/Nat.agda`: not ported (unused by the
|
||||
pipeline; `Nat`'s lattice is mathlib's, `ExtendBelow` would be `WithBot` +
|
||||
a small height proof). Say the word if you want them for parity.
|
||||
- `Program.vars` lists variables in **sorted** order (`Finset.sort`, since
|
||||
`Finset.toList` is noncomputable). For the test program this coincides
|
||||
with the Agda MapSet order.
|
||||
- Chains are mathlib `LTSeries`, so chain-manipulating proofs
|
||||
(`Prod` `unzip`, `AboveBelow`'s `isLongest` → a `rank`-based bound) are
|
||||
restated against that API rather than pattern-matching a custom `Chain`
|
||||
inductive.
|
||||
- `Trace`/`EndToEndTrace` are `Prop`-valued and destructured in proofs.
|
||||
@@ -18,7 +18,7 @@ open import Relation.Binary.PropositionalEquality as Eq using (_≡_; sym; refl;
|
||||
open import Relation.Nullary using (¬_)
|
||||
|
||||
open import Lattice
|
||||
open import Utils using (Unique; push; Unique-map; x∈xs⇒fx∈fxs; ∈-cartesianProduct)
|
||||
open import Utils using (Unique; push; Unique-map; x∈xs⇒fx∈fxs; ∈-cartesianProduct; fins; fins-complete)
|
||||
|
||||
record Graph : Set where
|
||||
constructor MkGraph
|
||||
@@ -124,28 +124,6 @@ buildCfg (s₁ then s₂) = buildCfg s₁ ↦ buildCfg s₂
|
||||
buildCfg (if _ then s₁ else s₂) = buildCfg s₁ ∙ buildCfg s₂
|
||||
buildCfg (while _ repeat s) = loop (buildCfg s)
|
||||
|
||||
private
|
||||
z≢sf : ∀ {n : ℕ} (f : Fin n) → ¬ (zero ≡ suc f)
|
||||
z≢sf f ()
|
||||
|
||||
z≢mapsfs : ∀ {n : ℕ} (fs : List (Fin n)) → All (λ sf → ¬ zero ≡ sf) (List.map suc fs)
|
||||
z≢mapsfs [] = []
|
||||
z≢mapsfs (f ∷ fs') = z≢sf f ∷ z≢mapsfs fs'
|
||||
|
||||
finValues : ∀ (n : ℕ) → Σ (List (Fin n)) Unique
|
||||
finValues 0 = ([] , Utils.empty)
|
||||
finValues (suc n') =
|
||||
let
|
||||
(inds' , unids') = finValues n'
|
||||
in
|
||||
( zero ∷ List.map suc inds'
|
||||
, push (z≢mapsfs inds') (Unique-map suc suc-injective unids')
|
||||
)
|
||||
|
||||
finValues-complete : ∀ (n : ℕ) (f : Fin n) → f ListMem.∈ (proj₁ (finValues n))
|
||||
finValues-complete (suc n') zero = RelAny.here refl
|
||||
finValues-complete (suc n') (suc f') = RelAny.there (x∈xs⇒fx∈fxs suc (finValues-complete n' f'))
|
||||
|
||||
module _ (g : Graph) where
|
||||
open import Data.Product.Properties as ProdProp using ()
|
||||
private _≟_ = ProdProp.≡-dec (FinProp._≟_ {Graph.size g})
|
||||
@@ -154,13 +132,13 @@ module _ (g : Graph) where
|
||||
open import Data.List.Membership.DecPropositional (_≟_) using (_∈?_)
|
||||
|
||||
indices : List (Graph.Index g)
|
||||
indices = proj₁ (finValues (Graph.size g))
|
||||
indices = proj₁ (fins (Graph.size g))
|
||||
|
||||
indices-complete : ∀ (idx : (Graph.Index g)) → idx ListMem.∈ indices
|
||||
indices-complete = finValues-complete (Graph.size g)
|
||||
indices-complete = fins-complete (Graph.size g)
|
||||
|
||||
indices-Unique : Unique indices
|
||||
indices-Unique = proj₂ (finValues (Graph.size g))
|
||||
indices-Unique = proj₂ (fins (Graph.size g))
|
||||
|
||||
predecessors : (Graph.Index g) → List (Graph.Index g)
|
||||
predecessors idx = List.filter (λ idx' → (idx' , idx) ∈? (Graph.edges g)) indices
|
||||
|
||||
64
Lattice.agda
64
Lattice.agda
@@ -4,7 +4,8 @@ open import Equivalence
|
||||
import Chain
|
||||
|
||||
open import Relation.Binary.Core using (_Preserves_⟶_ )
|
||||
open import Relation.Nullary using (Dec; ¬_)
|
||||
open import Relation.Nullary using (Dec; ¬_; yes; no)
|
||||
open import Data.Empty using (⊥-elim)
|
||||
open import Data.Nat as Nat using (ℕ)
|
||||
open import Data.Product using (_×_; Σ; _,_)
|
||||
open import Data.Sum using (_⊎_; inj₁; inj₂)
|
||||
@@ -21,6 +22,18 @@ module _ {a b} {A : Set a} {B : Set b}
|
||||
Monotonic : (A → B) → Set (a ⊔ℓ b)
|
||||
Monotonic f = ∀ {a₁ a₂ : A} → a₁ ≼₁ a₂ → f a₁ ≼₂ f a₂
|
||||
|
||||
Monotonicˡ : ∀ {c} {C : Set c} → (A → C → B) → Set (a ⊔ℓ b ⊔ℓ c)
|
||||
Monotonicˡ f = ∀ c → Monotonic (λ a → f a c)
|
||||
|
||||
Monotonicʳ : ∀ {c} {C : Set c} → (C → A → B) → Set (a ⊔ℓ b ⊔ℓ c)
|
||||
Monotonicʳ f = ∀ a → Monotonic (f a)
|
||||
|
||||
module _ {a b c} {A : Set a} {B : Set b} {C : Set c}
|
||||
(_≼₁_ : A → A → Set a) (_≼₂_ : B → B → Set b) (_≼₃_ : C → C → Set c) where
|
||||
|
||||
Monotonic₂ : (A → B → C) → Set (a ⊔ℓ b ⊔ℓ c)
|
||||
Monotonic₂ f = Monotonicˡ _≼₁_ _≼₃_ f × Monotonicʳ _≼₂_ _≼₃_ f
|
||||
|
||||
record IsSemilattice {a} (A : Set a)
|
||||
(_≈_ : A → A → Set a)
|
||||
(_⊔_ : A → A → A) : Set a where
|
||||
@@ -83,6 +96,12 @@ record IsSemilattice {a} (A : Set a)
|
||||
(a₁ ⊔ a) ⊔ (a₂ ⊔ a)
|
||||
∎
|
||||
|
||||
-- need to show: a₁ ⊔ (a₁ ⊔ a₂) ≈ a₁ ⊔ a₂
|
||||
-- (a₁ ⊔ a₁) ⊔ a₂ ≈ a₁ ⊔ (a₁ ⊔ a₂)
|
||||
|
||||
x≼x⊔y : ∀ (a₁ a₂ : A) → a₁ ≼ (a₁ ⊔ a₂)
|
||||
x≼x⊔y a₁ a₂ = ≈-sym (≈-trans (≈-⊔-cong (≈-sym (⊔-idemp a₁)) (≈-refl {a₂})) (⊔-assoc a₁ a₁ a₂))
|
||||
|
||||
≼-refl : ∀ (a : A) → a ≼ a
|
||||
≼-refl a = ⊔-idemp a
|
||||
|
||||
@@ -100,6 +119,18 @@ record IsSemilattice {a} (A : Set a)
|
||||
a₃
|
||||
∎
|
||||
|
||||
≼-antisym : ∀ {a₁ a₂ : A} → a₁ ≼ a₂ → a₂ ≼ a₁ → a₁ ≈ a₂
|
||||
≼-antisym {a₁} {a₂} a₁⊔a₂≈a₂ a₂⊔a₁≈a₁ =
|
||||
begin
|
||||
a₁
|
||||
∼⟨ ≈-sym a₂⊔a₁≈a₁ ⟩
|
||||
a₂ ⊔ a₁
|
||||
∼⟨ ⊔-comm _ _ ⟩
|
||||
a₁ ⊔ a₂
|
||||
∼⟨ a₁⊔a₂≈a₂ ⟩
|
||||
a₂
|
||||
∎
|
||||
|
||||
≼-cong : ∀ {a₁ a₂ a₃ a₄ : A} → a₁ ≈ a₂ → a₃ ≈ a₄ → a₁ ≼ a₃ → a₂ ≼ a₄
|
||||
≼-cong {a₁} {a₂} {a₃} {a₄} a₁≈a₂ a₃≈a₄ a₁⊔a₃≈a₃ =
|
||||
begin
|
||||
@@ -224,6 +255,37 @@ record IsFiniteHeightLattice {a} (A : Set a)
|
||||
field
|
||||
{{fixedHeight}} : FixedHeight h
|
||||
|
||||
private
|
||||
module MyChain = Chain _≈_ ≈-equiv _≺_ ≺-cong
|
||||
|
||||
open MyChain.Height fixedHeight using (⊥; ⊤) public
|
||||
|
||||
Known-⊥ : Set a
|
||||
Known-⊥ = ∀ (a : A) → ⊥ ≼ a
|
||||
|
||||
Known-⊤ : Set a
|
||||
Known-⊤ = ∀ (a : A) → a ≼ ⊤
|
||||
|
||||
-- If the equality is decidable, we can prove that the top and bottom
|
||||
-- elements of the chain are least and greatest elements of the lattice
|
||||
module _ {{≈-Decidable : IsDecidable _≈_}} where
|
||||
open IsDecidable ≈-Decidable using () renaming (R-dec to ≈-dec)
|
||||
|
||||
open MyChain.Height fixedHeight using (bounded; longestChain)
|
||||
|
||||
⊥≼ : Known-⊥
|
||||
⊥≼ a with ≈-dec a ⊥
|
||||
... | yes a≈⊥ = ≼-cong a≈⊥ ≈-refl (≼-refl a)
|
||||
... | no a̷≈⊥ with ≈-dec ⊥ (a ⊓ ⊥)
|
||||
... | yes ⊥≈a⊓⊥ = ≈-trans (⊔-comm ⊥ a) (≈-trans (≈-⊔-cong (≈-refl {a}) ⊥≈a⊓⊥) (absorb-⊔-⊓ a ⊥))
|
||||
... | no ⊥ᴬ̷≈a⊓⊥ = ⊥-elim (MyChain.Bounded-suc-n bounded (MyChain.step x≺⊥ ≈-refl longestChain))
|
||||
where
|
||||
⊥⊓a̷≈⊥ : ¬ (⊥ ⊓ a) ≈ ⊥
|
||||
⊥⊓a̷≈⊥ = λ ⊥⊓a≈⊥ → ⊥ᴬ̷≈a⊓⊥ (≈-trans (≈-sym ⊥⊓a≈⊥) (⊓-comm _ _))
|
||||
|
||||
x≺⊥ : (⊥ ⊓ a) ≺ ⊥
|
||||
x≺⊥ = (≈-trans (⊔-comm _ _) (≈-trans (≈-refl {⊥ ⊔ (⊥ ⊓ a)}) (absorb-⊔-⊓ ⊥ a)) , ⊥⊓a̷≈⊥)
|
||||
|
||||
module ChainMapping {a b} {A : Set a} {B : Set b}
|
||||
{_≈₁_ : A → A → Set a} {_≈₂_ : B → B → Set b}
|
||||
{_⊔₁_ : A → A → A} {_⊔₂_ : B → B → B}
|
||||
|
||||
@@ -321,7 +321,7 @@ module Plain (x : A) where
|
||||
; isLattice = isLattice
|
||||
}
|
||||
|
||||
open IsLattice isLattice using (_≼_; _≺_; ≼-trans; ⊔-Monotonicˡ; ⊔-Monotonicʳ) public
|
||||
open IsLattice isLattice using (_≼_; _≺_; ≼-trans; ≼-refl; ⊔-Monotonicˡ; ⊔-Monotonicʳ) public
|
||||
|
||||
⊥≺[x] : ∀ (x : A) → ⊥ ≺ [ x ]
|
||||
⊥≺[x] x = (≈-refl , λ ())
|
||||
|
||||
885
Lattice/Builder.agda
Normal file
885
Lattice/Builder.agda
Normal file
@@ -0,0 +1,885 @@
|
||||
module Lattice.Builder where
|
||||
|
||||
open import Lattice
|
||||
open import Equivalence
|
||||
open import Utils using (Unique; push; empty; Unique-append; Unique-++⁻ˡ; Unique-++⁻ʳ; Unique-narrow; All¬-¬Any; ¬Any-map; fins; fins-complete; findUniversal; Decidable-¬; ∈-cartesianProduct; foldr₁; x∷xs≢[])
|
||||
open import Data.Nat as Nat using (ℕ)
|
||||
open import Data.Fin as Fin using (Fin; suc; zero; _≟_)
|
||||
open import Data.Maybe as Maybe using (Maybe; just; nothing; _>>=_; maybe)
|
||||
open import Data.Maybe.Properties using (just-injective)
|
||||
open import Data.List.NonEmpty using (List⁺; tail; toList) renaming (_∷_ to _∷⁺_)
|
||||
open import Data.List.Membership.Propositional as MemProp using (lose) renaming (_∈_ to _∈ˡ_; mapWith∈ to mapWith∈ˡ)
|
||||
open import Data.List.Membership.Propositional.Properties using () renaming (∈-++⁺ʳ to ∈ˡ-++⁺ʳ; ∈-++⁺ˡ to ∈ˡ-++⁺ˡ; ∈-cartesianProductWith⁺ to ∈ˡ-cartesianProductWith⁺; ∈-filter⁻ to ∈ˡ-filter⁻; ∈-filter⁺ to ∈ˡ-filter⁺; ∈-lookup to ∈ˡ-lookup)
|
||||
open import Data.List.Relation.Unary.Any as Any using (Any; here; there; any?; satisfied; index)
|
||||
open import Data.List.Relation.Unary.Any.Properties using (¬Any[]; lookup-result)
|
||||
open import Data.List.Relation.Unary.All using (All; []; _∷_; map; lookup; zipWith; tabulate; universal; all?)
|
||||
open import Data.List.Relation.Unary.All.Properties using () renaming (++⁺ to ++ˡ⁺; ++⁻ʳ to ++ˡ⁻ʳ)
|
||||
open import Data.List using (List; _∷_; []; cartesianProduct; cartesianProductWith; foldr; filter) renaming (_++_ to _++ˡ_)
|
||||
open import Data.List.Properties using () renaming (++-conicalʳ to ++ˡ-conicalʳ; ++-identityʳ to ++ˡ-identityʳ; ++-assoc to ++ˡ-assoc)
|
||||
open import Data.Sum using (_⊎_; inj₁; inj₂)
|
||||
open import Data.Product using (Σ; _,_; _×_; proj₁; proj₂; uncurry)
|
||||
open import Data.Empty using (⊥-elim)
|
||||
open import Relation.Nullary using (¬_; Dec; yes; no; ¬?; _×-dec_)
|
||||
open import Relation.Binary.PropositionalEquality as Eq using (_≡_; refl; sym; trans; cong; subst)
|
||||
open import Relation.Binary.PropositionalEquality.Properties using (decSetoid)
|
||||
open import Relation.Binary using () renaming (Decidable to Decidable²)
|
||||
open import Relation.Unary using (Decidable)
|
||||
open import Relation.Unary.Properties using (_∩?_)
|
||||
open import Agda.Primitive using (lsuc; Level) renaming (_⊔_ to _⊔ℓ_)
|
||||
|
||||
record Graph : Set where
|
||||
constructor mkGraph
|
||||
field
|
||||
size : ℕ
|
||||
|
||||
Node : Set
|
||||
Node = Fin (Nat.suc size)
|
||||
|
||||
nodes = fins (Nat.suc size)
|
||||
|
||||
nodes-complete = fins-complete (Nat.suc size)
|
||||
|
||||
Edge : Set
|
||||
Edge = Node × Node
|
||||
|
||||
field
|
||||
edges : List Edge
|
||||
|
||||
nodes-nonempty : ¬ (proj₁ nodes ≡ [])
|
||||
nodes-nonempty ()
|
||||
|
||||
data Path : Node → Node → Set where
|
||||
done : ∀ {n : Node} → Path n n
|
||||
step : ∀ {n₁ n₂ n₃ : Node} → (n₁ , n₂) ∈ˡ edges → Path n₂ n₃ → Path n₁ n₃
|
||||
|
||||
data IsDone : ∀ {n₁ n₂} → Path n₁ n₂ → Set where
|
||||
isDone : ∀ {n : Node} → IsDone (done {n})
|
||||
|
||||
IsDone? : ∀ {n₁ n₂} → Decidable (IsDone {n₁} {n₂})
|
||||
IsDone? done = yes isDone
|
||||
IsDone? (step _ _) = no (λ {()})
|
||||
|
||||
_++_ : ∀ {n₁ n₂ n₃} → Path n₁ n₂ → Path n₂ n₃ → Path n₁ n₃
|
||||
done ++ p = p
|
||||
(step e p₁) ++ p₂ = step e (p₁ ++ p₂)
|
||||
|
||||
++-done : ∀ {n₁ n₂} (p : Path n₁ n₂) → p ++ done ≡ p
|
||||
++-done done = refl
|
||||
++-done (step e∈edges p) rewrite ++-done p = refl
|
||||
|
||||
++-assoc : ∀ {n₁ n₂ n₃ n₄} (p₁ : Path n₁ n₂) (p₂ : Path n₂ n₃) (p₃ : Path n₃ n₄) →
|
||||
(p₁ ++ p₂) ++ p₃ ≡ p₁ ++ (p₂ ++ p₃)
|
||||
++-assoc done p₂ p₃ = refl
|
||||
++-assoc (step n₁,n∈edges p₁) p₂ p₃ rewrite ++-assoc p₁ p₂ p₃ = refl
|
||||
|
||||
IsDone-++ˡ : ∀ {n₁ n₂ n₃} (p₁ : Path n₁ n₂) (p₂ : Path n₂ n₃) →
|
||||
¬ IsDone p₁ → ¬ IsDone (p₁ ++ p₂)
|
||||
IsDone-++ˡ done _ done≢done = ⊥-elim (done≢done isDone)
|
||||
|
||||
interior : ∀ {n₁ n₂} → Path n₁ n₂ → List Node
|
||||
interior done = []
|
||||
interior (step _ done) = []
|
||||
interior (step {n₂ = n₂} _ p) = n₂ ∷ interior p
|
||||
|
||||
interior-extend : ∀ {n₁ n₂ n₃} → (p : Path n₁ n₂) → (n₂,n₃∈edges : (n₂ , n₃) ∈ˡ edges) →
|
||||
let p' = (p ++ (step n₂,n₃∈edges done))
|
||||
in (interior p' ≡ interior p) ⊎ (interior p' ≡ interior p ++ˡ (n₂ ∷ []))
|
||||
interior-extend done _ = inj₁ refl
|
||||
interior-extend (step n₁,n₂∈edges done) n₂n₃∈edges = inj₂ refl
|
||||
interior-extend {n₂ = n₂} (step {n₂ = n} n₁,n∈edges p@(step _ _)) n₂n₃∈edges
|
||||
with p ++ (step n₂n₃∈edges done) | interior-extend p n₂n₃∈edges
|
||||
... | done | inj₁ []≡intp rewrite sym []≡intp = inj₁ refl
|
||||
... | done | inj₂ []=intp++[n₂] with () ← ++ˡ-conicalʳ (interior p) (n₂ ∷ []) (sym []=intp++[n₂])
|
||||
... | step _ p | inj₁ IH rewrite IH = inj₁ refl
|
||||
... | step _ p | inj₂ IH rewrite IH = inj₂ refl
|
||||
|
||||
interior-++ : ∀ {n₁ n₂ n₃} → (p₁ : Path n₁ n₂) → (p₂ : Path n₂ n₃) →
|
||||
¬ IsDone p₁ → ¬ IsDone p₂ →
|
||||
interior (p₁ ++ p₂) ≡ interior p₁ ++ˡ (n₂ ∷ interior p₂)
|
||||
interior-++ done _ done≢done _ = ⊥-elim (done≢done isDone)
|
||||
interior-++ _ done _ done≢done = ⊥-elim (done≢done isDone)
|
||||
interior-++ (step _ done) (step _ _) _ _ = refl
|
||||
interior-++ (step n₁,n∈edges p@(step n,n'∈edges p')) p₂ _ p₂≢done
|
||||
rewrite interior-++ p p₂ (λ {()}) p₂≢done = refl
|
||||
|
||||
SimpleWalkVia : List Node → Node → Node → Set
|
||||
SimpleWalkVia ns n₁ n₂ = Σ (Path n₁ n₂) (λ p → Unique (interior p) × All (_∈ˡ ns) (interior p))
|
||||
|
||||
SimpleWalk-extend : ∀ {n₁ n₂ n₃ ns} → (w : SimpleWalkVia ns n₁ n₂) → (n₂ , n₃) ∈ˡ edges → All (λ nʷ → ¬ nʷ ≡ n₂) (interior (proj₁ w)) → n₂ ∈ˡ ns → SimpleWalkVia ns n₁ n₃
|
||||
SimpleWalk-extend (p , (Unique-intp , intp⊆ns)) n₂,n₃∈edges w≢n₂ n₂∈ns
|
||||
with p ++ (step n₂,n₃∈edges done) | interior-extend p n₂,n₃∈edges
|
||||
... | p' | inj₁ intp'≡intp rewrite sym intp'≡intp = (p' , Unique-intp , intp⊆ns)
|
||||
... | p' | inj₂ intp'≡intp++[n₂]
|
||||
with intp++[n₂]⊆ns ← ++ˡ⁺ intp⊆ns (n₂∈ns ∷ [])
|
||||
rewrite sym intp'≡intp++[n₂] = (p' , (subst Unique (sym intp'≡intp++[n₂]) (Unique-append (¬Any-map sym (All¬-¬Any w≢n₂)) Unique-intp) , intp++[n₂]⊆ns))
|
||||
|
||||
∈ˡ-narrow : ∀ {x y : Node} {ys : List Node} → x ∈ˡ (y ∷ ys) → ¬ y ≡ x → x ∈ˡ ys
|
||||
∈ˡ-narrow (here refl) x≢y = ⊥-elim (x≢y refl)
|
||||
∈ˡ-narrow (there x∈ys) _ = x∈ys
|
||||
|
||||
SplitSimpleWalkViaHelp : ∀ {n n₁ n₂ ns} (nⁱ : Node)
|
||||
(w : SimpleWalkVia (n ∷ ns) n₁ n₂)
|
||||
(p₁ : Path n₁ nⁱ) (p₂ : Path nⁱ n₂) →
|
||||
¬ IsDone p₁ → ¬ IsDone p₂ →
|
||||
All (_∈ˡ ns) (interior p₁) →
|
||||
proj₁ w ≡ p₁ ++ p₂ →
|
||||
(Σ (SimpleWalkVia ns n₁ n × SimpleWalkVia ns n n₂) λ (w₁ , w₂) → proj₁ w₁ ++ proj₁ w₂ ≡ proj₁ w) ⊎ (Σ (SimpleWalkVia ns n₁ n₂) λ w' → proj₁ w' ≡ proj₁ w)
|
||||
SplitSimpleWalkViaHelp nⁱ w done _ done≢done _ _ _ = ⊥-elim (done≢done isDone)
|
||||
SplitSimpleWalkViaHelp nⁱ w p₁ done _ done≢done _ _ = ⊥-elim (done≢done isDone)
|
||||
SplitSimpleWalkViaHelp {n} {ns = ns} nⁱ w@(p , (Unique-intp , intp⊆ns)) p₁@(step _ _) p₂@(step {n₂ = nⁱ'} nⁱ,nⁱ',∈edges p₂') p₁≢done p₂≢done intp₁⊆ns p≡p₁++p₂
|
||||
with intp≡intp₁++[n]++intp₂ ← trans (cong interior p≡p₁++p₂) (interior-++ p₁ p₂ p₁≢done p₂≢done)
|
||||
with nⁱ∈n∷ns ∷ intp₂⊆n∷ns ← ++ˡ⁻ʳ (interior p₁) (subst (All (_∈ˡ (n ∷ ns))) intp≡intp₁++[n]++intp₂ intp⊆ns)
|
||||
with nⁱ ≟ n
|
||||
... | yes refl
|
||||
with Unique-intp₁ ← Unique-++⁻ˡ (interior p₁) (subst Unique intp≡intp₁++[n]++intp₂ Unique-intp)
|
||||
with (push n≢intp₂ Unique-intp₂) ← Unique-++⁻ʳ (interior p₁) (subst Unique intp≡intp₁++[n]++intp₂ Unique-intp)
|
||||
= inj₁ (((p₁ , (Unique-intp₁ , intp₁⊆ns)) , (p₂ , (Unique-intp₂ , zipWith (uncurry ∈ˡ-narrow) (intp₂⊆n∷ns , n≢intp₂)))) , sym p≡p₁++p₂)
|
||||
... | no nⁱ≢n
|
||||
with p₂'
|
||||
... | done
|
||||
= let
|
||||
-- note: copied with below branch. can't use with <- to
|
||||
-- share and re-use because the termination checker loses the thread.
|
||||
p₁' = (p₁ ++ (step nⁱ,nⁱ',∈edges done))
|
||||
n≢nⁱ n≡nⁱ = nⁱ≢n (sym n≡nⁱ)
|
||||
intp₁'=intp₁++[nⁱ] = subst (λ xs → interior p₁' ≡ interior p₁ ++ˡ xs) (++ˡ-identityʳ (nⁱ ∷ [])) (interior-++ p₁ (step nⁱ,nⁱ',∈edges done) p₁≢done (λ {()}))
|
||||
intp₁++[nⁱ]⊆ns = ++ˡ⁺ intp₁⊆ns (∈ˡ-narrow nⁱ∈n∷ns n≢nⁱ ∷ [])
|
||||
intp₁'⊆ns = subst (All (_∈ˡ ns)) (sym intp₁'=intp₁++[nⁱ]) intp₁++[nⁱ]⊆ns
|
||||
-- end shared with below branch.
|
||||
Unique-intp₁++[nⁱ] = Unique-++⁻ˡ (interior p₁ ++ˡ (nⁱ ∷ [])) (subst Unique (trans intp≡intp₁++[n]++intp₂ (sym (++ˡ-assoc (interior p₁) (nⁱ ∷ []) []))) Unique-intp)
|
||||
in inj₂ ((p₁ ++ (step nⁱ,nⁱ',∈edges done) , (subst Unique (sym intp₁'=intp₁++[nⁱ]) Unique-intp₁++[nⁱ] , intp₁'⊆ns)) , sym p≡p₁++p₂)
|
||||
... | p₂'@(step _ _)
|
||||
= let p₁' = (p₁ ++ (step nⁱ,nⁱ',∈edges done))
|
||||
n≢nⁱ n≡nⁱ = nⁱ≢n (sym n≡nⁱ)
|
||||
intp₁'=intp₁++[nⁱ] = subst (λ xs → interior p₁' ≡ interior p₁ ++ˡ xs) (++ˡ-identityʳ (nⁱ ∷ [])) (interior-++ p₁ (step nⁱ,nⁱ',∈edges done) p₁≢done (λ {()}))
|
||||
intp₁++[nⁱ]⊆ns = ++ˡ⁺ intp₁⊆ns (∈ˡ-narrow nⁱ∈n∷ns n≢nⁱ ∷ [])
|
||||
intp₁'⊆ns = subst (All (_∈ˡ ns)) (sym intp₁'=intp₁++[nⁱ]) intp₁++[nⁱ]⊆ns
|
||||
p≡p₁'++p₂' = trans p≡p₁++p₂ (sym (++-assoc p₁ (step nⁱ,nⁱ',∈edges done) p₂'))
|
||||
in SplitSimpleWalkViaHelp nⁱ' w p₁' p₂' (IsDone-++ˡ _ _ p₁≢done) (λ {()}) intp₁'⊆ns p≡p₁'++p₂'
|
||||
|
||||
SplitSimpleWalkVia : ∀ {n n₁ n₂ ns} (w : SimpleWalkVia (n ∷ ns) n₁ n₂) → (Σ (SimpleWalkVia ns n₁ n × SimpleWalkVia ns n n₂) λ (w₁ , w₂) → proj₁ w₁ ++ proj₁ w₂ ≡ proj₁ w) ⊎ (Σ (SimpleWalkVia ns n₁ n₂) λ w' → proj₁ w' ≡ proj₁ w)
|
||||
SplitSimpleWalkVia (done , (_ , _)) = inj₂ ((done , (empty , [])) , refl)
|
||||
SplitSimpleWalkVia (step n₁,n₂∈edges done , (_ , _)) = inj₂ ((step n₁,n₂∈edges done , (empty , [])) , refl)
|
||||
SplitSimpleWalkVia w@(step {n₂ = nⁱ} n₁,nⁱ∈edges p@(step _ _) , (push nⁱ≢intp Unique-intp , nⁱ∈ns ∷ intp⊆ns)) = SplitSimpleWalkViaHelp nⁱ w (step n₁,nⁱ∈edges done) p (λ {()}) (λ {()}) [] refl
|
||||
|
||||
open import Data.List.Membership.DecSetoid (decSetoid {A = Node} _≟_) using () renaming (_∈?_ to _∈ˡ?_)
|
||||
|
||||
splitFromInteriorʳ : ∀ {n₁ n₂ n} (p : Path n₁ n₂) → n ∈ˡ (interior p) →
|
||||
Σ (Path n n₂) (λ p' → ¬ IsDone p' × (Σ (List Node) λ ns → interior p ≡ ns ++ˡ n ∷ interior p'))
|
||||
splitFromInteriorʳ done ()
|
||||
splitFromInteriorʳ (step _ done) ()
|
||||
splitFromInteriorʳ (step {n₂ = n'} n₁,n'∈edges p'@(step _ _)) (here refl) = (p' , ((λ {()}) , ([] , refl)))
|
||||
splitFromInteriorʳ (step {n₂ = n'} n₁,n'∈edges p'@(step _ _)) (there n∈intp')
|
||||
with (p'' , (¬IsDone-p'' , (ns , intp'≡ns++intp''))) ← splitFromInteriorʳ p' n∈intp'
|
||||
rewrite intp'≡ns++intp'' = (p'' , (¬IsDone-p'' , (n' ∷ ns , refl)))
|
||||
|
||||
splitFromInteriorˡ : ∀ {n₁ n₂ n} (p : Path n₁ n₂) → n ∈ˡ (interior p) →
|
||||
Σ (Path n₁ n) (λ p' → ¬ IsDone p' × (Σ (List Node) λ ns → interior p ≡ interior p' ++ˡ ns))
|
||||
splitFromInteriorˡ done ()
|
||||
splitFromInteriorˡ (step _ done) ()
|
||||
splitFromInteriorˡ p@(step {n₂ = n'} n₁,n'∈edges p'@(step _ _)) (here refl) = (step n₁,n'∈edges done , ((λ {()}) , (interior p , refl)))
|
||||
splitFromInteriorˡ p@(step {n₂ = n'} n₁,n'∈edges p'@(step _ _)) (there n∈intp')
|
||||
with splitFromInteriorˡ p' n∈intp'
|
||||
... | (p''@(step _ _) , (¬IsDone-p'' , (ns , intp'≡intp''++ns)))
|
||||
rewrite intp'≡intp''++ns
|
||||
= (step n₁,n'∈edges p'' , ((λ { () }) , (ns , refl)))
|
||||
... | (done , (¬IsDone-Done , _)) = ⊥-elim (¬IsDone-Done isDone)
|
||||
|
||||
findCycleHelp : ∀ {n₁ nⁱ n₂} (p : Path n₁ n₂) (p₁ : Path n₁ nⁱ) (p₂ : Path nⁱ n₂) →
|
||||
¬ IsDone p₁ → Unique (interior p₁) →
|
||||
p ≡ p₁ ++ p₂ →
|
||||
(Σ (SimpleWalkVia (proj₁ nodes) n₁ n₂) λ w → proj₁ w ≡ p) ⊎ (Σ Node (λ n → Σ (SimpleWalkVia (proj₁ nodes) n n) λ w → ¬ IsDone (proj₁ w)))
|
||||
findCycleHelp p p₁ done ¬IsDonep₁ Unique-intp₁ p≡p₁++done rewrite ++-done p₁ = inj₁ ((p₁ , (Unique-intp₁ , tabulate (λ {x} _ → nodes-complete x))) , sym p≡p₁++done)
|
||||
findCycleHelp {nⁱ = nⁱ} p p₁ (step nⁱ,nⁱ'∈edges p₂') ¬IsDone-p₁ Unique-intp₁ p≡p₁++p₂
|
||||
with nⁱ ∈ˡ? interior p₁
|
||||
... | no nⁱ∉intp₁ =
|
||||
let p₁' = p₁ ++ step nⁱ,nⁱ'∈edges done
|
||||
intp₁'≡intp₁++[nⁱ] = subst (λ xs → interior p₁' ≡ interior p₁ ++ˡ xs) (++ˡ-identityʳ (nⁱ ∷ [])) (interior-++ p₁ (step nⁱ,nⁱ'∈edges done) ¬IsDone-p₁ (λ {()}))
|
||||
¬IsDone-p₁' = IsDone-++ˡ p₁ (step nⁱ,nⁱ'∈edges done) ¬IsDone-p₁
|
||||
p≡p₁'++p₂' = trans p≡p₁++p₂ (sym (++-assoc p₁ (step nⁱ,nⁱ'∈edges done) p₂'))
|
||||
Unique-intp₁' = subst Unique (sym intp₁'≡intp₁++[nⁱ]) (Unique-append nⁱ∉intp₁ Unique-intp₁)
|
||||
in findCycleHelp p p₁' p₂' ¬IsDone-p₁' Unique-intp₁' p≡p₁'++p₂'
|
||||
... | yes nⁱ∈intp₁
|
||||
with (pᶜ , (¬IsDone-pᶜ , (ns , intp₁≡ns++intpᶜ))) ← splitFromInteriorʳ p₁ nⁱ∈intp₁
|
||||
rewrite sym (++ˡ-assoc ns (nⁱ ∷ []) (interior pᶜ)) =
|
||||
let Unique-intp₁' = subst Unique intp₁≡ns++intpᶜ Unique-intp₁
|
||||
in inj₂ (nⁱ , ((pᶜ , (Unique-++⁻ʳ (ns ++ˡ nⁱ ∷ []) Unique-intp₁' , tabulate (λ {x} _ → nodes-complete x))) , ¬IsDone-pᶜ))
|
||||
|
||||
findCycle : ∀ {n₁ n₂} (p : Path n₁ n₂) → (Σ (SimpleWalkVia (proj₁ nodes) n₁ n₂) λ w → proj₁ w ≡ p) ⊎ (Σ Node (λ n → Σ (SimpleWalkVia (proj₁ nodes) n n) λ w → ¬ IsDone (proj₁ w)))
|
||||
findCycle done = inj₁ ((done , (empty , [])) , refl)
|
||||
findCycle (step n₁,n₂∈edges done) = inj₁ ((step n₁,n₂∈edges done , (empty , [])) , refl)
|
||||
findCycle p@(step {n₂ = n'} n₁,n'∈edges p'@(step _ _)) = findCycleHelp p (step n₁,n'∈edges done) p' (λ {()}) empty refl
|
||||
|
||||
toSimpleWalk : ∀ {n₁ n₂} (p : Path n₁ n₂) → SimpleWalkVia (proj₁ nodes) n₁ n₂
|
||||
toSimpleWalk done = (done , (empty , []))
|
||||
toSimpleWalk (step {n₂ = nⁱ} n₁,nⁱ∈edges p')
|
||||
with toSimpleWalk p'
|
||||
... | (done , _) = (step n₁,nⁱ∈edges done , (empty , []))
|
||||
... | (p''@(step _ _) , (Unique-intp'' , intp''⊆nodes))
|
||||
with nⁱ ∈ˡ? interior p''
|
||||
... | no nⁱ∉intp'' = (step n₁,nⁱ∈edges p'' , (push (tabulate (λ { n∈intp'' refl → nⁱ∉intp'' n∈intp'' })) Unique-intp'' , (nodes-complete nⁱ) ∷ intp''⊆nodes))
|
||||
... | yes nⁱ∈intp''
|
||||
with splitFromInteriorʳ p'' nⁱ∈intp''
|
||||
... | (done , (¬IsDone=p''ʳ , (ns , intp''≡ns++intp''ʳ))) = ⊥-elim (¬IsDone=p''ʳ isDone)
|
||||
... | (p''ʳ@(step _ _) , (¬IsDone=p''ʳ , (ns , intp''≡ns++intp''ʳ))) =
|
||||
-- no rewrites because then I can't reason about the return value of toSimpleWalk
|
||||
-- rewrite intp''≡ns++intp''ʳ
|
||||
-- rewrite sym (++ˡ-assoc ns (nⁱ ∷ []) (interior p''ʳ)) =
|
||||
let reassoc-intp''≡ns++intp''ʳ = subst (interior p'' ≡_) (sym (++ˡ-assoc ns (nⁱ ∷ []) (interior p''ʳ))) intp''≡ns++intp''ʳ
|
||||
intp''ʳ⊆nodes = ++ˡ⁻ʳ (ns ++ˡ nⁱ ∷ []) (subst (All (_∈ˡ (proj₁ nodes))) reassoc-intp''≡ns++intp''ʳ intp''⊆nodes)
|
||||
Unique-ns++intp''ʳ = subst Unique reassoc-intp''≡ns++intp''ʳ Unique-intp''
|
||||
nⁱ∈p''ˡ = ∈ˡ-++⁺ʳ ns {ys = nⁱ ∷ []} (here refl)
|
||||
in (step n₁,nⁱ∈edges p''ʳ , (Unique-narrow (ns ++ˡ nⁱ ∷ []) Unique-ns++intp''ʳ nⁱ∈p''ˡ , nodes-complete nⁱ ∷ intp''ʳ⊆nodes ))
|
||||
|
||||
toSimpleWalk-IsDone⁻ : ∀ {n₁ n₂} (p : Path n₁ n₂) →
|
||||
¬ IsDone p → ¬ IsDone (proj₁ (toSimpleWalk p))
|
||||
toSimpleWalk-IsDone⁻ done ¬IsDone-p _ = ¬IsDone-p isDone
|
||||
toSimpleWalk-IsDone⁻ (step {n₂ = nⁱ} n₁,nⁱ∈edges p') _ isDone-w
|
||||
with toSimpleWalk p'
|
||||
... | (done , _) with () ← isDone-w
|
||||
... | (p''@(step _ _) , (Unique-intp'' , intp''⊆nodes))
|
||||
with nⁱ ∈ˡ? interior p''
|
||||
... | no nⁱ∉intp'' with () ← isDone-w
|
||||
... | yes nⁱ∈intp''
|
||||
with splitFromInteriorʳ p'' nⁱ∈intp''
|
||||
... | (done , (¬IsDone=p''ʳ , (ns , intp''≡ns++intp''ʳ))) = ¬IsDone=p''ʳ isDone
|
||||
... | (p''ʳ@(step _ _) , (¬IsDone=p''ʳ , (ns , intp''≡ns++intp''ʳ)))
|
||||
with () ← isDone-w
|
||||
|
||||
Adjacency : Set
|
||||
Adjacency = ∀ (n₁ n₂ : Node) → List (Path n₁ n₂)
|
||||
|
||||
Adjacency-update : ∀ (n₁ n₂ : Node) → (List (Path n₁ n₂) → List (Path n₁ n₂)) → Adjacency → Adjacency
|
||||
Adjacency-update n₁ n₂ f adj n₁' n₂'
|
||||
with n₁ ≟ n₁' | n₂ ≟ n₂'
|
||||
... | yes refl | yes refl = f (adj n₁ n₂)
|
||||
... | _ | _ = adj n₁' n₂'
|
||||
|
||||
Adjacency-append : ∀ {n₁ n₂ : Node} → List (Path n₁ n₂) → Adjacency → Adjacency
|
||||
Adjacency-append {n₁} {n₂} ps = Adjacency-update n₁ n₂ (ps ++ˡ_)
|
||||
|
||||
Adjacency-append-monotonic : ∀ {adj n₁ n₂ n₁' n₂'} {ps : List (Path n₁ n₂)} {p : Path n₁' n₂'} → p ∈ˡ adj n₁' n₂' → p ∈ˡ Adjacency-append ps adj n₁' n₂'
|
||||
Adjacency-append-monotonic {adj} {n₁} {n₂} {n₁'} {n₂'} {ps} p∈adj
|
||||
with n₁ ≟ n₁' | n₂ ≟ n₂'
|
||||
... | yes refl | yes refl = ∈ˡ-++⁺ʳ ps p∈adj
|
||||
... | yes refl | no _ = p∈adj
|
||||
... | no _ | no _ = p∈adj
|
||||
... | no _ | yes _ = p∈adj
|
||||
|
||||
adj⁰ : Adjacency
|
||||
adj⁰ n₁ n₂
|
||||
with n₁ ≟ n₂
|
||||
... | yes refl = done ∷ []
|
||||
... | no _ = []
|
||||
|
||||
adj⁰-done : ∀ n → done ∈ˡ adj⁰ n n
|
||||
adj⁰-done n
|
||||
with n ≟ n
|
||||
... | yes refl = here refl
|
||||
... | no n≢n = ⊥-elim (n≢n refl)
|
||||
|
||||
seedWithEdges : ∀ (es : List Edge) → (∀ {e} → e ∈ˡ es → e ∈ˡ edges) → Adjacency → Adjacency
|
||||
seedWithEdges es e∈es⇒e∈edges adj = foldr (λ ((n₁ , n₂) , n₁n₂∈edges) → Adjacency-update n₁ n₂ ((step n₁n₂∈edges done) ∷_)) adj (mapWith∈ˡ es (λ {e} e∈es → (e , e∈es⇒e∈edges e∈es)))
|
||||
|
||||
seedWithEdges-monotonic : ∀ {n₁ n₂ es adj} → (e∈es⇒e∈edges : ∀ {e} → e ∈ˡ es → e ∈ˡ edges) → ∀ {p} → p ∈ˡ adj n₁ n₂ → p ∈ˡ seedWithEdges es e∈es⇒e∈edges adj n₁ n₂
|
||||
seedWithEdges-monotonic {es = []} e∈es⇒e∈edges p∈adj = p∈adj
|
||||
seedWithEdges-monotonic {es = (n₁ , n₂) ∷ es} e∈es⇒e∈edges p∈adj = Adjacency-append-monotonic {ps = step (e∈es⇒e∈edges (here refl)) done ∷ []} (seedWithEdges-monotonic (λ e∈es → e∈es⇒e∈edges (there e∈es)) p∈adj)
|
||||
|
||||
e∈seedWithEdges : ∀ {n₁ n₂ es adj} → (e∈es⇒e∈edges : ∀ {e} → e ∈ˡ es → e ∈ˡ edges) → ∀ (n₁n₂∈es : (n₁ , n₂) ∈ˡ es) → (step (e∈es⇒e∈edges n₁n₂∈es) done) ∈ˡ seedWithEdges es e∈es⇒e∈edges adj n₁ n₂
|
||||
e∈seedWithEdges {es = []} e∈es⇒e∈edges ()
|
||||
e∈seedWithEdges {es = (n₁' , n₂') ∷ es} e∈es⇒e∈edges (here refl)
|
||||
with n₁' ≟ n₁' | n₂' ≟ n₂'
|
||||
... | yes refl | yes refl = here refl
|
||||
... | no n₁'≢n₁' | _ = ⊥-elim (n₁'≢n₁' refl)
|
||||
... | _ | no n₂'≢n₂' = ⊥-elim (n₂'≢n₂' refl)
|
||||
e∈seedWithEdges {n₁} {n₂} {es = (n₁' , n₂') ∷ es} {adj} e∈es⇒e∈edges (there n₁n₂∈es) = Adjacency-append-monotonic {ps = step (e∈es⇒e∈edges (here refl)) done ∷ []} (e∈seedWithEdges (λ e∈es → e∈es⇒e∈edges (there e∈es)) n₁n₂∈es)
|
||||
|
||||
adj¹ : Adjacency
|
||||
adj¹ = seedWithEdges edges (λ x → x) adj⁰
|
||||
|
||||
adj¹-adj⁰ : ∀ {n₁ n₂ p} → p ∈ˡ adj⁰ n₁ n₂ → p ∈ˡ adj¹ n₁ n₂
|
||||
adj¹-adj⁰ p∈adj⁰ = seedWithEdges-monotonic (λ x → x) p∈adj⁰
|
||||
|
||||
edge∈adj¹ : ∀ {n₁ n₂} (n₁n₂∈edges : (n₁ , n₂) ∈ˡ edges) → (step n₁n₂∈edges done) ∈ˡ adj¹ n₁ n₂
|
||||
edge∈adj¹ = e∈seedWithEdges (λ x → x)
|
||||
|
||||
through : Node → Adjacency → Adjacency
|
||||
through n adj n₁ n₂ = cartesianProductWith _++_ (adj n₁ n) (adj n n₂) ++ˡ adj n₁ n₂
|
||||
|
||||
through-monotonic : ∀ adj n {n₁ n₂ p} → p ∈ˡ adj n₁ n₂ → p ∈ˡ (through n adj) n₁ n₂
|
||||
through-monotonic adj n p∈adjn₁n₂ = ∈ˡ-++⁺ʳ _ p∈adjn₁n₂
|
||||
|
||||
through-++ : ∀ adj n {n₁ n₂} {p₁ : Path n₁ n} {p₂ : Path n n₂} → p₁ ∈ˡ adj n₁ n → p₂ ∈ˡ adj n n₂ → (p₁ ++ p₂) ∈ˡ through n adj n₁ n₂
|
||||
through-++ adj n p₁∈adj p₂∈adj = ∈ˡ-++⁺ˡ (∈ˡ-cartesianProductWith⁺ _++_ p₁∈adj p₂∈adj)
|
||||
|
||||
throughAll : List Node → Adjacency
|
||||
throughAll = foldr through adj¹
|
||||
|
||||
throughAll-adj₁ : ∀ {n₁ n₂ p} ns → p ∈ˡ adj¹ n₁ n₂ → p ∈ˡ throughAll ns n₁ n₂
|
||||
throughAll-adj₁ [] p∈adj¹ = p∈adj¹
|
||||
throughAll-adj₁ (n ∷ ns) p∈adj¹ = through-monotonic (throughAll ns) n (throughAll-adj₁ ns p∈adj¹)
|
||||
|
||||
paths-throughAll : ∀ {n₁ n₂ : Node} (ns : List Node) (w : SimpleWalkVia ns n₁ n₂) → proj₁ w ∈ˡ throughAll ns n₁ n₂
|
||||
paths-throughAll {n₁} [] (done , (_ , _)) = adj¹-adj⁰ (adj⁰-done n₁)
|
||||
paths-throughAll {n₁} [] (step e∈edges done , (_ , _)) = edge∈adj¹ e∈edges
|
||||
paths-throughAll {n₁} [] (step _ (step _ _) , (_ , (() ∷ _)))
|
||||
paths-throughAll (n ∷ ns) w
|
||||
with SplitSimpleWalkVia w
|
||||
... | inj₁ ((w₁ , w₂) , w₁++w₂≡w) rewrite sym w₁++w₂≡w = through-++ (throughAll ns) n (paths-throughAll ns w₁) (paths-throughAll ns w₂)
|
||||
... | inj₂ (w' , w'≡w) rewrite sym w'≡w = through-monotonic (throughAll ns) n (paths-throughAll ns w')
|
||||
|
||||
adj : Adjacency
|
||||
adj = throughAll (proj₁ nodes)
|
||||
|
||||
PathExists : Node → Node → Set
|
||||
PathExists n₁ n₂ = Path n₁ n₂
|
||||
|
||||
PathExists? : Decidable² PathExists
|
||||
PathExists? n₁ n₂
|
||||
with allSimplePathsNoted ← paths-throughAll {n₁ = n₁} {n₂ = n₂} (proj₁ nodes)
|
||||
with adj n₁ n₂
|
||||
... | [] = no (λ p → let w = toSimpleWalk p in ¬Any[] (allSimplePathsNoted w))
|
||||
... | (p ∷ ps) = yes p
|
||||
|
||||
NoCycles : Set
|
||||
NoCycles = ∀ {n} (p : Path n n) → IsDone p
|
||||
|
||||
NoCycles? : Dec NoCycles
|
||||
NoCycles? with any? (λ n → any? (Decidable-¬ IsDone?) (adj n n)) (proj₁ nodes)
|
||||
... | yes existsCycle =
|
||||
no (λ ∀p,IsDonep → let (n , n,n-cycle) = satisfied existsCycle in
|
||||
let (p , ¬IsDone-p) = satisfied n,n-cycle in
|
||||
¬IsDone-p (∀p,IsDonep p))
|
||||
... | no noCycles =
|
||||
yes (λ { done → isDone
|
||||
; p@(step {n₁ = n} _ _) →
|
||||
let w = toSimpleWalk p in
|
||||
let ¬IsDone-w = toSimpleWalk-IsDone⁻ p (λ {()}) in
|
||||
let w∈adj = paths-throughAll (proj₁ nodes) w in
|
||||
⊥-elim (noCycles (lose (nodes-complete n) (lose w∈adj ¬IsDone-w)))
|
||||
})
|
||||
|
||||
NoCycles⇒adj-complete : NoCycles → ∀ {n₁ n₂} {p : Path n₁ n₂} → p ∈ˡ adj n₁ n₂
|
||||
NoCycles⇒adj-complete noCycles {n₁} {n₂} {p}
|
||||
with findCycle p
|
||||
... | inj₁ (w , w≡p) rewrite sym w≡p = paths-throughAll (proj₁ nodes) w
|
||||
... | inj₂ (nᶜ , (wᶜ , wᶜ≢done)) = ⊥-elim (wᶜ≢done (noCycles (proj₁ wᶜ)))
|
||||
|
||||
Is-⊤ : Node → Set
|
||||
Is-⊤ n = All (PathExists n) (proj₁ nodes)
|
||||
|
||||
Is-⊥ : Node → Set
|
||||
Is-⊥ n = All (λ n' → PathExists n' n) (proj₁ nodes)
|
||||
|
||||
Has-⊤ : Set
|
||||
Has-⊤ = Any Is-⊤ (proj₁ nodes)
|
||||
|
||||
Has-⊤? : Dec Has-⊤
|
||||
Has-⊤? = findUniversal (proj₁ nodes) PathExists?
|
||||
|
||||
Has-⊥ : Set
|
||||
Has-⊥ = Any Is-⊥ (proj₁ nodes)
|
||||
|
||||
Has-⊥? : Dec Has-⊥
|
||||
Has-⊥? = findUniversal (proj₁ nodes) (λ n₁ n₂ → PathExists? n₂ n₁)
|
||||
|
||||
Pred : Node → Node → Node → Set
|
||||
Pred n₁ n₂ n = PathExists n n₁ × PathExists n n₂
|
||||
|
||||
Succ : Node → Node → Node → Set
|
||||
Succ n₁ n₂ n = PathExists n₁ n × PathExists n₂ n
|
||||
|
||||
Pred? : ∀ (n₁ n₂ : Node) → Decidable (Pred n₁ n₂)
|
||||
Pred? n₁ n₂ n = PathExists? n n₁ ×-dec PathExists? n n₂
|
||||
|
||||
Suc? : ∀ (n₁ n₂ : Node) → Decidable (Succ n₁ n₂)
|
||||
Suc? n₁ n₂ n = PathExists? n₁ n ×-dec PathExists? n₂ n
|
||||
|
||||
preds : Node → Node → List Node
|
||||
preds n₁ n₂ = filter (Pred? n₁ n₂) (proj₁ nodes)
|
||||
|
||||
sucs : Node → Node → List Node
|
||||
sucs n₁ n₂ = filter (Suc? n₁ n₂) (proj₁ nodes)
|
||||
|
||||
Have-⊔ : Node → Node → Set
|
||||
Have-⊔ n₁ n₂ = Σ Node (λ n → Pred n₁ n₂ n × (∀ n' → Pred n₁ n₂ n' → PathExists n' n))
|
||||
|
||||
Have-⊓ : Node → Node → Set
|
||||
Have-⊓ n₁ n₂ = Σ Node (λ n → Succ n₁ n₂ n × (∀ n' → Succ n₁ n₂ n' → PathExists n n'))
|
||||
|
||||
-- when filtering nodes by a predicate P, then trying to find a universal
|
||||
-- element according to another predicate Q, the universality can be
|
||||
-- extended from "element of the filtered list for to which all other elements relate" to
|
||||
-- "node satisfying P to which all other nodes satisfying P relate".
|
||||
filter-nodes-universal : ∀ {P : Node → Set} (P? : Decidable P) -- e.g. Pred n₁ n₂
|
||||
{Q : Node → Node → Set} (Q? : Decidable² Q) -- e.g. PathExists? n' n
|
||||
→ Dec (Σ Node λ n → P n × (∀ n' → P n' → Q n n'))
|
||||
filter-nodes-universal {P = P} P? {Q = Q} Q?
|
||||
with findUniversal (filter P? (proj₁ nodes)) Q?
|
||||
... | yes founduni =
|
||||
let idx = index founduni
|
||||
n = Any.lookup founduni
|
||||
n∈filter = ∈ˡ-lookup idx
|
||||
(_ , Pn) = ∈ˡ-filter⁻ P? {xs = proj₁ nodes} n∈filter
|
||||
nuni = lookup-result founduni
|
||||
in yes (n , (Pn , λ n' Pn' →
|
||||
let n'∈filter = ∈ˡ-filter⁺ P? (nodes-complete n') Pn'
|
||||
in lookup nuni n'∈filter))
|
||||
... | no nouni = no λ (n , (Pn , nuni')) →
|
||||
let n∈filter = ∈ˡ-filter⁺ P? (nodes-complete n) Pn
|
||||
nuni = tabulate {xs = filter P? (proj₁ nodes)} (λ {n'} n'∈filter → nuni' n' (proj₂ (∈ˡ-filter⁻ P? {xs = proj₁ nodes} n'∈filter)))
|
||||
in nouni (lose n∈filter nuni)
|
||||
|
||||
Have-⊔? : Decidable² Have-⊔
|
||||
Have-⊔? n₁ n₂ = filter-nodes-universal (Pred? n₁ n₂) (λ n₁ n₂ → PathExists? n₂ n₁)
|
||||
|
||||
Have-⊓? : Decidable² Have-⊓
|
||||
Have-⊓? n₁ n₂ = filter-nodes-universal (Suc? n₁ n₂) PathExists?
|
||||
|
||||
Total-⊔ : Set
|
||||
Total-⊔ = ∀ n₁ n₂ → Have-⊔ n₁ n₂
|
||||
|
||||
Total-⊓ : Set
|
||||
Total-⊓ = ∀ n₁ n₂ → Have-⊓ n₁ n₂
|
||||
|
||||
P-Total? : ∀ {P : Node → Node → Set} (P? : Decidable² P) → Dec (∀ n₁ n₂ → P n₁ n₂)
|
||||
P-Total? {P} P?
|
||||
with all? (λ (n₁ , n₂) → P? n₁ n₂) (cartesianProduct (proj₁ nodes) (proj₁ nodes))
|
||||
... | yes allP = yes λ n₁ n₂ →
|
||||
let n₁n₂∈prod = ∈-cartesianProduct (nodes-complete n₁) (nodes-complete n₂)
|
||||
in lookup allP n₁n₂∈prod
|
||||
... | no ¬allP = no λ allP → ¬allP (universal (λ (n₁ , n₂) → allP n₁ n₂) _)
|
||||
|
||||
Total-⊔? : Dec Total-⊔
|
||||
Total-⊔? = P-Total? Have-⊔?
|
||||
|
||||
Total-⊓? : Dec Total-⊓
|
||||
Total-⊓? = P-Total? Have-⊓?
|
||||
|
||||
module Basic (noCycles : NoCycles) (total-⊔ : Total-⊔) (total-⊓ : Total-⊓) where
|
||||
n₁→n₂×n₂→n₁⇒n₁≡n₂ : ∀ {n₁ n₂} → PathExists n₁ n₂ → PathExists n₂ n₁ → n₁ ≡ n₂
|
||||
n₁→n₂×n₂→n₁⇒n₁≡n₂ n₁→n₂ n₂→n₁
|
||||
with n₁→n₂ | n₂→n₁ | noCycles (n₁→n₂ ++ n₂→n₁)
|
||||
... | done | done | _ = refl
|
||||
... | step _ _ | done | _ = refl
|
||||
... | done | step _ _ | _ = refl
|
||||
... | step _ _ | step _ _ | ()
|
||||
|
||||
_⊔_ : Node → Node → Node
|
||||
_⊔_ n₁ n₂ = proj₁ (total-⊔ n₁ n₂)
|
||||
|
||||
_⊓_ : Node → Node → Node
|
||||
_⊓_ n₁ n₂ = proj₁ (total-⊓ n₁ n₂)
|
||||
|
||||
⊤ : Node
|
||||
⊤ = foldr₁ nodes-nonempty _⊔_
|
||||
|
||||
⊥ : Node
|
||||
⊥ = foldr₁ nodes-nonempty _⊓_
|
||||
|
||||
_≼_ : Node → Node → Set
|
||||
_≼_ n₁ n₂ = n₁ ⊔ n₂ ≡ n₂
|
||||
|
||||
n₁≼n₂→PathExistsn₂n₁ : ∀ n₁ n₂ → (n₁ ≼ n₂) → PathExists n₂ n₁
|
||||
n₁≼n₂→PathExistsn₂n₁ n₁ n₂ n₁⊔n₂≡n₂
|
||||
with total-⊔ n₁ n₂ | n₁⊔n₂≡n₂
|
||||
... | (_ , ((n₂→n₁ , _) , _)) | refl = n₂→n₁
|
||||
|
||||
PathExistsn₂n₁→n₁≼n₂ : ∀ n₁ n₂ → PathExists n₂ n₁ → (n₁ ≼ n₂)
|
||||
PathExistsn₂n₁→n₁≼n₂ n₁ n₂ n₂→n₁
|
||||
with total-⊔ n₁ n₂
|
||||
... | (n , ((n→n₁ , n→n₂) , n'→n₁×n'→n₂⇒n'→n))
|
||||
rewrite n₁→n₂×n₂→n₁⇒n₁≡n₂ n→n₂ (n'→n₁×n'→n₂⇒n'→n n₂ (n₂→n₁ , done)) = refl
|
||||
|
||||
foldr₁⊔-Pred : ∀ {ns : List Node} (ns≢[] : ¬ (ns ≡ [])) → let n = foldr₁ ns≢[] _⊔_ in All (PathExists n) ns
|
||||
foldr₁⊔-Pred {ns = []} []≢[] = ⊥-elim ([]≢[] refl)
|
||||
foldr₁⊔-Pred {ns = n₁ ∷ []} _ = done ∷ []
|
||||
foldr₁⊔-Pred {ns = n₁ ∷ ns'@(n₂ ∷ ns'')} ns≢[] =
|
||||
let
|
||||
ns'≢[] = x∷xs≢[] n₂ ns''
|
||||
n' = foldr₁ ns'≢[] _⊔_
|
||||
(n , ((n→n₁ , n→n') , r)) = total-⊔ n₁ n'
|
||||
in
|
||||
n→n₁ ∷ map (n→n' ++_) (foldr₁⊔-Pred ns'≢[])
|
||||
|
||||
-- TODO: this is very similar structurally to foldr₁⊔-Pred
|
||||
foldr₁⊓-Suc : ∀ {ns : List Node} (ns≢[] : ¬ (ns ≡ [])) → let n = foldr₁ ns≢[] _⊓_ in All (λ n' → PathExists n' n) ns
|
||||
foldr₁⊓-Suc {ns = []} []≢[] = ⊥-elim ([]≢[] refl)
|
||||
foldr₁⊓-Suc {ns = n₁ ∷ []} _ = done ∷ []
|
||||
foldr₁⊓-Suc {ns = n₁ ∷ ns'@(n₂ ∷ ns'')} ns≢[] =
|
||||
let
|
||||
ns'≢[] = x∷xs≢[] n₂ ns''
|
||||
n' = foldr₁ ns'≢[] _⊓_
|
||||
(n , ((n₁→n , n'→n) , r)) = total-⊓ n₁ n'
|
||||
in
|
||||
n₁→n ∷ map (_++ n'→n) (foldr₁⊓-Suc ns'≢[])
|
||||
|
||||
⊤-is-⊤ : Is-⊤ ⊤
|
||||
⊤-is-⊤ = foldr₁⊔-Pred nodes-nonempty
|
||||
|
||||
⊥-is-⊥ : Is-⊥ ⊥
|
||||
⊥-is-⊥ = foldr₁⊓-Suc nodes-nonempty
|
||||
|
||||
⊔-idemp : ∀ n → n ⊔ n ≡ n
|
||||
⊔-idemp n
|
||||
with (n' , ((n'→n , _) , n''→n×n''→n⇒n''→n')) ← total-⊔ n n
|
||||
= n₁→n₂×n₂→n₁⇒n₁≡n₂ n'→n (n''→n×n''→n⇒n''→n' n (done , done))
|
||||
|
||||
⊓-idemp : ∀ n → n ⊓ n ≡ n
|
||||
⊓-idemp n
|
||||
with (n' , ((n→n' , _) , n→n''×n→n''⇒n'→n'')) ← total-⊓ n n
|
||||
= n₁→n₂×n₂→n₁⇒n₁≡n₂ (n→n''×n→n''⇒n'→n'' n (done , done)) n→n'
|
||||
|
||||
⊔-comm : ∀ n₁ n₂ → n₁ ⊔ n₂ ≡ n₂ ⊔ n₁
|
||||
⊔-comm n₁ n₂
|
||||
with (n₁₂ , ((n₁n₂→n₁ , n₁n₂→n₂) , n'→n₁×n'→n₂⇒n'→n₁₂)) ← total-⊔ n₁ n₂
|
||||
with (n₂₁ , ((n₂n₁→n₂ , n₂n₁→n₁) , n'→n₂×n'→n₁⇒n'→n₂₁)) ← total-⊔ n₂ n₁
|
||||
= n₁→n₂×n₂→n₁⇒n₁≡n₂ (n'→n₂×n'→n₁⇒n'→n₂₁ n₁₂ (n₁n₂→n₂ , n₁n₂→n₁))
|
||||
(n'→n₁×n'→n₂⇒n'→n₁₂ n₂₁ (n₂n₁→n₁ , n₂n₁→n₂))
|
||||
|
||||
⊓-comm : ∀ n₁ n₂ → n₁ ⊓ n₂ ≡ n₂ ⊓ n₁
|
||||
⊓-comm n₁ n₂
|
||||
with (n₁₂ , ((n₁→n₁n₂ , n₂→n₁n₂) , n₁→n'×n₂→n'⇒n₁₂→n')) ← total-⊓ n₁ n₂
|
||||
with (n₂₁ , ((n₂→n₂n₁ , n₁→n₂n₁) , n₂→n'×n₁→n'⇒n₂₁→n')) ← total-⊓ n₂ n₁
|
||||
= n₁→n₂×n₂→n₁⇒n₁≡n₂ (n₁→n'×n₂→n'⇒n₁₂→n' n₂₁ (n₁→n₂n₁ , n₂→n₂n₁))
|
||||
(n₂→n'×n₁→n'⇒n₂₁→n' n₁₂ (n₂→n₁n₂ , n₁→n₁n₂))
|
||||
|
||||
⊔-assoc : ∀ n₁ n₂ n₃ → (n₁ ⊔ n₂) ⊔ n₃ ≡ n₁ ⊔ (n₂ ⊔ n₃)
|
||||
⊔-assoc n₁ n₂ n₃
|
||||
with (n₁₂ , ((n₁₂→n₁ , n₁₂→n₂) , n'→n₁×n'→n₂⇒n'→n₁₂)) ← total-⊔ n₁ n₂
|
||||
with (n₁₂,₃ , ((n₁₂,₃→n₁₂ , n₁₂,₃→n₃) , n'→n₁₂×n'→n₃⇒n'→n₁₂,₃)) ← total-⊔ n₁₂ n₃
|
||||
with (n₂₃ , ((n₂₃→n₂ , n₂₃→n₃) , n'→n₂×n'→n₃⇒n'→n₂₃)) ← total-⊔ n₂ n₃
|
||||
with (n₁,₂₃ , ((n₁,₂₃→n₁ , n₁,₂₃→n₂₃) , n'→n₁×n'→n₂₃⇒n'→n₁,₂₃)) ← total-⊔ n₁ n₂₃
|
||||
=
|
||||
let n₁₂,₃→n₂₃ = n'→n₂×n'→n₃⇒n'→n₂₃ n₁₂,₃ (n₁₂,₃→n₁₂ ++ n₁₂→n₂ , n₁₂,₃→n₃)
|
||||
n₁₂,₃→n₁,₂₃ = n'→n₁×n'→n₂₃⇒n'→n₁,₂₃ n₁₂,₃ (n₁₂,₃→n₁₂ ++ n₁₂→n₁ , n₁₂,₃→n₂₃)
|
||||
n₁,₂₃→n₁₂ = n'→n₁×n'→n₂⇒n'→n₁₂ n₁,₂₃ (n₁,₂₃→n₁ , n₁,₂₃→n₂₃ ++ n₂₃→n₂)
|
||||
n₁,₂₃→n₁₂,₃ = n'→n₁₂×n'→n₃⇒n'→n₁₂,₃ n₁,₂₃ (n₁,₂₃→n₁₂ , n₁,₂₃→n₂₃ ++ n₂₃→n₃)
|
||||
in n₁→n₂×n₂→n₁⇒n₁≡n₂ n₁₂,₃→n₁,₂₃ n₁,₂₃→n₁₂,₃
|
||||
|
||||
⊓-assoc : ∀ n₁ n₂ n₃ → (n₁ ⊓ n₂) ⊓ n₃ ≡ n₁ ⊓ (n₂ ⊓ n₃)
|
||||
⊓-assoc n₁ n₂ n₃
|
||||
with (n₁₂ , ((n₁→n₁₂ , n₂→n₁₂) , n₁→n'×n₂→n'⇒n₁₂→n')) ← total-⊓ n₁ n₂
|
||||
with (n₁₂,₃ , ((n₁₂→n₁₂,₃ , n₃→n₁₂,₃) , n₁₂→n'×n₃→n'⇒n₁₂,₃→n')) ← total-⊓ n₁₂ n₃
|
||||
with (n₂₃ , ((n₂→n₂₃ , n₃→n₂₃) , n₂→n'×n₃→n'⇒n₂₃→n')) ← total-⊓ n₂ n₃
|
||||
with (n₁,₂₃ , ((n₁→n₁,₂₃ , n₂₃→n₁,₂₃) , n₁→n'×n₂₃→n'⇒n₁,₂₃→n')) ← total-⊓ n₁ n₂₃
|
||||
=
|
||||
let n₁₂→n₁,₂₃ = n₁→n'×n₂→n'⇒n₁₂→n' n₁,₂₃ (n₁→n₁,₂₃ , n₂→n₂₃ ++ n₂₃→n₁,₂₃)
|
||||
n₁₂,₃→n₁,₂₃ = n₁₂→n'×n₃→n'⇒n₁₂,₃→n' n₁,₂₃ (n₁₂→n₁,₂₃ , n₃→n₂₃ ++ n₂₃→n₁,₂₃)
|
||||
n₂₃→n₁₂,₃ = n₂→n'×n₃→n'⇒n₂₃→n' n₁₂,₃ (n₂→n₁₂ ++ n₁₂→n₁₂,₃ , n₃→n₁₂,₃)
|
||||
n₁,₂₃→n₁₂,₃ = n₁→n'×n₂₃→n'⇒n₁,₂₃→n' n₁₂,₃ (n₁→n₁₂ ++ n₁₂→n₁₂,₃ , n₂₃→n₁₂,₃)
|
||||
in n₁→n₂×n₂→n₁⇒n₁≡n₂ n₁₂,₃→n₁,₂₃ n₁,₂₃→n₁₂,₃
|
||||
|
||||
absorb-⊔-⊓ : ∀ n₁ n₂ → n₁ ⊔ (n₁ ⊓ n₂) ≡ n₁
|
||||
absorb-⊔-⊓ n₁ n₂
|
||||
with (n₁₂ , ((n₁→n₁₂ , n₂→n₁₂) , n₁→n'×n₂→n'⇒n₁₂→n')) ← total-⊓ n₁ n₂
|
||||
with (n₁,₁₂ , ((n₁,₁₂→n₁ , n₁,₁₂→n₁₂) , n'→n₁×n'→n₁₂⇒n'→n₁,₁₂)) ← total-⊔ n₁ n₁₂
|
||||
= n₁→n₂×n₂→n₁⇒n₁≡n₂ n₁,₁₂→n₁ (n'→n₁×n'→n₁₂⇒n'→n₁,₁₂ n₁ (done , n₁→n₁₂))
|
||||
|
||||
absorb-⊓-⊔ : ∀ n₁ n₂ → n₁ ⊓ (n₁ ⊔ n₂) ≡ n₁
|
||||
absorb-⊓-⊔ n₁ n₂
|
||||
with (n₁₂ , ((n₁₂→n₁ , n₁₂→n₂) , n'→n₁×n'→n₂⇒n'→n₁₂)) ← total-⊔ n₁ n₂
|
||||
with (n₁,₁₂ , ((n₁→n₁,₁₂ , n₁₂→n₁,₁₂) , n₁→n'×n₁₂→n'⇒n₁,₁₂→n')) ← total-⊓ n₁ n₁₂
|
||||
= n₁→n₂×n₂→n₁⇒n₁≡n₂ (n₁→n'×n₁₂→n'⇒n₁,₁₂→n' n₁ (done , n₁₂→n₁)) n₁→n₁,₁₂
|
||||
|
||||
instance
|
||||
isJoinSemilattice : IsSemilattice Node _≡_ _⊔_
|
||||
isJoinSemilattice = record
|
||||
{ ≈-equiv = isEquivalence-≡
|
||||
; ≈-⊔-cong = (λ { refl refl → refl })
|
||||
; ⊔-idemp = ⊔-idemp
|
||||
; ⊔-comm = ⊔-comm
|
||||
; ⊔-assoc = ⊔-assoc
|
||||
}
|
||||
|
||||
isMeetSemilattice : IsSemilattice Node _≡_ _⊓_
|
||||
isMeetSemilattice = record
|
||||
{ ≈-equiv = isEquivalence-≡
|
||||
; ≈-⊔-cong = (λ { refl refl → refl })
|
||||
; ⊔-idemp = ⊓-idemp
|
||||
; ⊔-comm = ⊓-comm
|
||||
; ⊔-assoc = ⊓-assoc
|
||||
}
|
||||
|
||||
isLattice : IsLattice Node _≡_ _⊔_ _⊓_
|
||||
isLattice = record
|
||||
{ absorb-⊔-⊓ = absorb-⊔-⊓
|
||||
; absorb-⊓-⊔ = absorb-⊓-⊔
|
||||
}
|
||||
|
||||
module Tagged (noCycles : NoCycles) (total-⊔ : Total-⊔) (total-⊓ : Total-⊓) (𝓛 : Node → Σ Set λ L → Σ (FiniteHeightLattice L) λ fhl → FiniteHeightLattice.Known-⊥ fhl × FiniteHeightLattice.Known-⊤ fhl) where
|
||||
open Basic noCycles total-⊔ total-⊓ using () renaming (_⊔_ to _⊔ᵇ_; _⊓_ to _⊓ᵇ_; ⊔-idemp to ⊔ᵇ-idemp; ⊔-comm to ⊔ᵇ-comm; ⊔-assoc to ⊔ᵇ-assoc; _≼_ to _≼ᵇ_; isJoinSemilattice to isJoinSemilatticeᵇ; isMeetSemilattice to isMeetSemilatticeᵇ; isLattice to isLatticeᵇ)
|
||||
|
||||
open IsLattice isLatticeᵇ using () renaming (≈-⊔-cong to ≡-⊔ᵇ-cong; x≼x⊔y to x≼ᵇx⊔ᵇy; ≼-antisym to ≼ᵇ-antisym; ⊔-Monotonicʳ to ⊔ᵇ-Monotonicʳ)
|
||||
|
||||
Elem : Set
|
||||
Elem = Σ Node λ n → (proj₁ (𝓛 n))
|
||||
|
||||
LatticeT : Node → Set
|
||||
LatticeT n = proj₁ (𝓛 n)
|
||||
|
||||
FHL : (n : Node) → FiniteHeightLattice (LatticeT n)
|
||||
FHL n = proj₁ (proj₂ (𝓛 n))
|
||||
|
||||
⊥≼x : ∀ {n : Node} (l : LatticeT n) → FiniteHeightLattice._≼_ (FHL n) (FiniteHeightLattice.⊥ (FHL n)) l
|
||||
⊥≼x {n} = proj₁ (proj₂ (proj₂ (𝓛 n)))
|
||||
|
||||
data _≈_ : Elem → Elem → Set where
|
||||
≈-lift : ∀ {n : Node} {l₁ l₂ : LatticeT n} →
|
||||
FiniteHeightLattice._≈_ (FHL n) l₁ l₂ →
|
||||
(n , l₁) ≈ (n , l₂)
|
||||
|
||||
≈-refl : ∀ {e : Elem} → e ≈ e
|
||||
≈-refl {n , l} = ≈-lift (FiniteHeightLattice.≈-refl (FHL n))
|
||||
|
||||
≈-sym : ∀ {e₁ e₂ : Elem} → e₁ ≈ e₂ → e₂ ≈ e₁
|
||||
≈-sym {n₁ , l₁} (≈-lift l₁≈l₂) = ≈-lift (FiniteHeightLattice.≈-sym (FHL n₁) l₁≈l₂)
|
||||
|
||||
≈-trans : ∀ {e₁ e₂ e₃ : Elem} → e₁ ≈ e₂ → e₂ ≈ e₃ → e₁ ≈ e₃
|
||||
≈-trans {n₁ , l₁} (≈-lift l₁≈l₂) (≈-lift l₂≈l₃) = ≈-lift (FiniteHeightLattice.≈-trans (FHL n₁) l₁≈l₂ l₂≈l₃)
|
||||
|
||||
_⊔_ : Elem → Elem → Elem
|
||||
_⊔_ e₁ e₂
|
||||
using n₁ ← proj₁ e₁ using n₂ ← proj₁ e₂
|
||||
using n' ← n₁ ⊔ᵇ n₂ = (n' , select n' e₁ e₂)
|
||||
where
|
||||
select : ∀ n' e₁ e₂ → LatticeT n'
|
||||
select n' (n₁ , l₁) (n₂ , l₂)
|
||||
with n' ≟ n₁ | n' ≟ n₂
|
||||
... | yes refl | yes refl = FiniteHeightLattice._⊔_ (FHL n') l₁ l₂
|
||||
... | yes refl | _ = l₁
|
||||
... | _ | yes refl = l₂
|
||||
... | no _ | no _ = FiniteHeightLattice.⊥ (FHL n')
|
||||
|
||||
⊔-idemp : ∀ e → (e ⊔ e) ≈ e
|
||||
⊔-idemp (n , l) rewrite ⊔ᵇ-idemp n
|
||||
with n ≟ n
|
||||
... | yes refl = ≈-lift (FiniteHeightLattice.⊔-idemp (FHL n) l)
|
||||
... | no n≢n = ⊥-elim (n≢n refl)
|
||||
|
||||
⊔-comm : ∀ (e₁ e₂ : Elem) → (e₁ ⊔ e₂) ≈ (e₂ ⊔ e₁)
|
||||
⊔-comm (n₁ , l₁) (n₂ , l₂)
|
||||
rewrite ⊔ᵇ-comm n₁ n₂
|
||||
with n ← n₂ ⊔ᵇ n₁
|
||||
with n ≟ n₁ | n ≟ n₂
|
||||
... | yes refl | yes refl = ≈-lift (FiniteHeightLattice.⊔-comm (FHL n) l₁ l₂)
|
||||
... | no _ | yes refl = ≈-lift (FiniteHeightLattice.≈-refl (FHL n))
|
||||
... | yes refl | no _ = ≈-lift (FiniteHeightLattice.≈-refl (FHL n))
|
||||
... | no _ | no _ = ≈-lift (FiniteHeightLattice.≈-refl (FHL n))
|
||||
|
||||
private
|
||||
scary : ∀ (n₁ n₂ : Node) → (p : n₁ ≡ n₂) → (n₁ ≟ n₂) ≡ subst (λ n → Dec (n₁ ≡ n)) p (yes refl)
|
||||
scary n₁ n₂ refl with n₁ ≟ n₂
|
||||
... | yes refl = refl
|
||||
... | no n₁≢n₂ = ⊥-elim (n₁≢n₂ refl)
|
||||
|
||||
payloadˡ : ∀ e₁ e₂ e₃ → let n = proj₁ ((e₁ ⊔ e₂) ⊔ e₃)
|
||||
in LatticeT n
|
||||
payloadˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
with n ← (n₁ ⊔ᵇ n₂) ⊔ᵇ n₃
|
||||
using _⊔ⁿ_ ← FiniteHeightLattice._⊔_ (FHL n)
|
||||
with n ≟ n₁ | n ≟ n₂ | n ≟ n₃
|
||||
... | yes refl | yes refl | yes refl = (l₁ ⊔ⁿ l₂) ⊔ⁿ l₃
|
||||
... | yes refl | yes refl | no _ = l₁ ⊔ⁿ l₂
|
||||
... | yes refl | no _ | yes refl = l₁ ⊔ⁿ l₃
|
||||
... | yes refl | no _ | no _ = l₁
|
||||
... | no _ | yes refl | yes refl = l₂ ⊔ⁿ l₃
|
||||
... | no _ | yes refl | no _ = l₂
|
||||
... | no _ | no _ | yes refl = l₃
|
||||
... | no _ | no _ | no _ = FiniteHeightLattice.⊥ (FHL n)
|
||||
|
||||
payloadʳ : ∀ e₁ e₂ e₃ → let n = proj₁ (e₁ ⊔ (e₂ ⊔ e₃))
|
||||
in LatticeT n
|
||||
payloadʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
with n ← n₁ ⊔ᵇ (n₂ ⊔ᵇ n₃)
|
||||
using _⊔ⁿ_ ← FiniteHeightLattice._⊔_ (FHL n)
|
||||
with n ≟ n₁ | n ≟ n₂ | n ≟ n₃
|
||||
... | yes refl | yes refl | yes refl = l₁ ⊔ⁿ (l₂ ⊔ⁿ l₃)
|
||||
... | yes refl | yes refl | no _ = l₁ ⊔ⁿ l₂
|
||||
... | yes refl | no _ | yes refl = l₁ ⊔ⁿ l₃
|
||||
... | yes refl | no _ | no _ = l₁
|
||||
... | no _ | yes refl | yes refl = l₂ ⊔ⁿ l₃
|
||||
... | no _ | yes refl | no _ = l₂
|
||||
... | no _ | no _ | yes refl = l₃
|
||||
... | no _ | no _ | no _ = FiniteHeightLattice.⊥ (FHL n)
|
||||
|
||||
⊔ᵇ-prop : ∀ n₁ n₂ n₃ → (n₁ ⊔ᵇ n₂) ⊔ᵇ n₃ ≡ n₁ →
|
||||
(n₁ ⊔ᵇ n₂ ≡ n₁) × (n₁ ⊔ᵇ n₃ ≡ n₁)
|
||||
⊔ᵇ-prop n₁ n₂ n₃ pⁿ =
|
||||
let n₁≼n₁⊔n₂ = x≼ᵇx⊔ᵇy n₁ n₂
|
||||
n₁⊔n₂≼n₁₂⊔n₃ = x≼ᵇx⊔ᵇy (n₁ ⊔ᵇ n₂) n₃
|
||||
n₁⊔n₂≼n₁ = trans (trans (≡-⊔ᵇ-cong refl (sym pⁿ)) (n₁⊔n₂≼n₁₂⊔n₃)) pⁿ
|
||||
n₁⊔n₂≡n₁ = ≼ᵇ-antisym n₁⊔n₂≼n₁ n₁≼n₁⊔n₂
|
||||
n₁≼n₁⊔n₃ = x≼ᵇx⊔ᵇy n₁ n₃
|
||||
n₁⊔n₃≼n₁₂⊔n₃ = ⊔ᵇ-Monotonicʳ n₃ n₁≼n₁⊔n₂
|
||||
n₁⊔n₃≼n₁ = trans (trans (≡-⊔ᵇ-cong refl (sym pⁿ)) (n₁⊔n₃≼n₁₂⊔n₃)) pⁿ
|
||||
n₁⊔n₃≡n₁ = ≼ᵇ-antisym n₁⊔n₃≼n₁ n₁≼n₁⊔n₃
|
||||
in (n₁⊔n₂≡n₁ , n₁⊔n₃≡n₁)
|
||||
|
||||
Reassocˡ : ∀ e₁ e₂ e₃ →
|
||||
((e₁ ⊔ e₂) ⊔ e₃) ≈ (proj₁ ((e₁ ⊔ e₂) ⊔ e₃) , payloadˡ e₁ e₂ e₃)
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
with n ← (n₁ ⊔ᵇ n₂) ⊔ᵇ n₃ in pⁿ
|
||||
with n ≟ n₁ in d₁ | n ≟ n₂ in d₂ | n ≟ n₃ in d₃
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes refl | yes refl | yes refl
|
||||
with (n₁ ⊔ᵇ n₁) ≟ n₁
|
||||
... | no n₁≢n₁ = ⊥-elim (n₁≢n₁ (⊔ᵇ-idemp n₁))
|
||||
... | yes p rewrite p
|
||||
with n₁ ≟ n₁
|
||||
... | no n₁≢n₁ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | yes refl = ≈-refl
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes refl | yes refl | no _
|
||||
with (n₁ ⊔ᵇ n₁) ≟ n₁
|
||||
... | no n₁≢n₁ = ⊥-elim (n₁≢n₁ (⊔ᵇ-idemp n₁))
|
||||
... | yes p rewrite p
|
||||
with n₁ ≟ n₁
|
||||
... | no n₁≢n₁ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | yes refl = ≈-refl
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes p₁@refl | no n₁≢n₂ | yes p₃@refl
|
||||
using n₁⊔n₂≡n₁ ← trans (trans (trans (≡-⊔ᵇ-cong (sym (⊔ᵇ-idemp n₁)) (refl {x = n₂})) (⊔ᵇ-assoc n₁ n₁ n₂)) (⊔ᵇ-comm n₁ (n₁ ⊔ᵇ n₂))) pⁿ
|
||||
with (n₁ ⊔ᵇ n₂) ≟ n₁
|
||||
... | no n₁⊔n₂≢n₁ = ⊥-elim (n₁⊔n₂≢n₁ n₁⊔n₂≡n₁)
|
||||
... | yes p rewrite p
|
||||
with n₁ ≟ n₁ | n₁ ≟ n₂
|
||||
... | no n₁≢n₁ | _ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | _ | yes n₁≡n₂ = ⊥-elim (n₁≢n₂ n₁≡n₂)
|
||||
... | yes refl | no _ = ≈-refl
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes p₁@refl | no n₁≢n₂ | no n₁≢n₃
|
||||
using (n₁⊔n₂≡n₁ , n₁⊔n₃≡n₁) ← ⊔ᵇ-prop n₁ n₂ n₃ pⁿ
|
||||
with n₁ ⊔ᵇ n₂ ≟ n₁
|
||||
... | no n₁⊔n₂≢n₁ = ⊥-elim (n₁⊔n₂≢n₁ n₁⊔n₂≡n₁)
|
||||
... | yes p rewrite p
|
||||
with n₁ ≟ n₁ | n₁ ≟ n₂
|
||||
... | no n₁≢n₁ | _ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | _ | yes n₁≡n₂ = ⊥-elim (n₁≢n₂ n₁≡n₂)
|
||||
... | yes refl | no _ = ≈-refl
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n₂≢n₁ | yes p₂@refl | yes p₃@refl
|
||||
using n₁⊔n₂≡n₂ ← trans (trans (≡-⊔ᵇ-cong (refl {x = n₁}) (sym (⊔ᵇ-idemp n₂))) (sym (⊔ᵇ-assoc n₁ n₂ n₂))) pⁿ
|
||||
with (n₁ ⊔ᵇ n₂) ≟ n₂
|
||||
... | no n₁⊔n₂≢n₂ = ⊥-elim (n₁⊔n₂≢n₂ n₁⊔n₂≡n₂)
|
||||
... | yes p rewrite p
|
||||
with n₂ ≟ n₁ | n₂ ≟ n₂
|
||||
... | yes n₂≡n₁ | _ = ⊥-elim (n₂≢n₁ n₂≡n₁)
|
||||
... | _ | no n₂≢n₂ = ⊥-elim (n₂≢n₂ refl)
|
||||
... | no _ | yes refl = ≈-refl
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n₂≢n₁ | yes p₂@refl | no n₂≢n₃
|
||||
using (n₂⊔n₁≡n₂ , n₂⊔n₃≡n₂) ← ⊔ᵇ-prop n₂ n₁ n₃ (trans (≡-⊔ᵇ-cong (⊔ᵇ-comm n₂ n₁) (refl {x = n₃})) pⁿ)
|
||||
with (n₁ ⊔ᵇ n₂) ≟ n₁ | (n₁ ⊔ᵇ n₂) ≟ n₂
|
||||
... | yes n₁⊔n₂≡n₁ | _ = ⊥-elim (n₂≢n₁ (trans (sym n₂⊔n₁≡n₂) (trans (⊔ᵇ-comm n₂ n₁) (n₁⊔n₂≡n₁))))
|
||||
... | _ | no n₁⊔n₂≢n₂ = ⊥-elim (n₁⊔n₂≢n₂ (trans (⊔ᵇ-comm n₁ n₂) n₂⊔n₁≡n₂))
|
||||
... | no n₁⊔n₂≢n₁ | yes p rewrite p
|
||||
with n₂ ≟ n₂
|
||||
... | no n₂≢n₂ = ⊥-elim (n₂≢n₂ refl)
|
||||
... | yes refl = ≈-refl
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n₃≢n₁ | no n₃≢n₂ | yes p₃@refl
|
||||
with n₁₂ ← n₁ ⊔ᵇ n₂
|
||||
with n₃ ≟ n₁₂
|
||||
... | no n₃≢n₁₂ = ≈-refl
|
||||
... | yes refl rewrite d₁ rewrite d₂ = ≈-lift (⊥≼x l₃) -- TODO: need ⊥ ⊔ n₃ ≡ n₃
|
||||
Reassocˡ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n≢n₁ | no n≢n₂ | no n≢n₃
|
||||
with n₁₂ ← n₁ ⊔ᵇ n₂
|
||||
with n₁₂ ≟ n₁ | n₁₂ ≟ n₂ | n ≟ n₃ | n ≟ n₁₂
|
||||
... | _ | _ | yes n≡n₃ | _ = ⊥-elim (n≢n₃ n≡n₃)
|
||||
... | _ | _ | no _ | no n≢n₁₂ = ≈-refl
|
||||
... | yes refl | yes refl | no _ | yes refl = ⊥-elim (n≢n₁ refl)
|
||||
... | yes refl | no n₁₂≢n₂ | no _ | yes refl = ⊥-elim (n≢n₁ refl)
|
||||
... | no n₁₂≢n₁ | yes refl | no _ | yes refl = ⊥-elim (n≢n₂ refl)
|
||||
... | no _ | no _ | no _ | yes refl = ≈-refl
|
||||
|
||||
Reassocʳ : ∀ e₁ e₂ e₃ →
|
||||
(e₁ ⊔ (e₂ ⊔ e₃)) ≈ (proj₁ (e₁ ⊔ (e₂ ⊔ e₃)) , payloadʳ e₁ e₂ e₃)
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
with n ← n₁ ⊔ᵇ (n₂ ⊔ᵇ n₃) in pⁿ
|
||||
with n ≟ n₁ in d₁ | n ≟ n₂ in d₂ | n ≟ n₃ in d₃
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes refl | yes refl | yes refl
|
||||
with (n₁ ⊔ᵇ n₁) ≟ n₁
|
||||
... | no n₁≢n₁ = ⊥-elim (n₁≢n₁ (⊔ᵇ-idemp n₁))
|
||||
... | yes p rewrite p
|
||||
with n₁ ≟ n₁
|
||||
... | no n₁≢n₁ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | yes refl = ≈-refl
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes refl | yes refl | no n₁≢n₃
|
||||
using n₁⊔n₃≡n₁ ← trans (≡-⊔ᵇ-cong (sym (⊔ᵇ-idemp n₁)) (refl {x = n₃})) (trans (⊔ᵇ-assoc n₁ n₁ n₃) pⁿ)
|
||||
rewrite n₁⊔n₃≡n₁
|
||||
with n₁ ≟ n₁ | n₁ ≟ n₃
|
||||
... | no n₁≢n₁ | _ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | _ | yes n₁≡n₃ = ⊥-elim (n₁≢n₃ n₁≡n₃)
|
||||
... | yes refl | no _ = ≈-refl
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes refl | no n₁≢n₂ | yes refl
|
||||
using n₂⊔n₁≡n₁ ← trans (trans (trans (≡-⊔ᵇ-cong (refl {x = n₂}) (sym (⊔ᵇ-idemp n₁))) (sym (⊔ᵇ-assoc n₂ n₁ n₁))) (⊔ᵇ-comm _ _)) pⁿ
|
||||
rewrite n₂⊔n₁≡n₁
|
||||
with n₁ ≟ n₁ | n₁ ≟ n₂
|
||||
... | no n₁≢n₁ | _ = ⊥-elim (n₁≢n₁ refl)
|
||||
... | _ | yes n₁≡n₂ = ⊥-elim (n₁≢n₂ n₁≡n₂)
|
||||
... | yes refl | no _ = ≈-refl
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| yes refl | no n₁≢n₂ | no n₁≢n₃
|
||||
with n₂₃ ← n₂ ⊔ᵇ n₃
|
||||
with n₁ ≟ n₂₃
|
||||
... | no n₁≢n₂₃ = ≈-refl
|
||||
... | yes refl rewrite d₂ rewrite d₃ = ≈-lift (FiniteHeightLattice.≈-trans (FHL n₁) (FiniteHeightLattice.⊔-comm (FHL n₁) _ _) (⊥≼x l₁))
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n₂≢n₁ | yes refl | yes refl
|
||||
rewrite ⊔ᵇ-idemp n₂
|
||||
with n₂ ≟ n₂
|
||||
... | no n₂≢n₂ = ⊥-elim (n₂≢n₂ refl)
|
||||
... | yes refl = ≈-refl
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n₂≢n₁ | yes refl | no n₂≢n₃
|
||||
using (n₂⊔n₃=n₂ , n₂⊔n₁=n₂) ← ⊔ᵇ-prop n₂ n₃ n₁ (trans (⊔ᵇ-comm _ _) pⁿ)
|
||||
rewrite n₂⊔n₃=n₂
|
||||
with n₂ ≟ n₂ | n₂ ≟ n₃
|
||||
... | no n₂≢n₂ | _ = ⊥-elim (n₂≢n₂ refl)
|
||||
... | _ | yes n₂≡n₃ = ⊥-elim (n₂≢n₃ n₂≡n₃)
|
||||
... | yes refl | no _ = ≈-refl
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n₃≢n₁ | no n₃≢n₂ | yes refl
|
||||
using (n₃⊔n₂≡n₃ , n₃⊔n₁≡n₃) ← ⊔ᵇ-prop n₃ n₂ n₁ (trans (⊔ᵇ-comm _ _) (trans (≡-⊔ᵇ-cong (refl {x = n₁}) (⊔ᵇ-comm n₃ n₂)) pⁿ))
|
||||
rewrite trans (⊔ᵇ-comm _ _) n₃⊔n₂≡n₃
|
||||
with n₃ ≟ n₃ | n₃ ≟ n₂
|
||||
... | no n₃≢n₃ | _ = ⊥-elim (n₃≢n₃ refl)
|
||||
... | _ | yes n₃≡n₂ = ⊥-elim (n₃≢n₂ n₃≡n₂)
|
||||
... | yes refl | no _ = ≈-refl
|
||||
Reassocʳ (n₁ , l₁) (n₂ , l₂) (n₃ , l₃)
|
||||
| no n≢n₁ | no n≢n₂ | no n≢n₃
|
||||
with n₂₃ ← n₂ ⊔ᵇ n₃
|
||||
with n₂₃ ≟ n₂ | n₂₃ ≟ n₃ | n ≟ n₁ | n ≟ n₂₃
|
||||
... | _ | _ | yes n≡n₁ | _ = ⊥-elim (n≢n₁ n≡n₁)
|
||||
... | _ | _ | no _ | no _ = ≈-refl
|
||||
... | yes refl | yes refl | no _ | yes refl = ⊥-elim (n≢n₂ refl)
|
||||
... | yes refl | no n₁₂≢n₂ | no _ | yes refl = ⊥-elim (n≢n₂ refl)
|
||||
... | no n₁₂≢n₁ | yes refl | no _ | yes refl = ⊥-elim (n≢n₃ refl)
|
||||
... | no n₁₂≢n₁ | no n₁₂≢n₂ | no _ | yes refl = ≈-refl
|
||||
|
||||
|
||||
⊔-assoc : ∀ (e₁ e₂ e₃ : Elem) → ((e₁ ⊔ e₂) ⊔ e₃) ≈ (e₁ ⊔ (e₂ ⊔ e₃))
|
||||
⊔-assoc e₁@(n₁ , l₁) e₂@(n₂ , l₂) e₃@(n₃ , l₃)
|
||||
with nˡ ← proj₁ ((e₁ ⊔ e₂) ⊔ e₃) in pˡ
|
||||
with nʳ ← proj₁ (e₁ ⊔ (e₂ ⊔ e₃)) in pʳ
|
||||
with final₁ ← Reassocˡ e₁ e₂ e₃
|
||||
with final₂ ← Reassocʳ e₁ e₂ e₃
|
||||
rewrite pˡ rewrite pʳ
|
||||
rewrite ⊔ᵇ-assoc n₁ n₂ n₃
|
||||
rewrite trans (sym pˡ ) pʳ
|
||||
with nʳ ≟ n₁ | nʳ ≟ n₂ | nʳ ≟ n₃
|
||||
... | yes refl | yes refl | yes refl =
|
||||
let l-assoc = FiniteHeightLattice.⊔-assoc (FHL n₁) l₁ l₂ l₃
|
||||
in ≈-trans final₁ (≈-trans (≈-lift l-assoc) (≈-sym final₂))
|
||||
... | yes refl | yes refl | no _ = ≈-trans final₁ (≈-sym final₂)
|
||||
... | yes refl | no _ | yes refl = ≈-trans final₁ (≈-sym final₂)
|
||||
... | yes refl | no _ | no _ = ≈-trans final₁ (≈-sym final₂)
|
||||
... | no _ | yes refl | yes refl = ≈-trans final₁ (≈-sym final₂)
|
||||
... | no _ | yes refl | no _ = ≈-trans final₁ (≈-sym final₂)
|
||||
... | no _ | no _ | yes refl = ≈-trans final₁ (≈-sym final₂)
|
||||
... | no _ | no _ | no _ = ≈-trans final₁ (≈-sym final₂)
|
||||
169
Lattice/ExtendBelow.agda
Normal file
169
Lattice/ExtendBelow.agda
Normal file
@@ -0,0 +1,169 @@
|
||||
open import Lattice
|
||||
|
||||
module Lattice.ExtendBelow {a} (A : Set a)
|
||||
{_≈₁_ : A → A → Set a} {_⊔₁_ : A → A → A} {_⊓₁_ : A → A → A}
|
||||
{{lA : IsLattice A _≈₁_ _⊔₁_ _⊓₁_}} where
|
||||
|
||||
open import Equivalence
|
||||
open import Showable using (Showable; show)
|
||||
open import Relation.Binary.Definitions using (Decidable)
|
||||
open import Relation.Binary.PropositionalEquality using (refl)
|
||||
open import Relation.Nullary using (Dec; ¬_; yes; no)
|
||||
|
||||
open IsLattice lA using ()
|
||||
renaming ( ≈-equiv to ≈₁-equiv
|
||||
; ≈-⊔-cong to ≈₁-⊔₁-cong
|
||||
; ⊔-assoc to ⊔₁-assoc; ⊔-comm to ⊔₁-comm; ⊔-idemp to ⊔₁-idemp
|
||||
; ≈-⊓-cong to ≈₁-⊓₁-cong
|
||||
; ⊓-assoc to ⊓₁-assoc; ⊓-comm to ⊓₁-comm; ⊓-idemp to ⊓₁-idemp
|
||||
; absorb-⊔-⊓ to absorb-⊔₁-⊓₁; absorb-⊓-⊔ to absorb-⊓₁-⊔₁
|
||||
)
|
||||
|
||||
open IsEquivalence ≈₁-equiv using ()
|
||||
renaming (≈-refl to ≈₁-refl; ≈-sym to ≈₁-sym; ≈-trans to ≈₁-trans)
|
||||
|
||||
data ExtendBelow : Set a where
|
||||
[_] : A → ExtendBelow
|
||||
⊥ : ExtendBelow
|
||||
|
||||
instance
|
||||
showable : {{ showableA : Showable A }} → Showable ExtendBelow
|
||||
showable = record
|
||||
{ show = (λ
|
||||
{ ⊥ → "⊥"
|
||||
; [ a ] → show a
|
||||
})
|
||||
}
|
||||
|
||||
data _≈_ : ExtendBelow → ExtendBelow → Set a where
|
||||
≈-⊥-⊥ : ⊥ ≈ ⊥
|
||||
≈-lift : ∀ {x y : A} → x ≈₁ y → [ x ] ≈ [ y ]
|
||||
|
||||
≈-refl : ∀ {ab : ExtendBelow} → ab ≈ ab
|
||||
≈-refl {⊥} = ≈-⊥-⊥
|
||||
≈-refl {[ x ]} = ≈-lift ≈₁-refl
|
||||
|
||||
≈-sym : ∀ {ab₁ ab₂ : ExtendBelow} → ab₁ ≈ ab₂ → ab₂ ≈ ab₁
|
||||
≈-sym ≈-⊥-⊥ = ≈-⊥-⊥
|
||||
≈-sym (≈-lift x≈₁y) = ≈-lift (≈₁-sym x≈₁y)
|
||||
|
||||
≈-trans : ∀ {ab₁ ab₂ ab₃ : ExtendBelow} → ab₁ ≈ ab₂ → ab₂ ≈ ab₃ → ab₁ ≈ ab₃
|
||||
≈-trans ≈-⊥-⊥ ≈-⊥-⊥ = ≈-⊥-⊥
|
||||
≈-trans (≈-lift a₁≈a₂) (≈-lift a₂≈a₃) = ≈-lift (≈₁-trans a₁≈a₂ a₂≈a₃)
|
||||
|
||||
instance
|
||||
≈-equiv : IsEquivalence ExtendBelow _≈_
|
||||
≈-equiv = record
|
||||
{ ≈-refl = ≈-refl
|
||||
; ≈-sym = ≈-sym
|
||||
; ≈-trans = ≈-trans
|
||||
}
|
||||
|
||||
_⊔_ : ExtendBelow → ExtendBelow → ExtendBelow
|
||||
_⊔_ ⊥ x = x
|
||||
_⊔_ [ a₁ ] ⊥ = [ a₁ ]
|
||||
_⊔_ [ a₁ ] [ a₂ ] = [ a₁ ⊔₁ a₂ ]
|
||||
|
||||
_⊓_ : ExtendBelow → ExtendBelow → ExtendBelow
|
||||
_⊓_ ⊥ x = ⊥
|
||||
_⊓_ [ _ ] ⊥ = ⊥
|
||||
_⊓_ [ a₁ ] [ a₂ ] = [ a₁ ⊓₁ a₂ ]
|
||||
|
||||
≈-⊔-cong : ∀ {x₁ x₂ x₃ x₄} → x₁ ≈ x₂ → x₃ ≈ x₄ →
|
||||
(x₁ ⊔ x₃) ≈ (x₂ ⊔ x₄)
|
||||
≈-⊔-cong .{⊥} .{⊥} {x₃} {x₄} ≈-⊥-⊥ [a₃]≈[a₄] = [a₃]≈[a₄]
|
||||
≈-⊔-cong {x₁ = [ a₁ ]} {x₂ = [ a₂ ]} .{⊥} .{⊥} [a₁]≈[a₂] ≈-⊥-⊥ = [a₁]≈[a₂]
|
||||
≈-⊔-cong {x₁ = [ a₁ ]} {x₂ = [ a₂ ]} {x₃ = [ a₃ ]} {x₄ = [ a₄ ]} (≈-lift a₁≈a₂) (≈-lift a₃≈a₄) = ≈-lift (≈₁-⊔₁-cong a₁≈a₂ a₃≈a₄)
|
||||
|
||||
⊔-assoc : ∀ (x₁ x₂ x₃ : ExtendBelow) → ((x₁ ⊔ x₂) ⊔ x₃) ≈ (x₁ ⊔ (x₂ ⊔ x₃))
|
||||
⊔-assoc ⊥ x₁ x₂ = ≈-refl
|
||||
⊔-assoc [ a₁ ] ⊥ x₂ = ≈-refl
|
||||
⊔-assoc [ a₁ ] [ a₂ ] ⊥ = ≈-refl
|
||||
⊔-assoc [ a₁ ] [ a₂ ] [ a₃ ] = ≈-lift (⊔₁-assoc a₁ a₂ a₃)
|
||||
|
||||
⊔-comm : ∀ (x₁ x₂ : ExtendBelow) → (x₁ ⊔ x₂) ≈ (x₂ ⊔ x₁)
|
||||
⊔-comm ⊥ ⊥ = ≈-refl
|
||||
⊔-comm ⊥ [ a₂ ] = ≈-refl
|
||||
⊔-comm [ a₁ ] ⊥ = ≈-refl
|
||||
⊔-comm [ a₁ ] [ a₂ ] = ≈-lift (⊔₁-comm a₁ a₂)
|
||||
|
||||
⊔-idemp : ∀ (x : ExtendBelow) → (x ⊔ x) ≈ x
|
||||
⊔-idemp ⊥ = ≈-refl
|
||||
⊔-idemp [ a ] = ≈-lift (⊔₁-idemp a)
|
||||
|
||||
≈-⊓-cong : ∀ {x₁ x₂ x₃ x₄} → x₁ ≈ x₂ → x₃ ≈ x₄ →
|
||||
(x₁ ⊓ x₃) ≈ (x₂ ⊓ x₄)
|
||||
≈-⊓-cong .{⊥} .{⊥} {x₃} {x₄} ≈-⊥-⊥ [a₃]≈[a₄] = ≈-⊥-⊥
|
||||
≈-⊓-cong {x₁ = [ a₁ ]} {x₂ = [ a₂ ]} .{⊥} .{⊥} [a₁]≈[a₂] ≈-⊥-⊥ = ≈-⊥-⊥
|
||||
≈-⊓-cong {x₁ = [ a₁ ]} {x₂ = [ a₂ ]} {x₃ = [ a₃ ]} {x₄ = [ a₄ ]} (≈-lift a₁≈a₂) (≈-lift a₃≈a₄) = ≈-lift (≈₁-⊓₁-cong a₁≈a₂ a₃≈a₄)
|
||||
|
||||
⊓-assoc : ∀ (x₁ x₂ x₃ : ExtendBelow) → ((x₁ ⊓ x₂) ⊓ x₃) ≈ (x₁ ⊓ (x₂ ⊓ x₃))
|
||||
⊓-assoc ⊥ x₁ x₂ = ≈-refl
|
||||
⊓-assoc [ a₁ ] ⊥ x₂ = ≈-refl
|
||||
⊓-assoc [ a₁ ] [ a₂ ] ⊥ = ≈-refl
|
||||
⊓-assoc [ a₁ ] [ a₂ ] [ a₃ ] = ≈-lift (⊓₁-assoc a₁ a₂ a₃)
|
||||
|
||||
⊓-comm : ∀ (x₁ x₂ : ExtendBelow) → (x₁ ⊓ x₂) ≈ (x₂ ⊓ x₁)
|
||||
⊓-comm ⊥ ⊥ = ≈-refl
|
||||
⊓-comm ⊥ [ a₂ ] = ≈-refl
|
||||
⊓-comm [ a₁ ] ⊥ = ≈-refl
|
||||
⊓-comm [ a₁ ] [ a₂ ] = ≈-lift (⊓₁-comm a₁ a₂)
|
||||
|
||||
⊓-idemp : ∀ (x : ExtendBelow) → (x ⊓ x) ≈ x
|
||||
⊓-idemp ⊥ = ≈-refl
|
||||
⊓-idemp [ a ] = ≈-lift (⊓₁-idemp a)
|
||||
|
||||
absorb-⊔-⊓ : (x₁ x₂ : ExtendBelow) → (x₁ ⊔ (x₁ ⊓ x₂)) ≈ x₁
|
||||
absorb-⊔-⊓ ⊥ ⊥ = ≈-refl
|
||||
absorb-⊔-⊓ ⊥ [ a₂ ] = ≈-refl
|
||||
absorb-⊔-⊓ [ a₁ ] ⊥ = ≈-refl
|
||||
absorb-⊔-⊓ [ a₁ ] [ a₂ ] = ≈-lift (absorb-⊔₁-⊓₁ a₁ a₂)
|
||||
|
||||
absorb-⊓-⊔ : (x₁ x₂ : ExtendBelow) → (x₁ ⊓ (x₁ ⊔ x₂)) ≈ x₁
|
||||
absorb-⊓-⊔ ⊥ ⊥ = ≈-refl
|
||||
absorb-⊓-⊔ ⊥ [ a₂ ] = ≈-refl
|
||||
absorb-⊓-⊔ [ a₁ ] ⊥ = ⊓-idemp [ a₁ ]
|
||||
absorb-⊓-⊔ [ a₁ ] [ a₂ ] = ≈-lift (absorb-⊓₁-⊔₁ a₁ a₂)
|
||||
|
||||
instance
|
||||
isJoinSemilattice : IsSemilattice ExtendBelow _≈_ _⊔_
|
||||
isJoinSemilattice = record
|
||||
{ ≈-equiv = ≈-equiv
|
||||
; ≈-⊔-cong = ≈-⊔-cong
|
||||
; ⊔-assoc = ⊔-assoc
|
||||
; ⊔-comm = ⊔-comm
|
||||
; ⊔-idemp = ⊔-idemp
|
||||
}
|
||||
|
||||
isMeetSemilattice : IsSemilattice ExtendBelow _≈_ _⊓_
|
||||
isMeetSemilattice = record
|
||||
{ ≈-equiv = ≈-equiv
|
||||
; ≈-⊔-cong = ≈-⊓-cong
|
||||
; ⊔-assoc = ⊓-assoc
|
||||
; ⊔-comm = ⊓-comm
|
||||
; ⊔-idemp = ⊓-idemp
|
||||
}
|
||||
|
||||
isLattice : IsLattice ExtendBelow _≈_ _⊔_ _⊓_
|
||||
isLattice = record
|
||||
{ joinSemilattice = isJoinSemilattice
|
||||
; meetSemilattice = isMeetSemilattice
|
||||
; absorb-⊔-⊓ = absorb-⊔-⊓
|
||||
; absorb-⊓-⊔ = absorb-⊓-⊔
|
||||
}
|
||||
|
||||
module _ {{≈₁-Decidable : IsDecidable _≈₁_}} where
|
||||
open IsDecidable ≈₁-Decidable using () renaming (R-dec to ≈₁-dec)
|
||||
|
||||
≈-dec : Decidable _≈_
|
||||
≈-dec ⊥ ⊥ = yes ≈-⊥-⊥
|
||||
≈-dec [ a₁ ] [ a₂ ]
|
||||
with ≈₁-dec a₁ a₂
|
||||
... | yes a₁≈a₂ = yes (≈-lift a₁≈a₂)
|
||||
... | no a₁̷≈a₂ = no (λ { (≈-lift a₁≈a₂) → a₁̷≈a₂ a₁≈a₂ })
|
||||
≈-dec ⊥ [ _ ] = no (λ ())
|
||||
≈-dec [ _ ] ⊥ = no (λ ())
|
||||
|
||||
instance
|
||||
≈-Decidable : IsDecidable _≈_
|
||||
≈-Decidable = record { R-dec = ≈-dec }
|
||||
11
Main.agda
11
Main.agda
@@ -1,11 +1,13 @@
|
||||
{-# OPTIONS --guardedness #-}
|
||||
module Main where
|
||||
|
||||
open import Language
|
||||
open import Analysis.Sign
|
||||
open import Language hiding (_++_)
|
||||
open import Data.Vec using (Vec; _∷_; [])
|
||||
open import IO
|
||||
open import Level using (0ℓ)
|
||||
open import Data.String using (_++_)
|
||||
import Analysis.Constant as ConstantAnalysis
|
||||
import Analysis.Sign as SignAnalysis
|
||||
|
||||
testCode : Stmt
|
||||
testCode =
|
||||
@@ -38,6 +40,7 @@ testProgram = record
|
||||
{ rootStmt = testCode
|
||||
}
|
||||
|
||||
open WithProg testProgram using (output; analyze-correct)
|
||||
open SignAnalysis.WithProg testProgram using (analyze-correct) renaming (output to output-Sign)
|
||||
open ConstantAnalysis.WithProg testProgram using (analyze-correct) renaming (output to output-Const)
|
||||
|
||||
main = run {0ℓ} (putStrLn output)
|
||||
main = run {0ℓ} (putStrLn (output-Const ++ "\n" ++ output-Sign))
|
||||
|
||||
85
Utils.agda
85
Utils.agda
@@ -1,19 +1,32 @@
|
||||
module Utils where
|
||||
|
||||
open import Agda.Primitive using () renaming (_⊔_ to _⊔ℓ_)
|
||||
open import Data.Product as Prod using (_×_)
|
||||
open import Data.Product as Prod using (Σ; _×_; _,_; proj₁; proj₂)
|
||||
open import Data.Empty using (⊥-elim)
|
||||
open import Data.Nat using (ℕ; suc)
|
||||
open import Data.Fin as Fin using (Fin; suc; zero)
|
||||
open import Data.Fin.Properties using (suc-injective)
|
||||
open import Data.List using (List; cartesianProduct; []; _∷_; _++_; foldr; filter) renaming (map to mapˡ)
|
||||
open import Data.List.Membership.Propositional using (_∈_)
|
||||
open import Data.List.Membership.Propositional using (_∈_; lose)
|
||||
open import Data.List.Membership.Propositional.Properties as ListMemProp using ()
|
||||
open import Data.List.Relation.Unary.All using (All; []; _∷_; map)
|
||||
open import Data.List.Relation.Unary.Any using (Any; here; there) -- TODO: re-export these with nicer names from map
|
||||
open import Data.List.Relation.Unary.All using (All; []; _∷_; map; all?; lookup)
|
||||
open import Data.List.Relation.Unary.All.Properties using (++⁻ˡ; ++⁻ʳ)
|
||||
open import Data.List.Relation.Unary.Any as Any using (Any; here; there; any?) -- TODO: re-export these with nicer names from map
|
||||
open import Data.Sum using (_⊎_)
|
||||
open import Function.Definitions using (Injective)
|
||||
open import Relation.Binary using (Antisymmetric) renaming (Decidable to Decidable²)
|
||||
open import Relation.Binary.PropositionalEquality using (_≡_; sym; refl; cong)
|
||||
open import Relation.Nullary using (¬_; yes; no)
|
||||
open import Relation.Nullary using (¬_; yes; no; Dec)
|
||||
open import Relation.Nullary.Decidable using (¬?)
|
||||
open import Relation.Unary using (Decidable)
|
||||
|
||||
All¬-¬Any : ∀ {p c} {C : Set c} {P : C → Set p} {l : List C} → All (λ x → ¬ P x) l → ¬ Any P l
|
||||
All¬-¬Any {l = x ∷ xs} (¬Px ∷ _) (here Px) = ¬Px Px
|
||||
All¬-¬Any {l = x ∷ xs} (_ ∷ ¬Pxs) (there Pxs) = All¬-¬Any ¬Pxs Pxs
|
||||
|
||||
Decidable-¬ : ∀ {p c} {C : Set c} {P : C → Set p} → Decidable P → Decidable (λ x → ¬ P x)
|
||||
Decidable-¬ Decidable-P x = ¬? (Decidable-P x)
|
||||
|
||||
data Unique {c} {C : Set c} : List C → Set c where
|
||||
empty : Unique []
|
||||
push : ∀ {x : C} {xs : List C}
|
||||
@@ -34,6 +47,24 @@ Unique-append {c} {C} {x} {x' ∷ xs'} x∉xs (push x'≢ uxs') =
|
||||
help {[]} _ = x'≢x ∷ []
|
||||
help {e ∷ es} (x'≢e ∷ x'≢es) = x'≢e ∷ help x'≢es
|
||||
|
||||
Unique-++⁻ˡ : ∀ {c} {C : Set c} (xs : List C) {ys : List C} → Unique (xs ++ ys) → Unique xs
|
||||
Unique-++⁻ˡ [] Unique-ys = empty
|
||||
Unique-++⁻ˡ (x ∷ xs) {ys} (push x≢xs++ys Unique-xs++ys) = push (++⁻ˡ xs {ys = ys} x≢xs++ys) (Unique-++⁻ˡ xs Unique-xs++ys)
|
||||
|
||||
Unique-++⁻ʳ : ∀ {c} {C : Set c} (xs : List C) {ys : List C} → Unique (xs ++ ys) → Unique ys
|
||||
Unique-++⁻ʳ [] Unique-ys = Unique-ys
|
||||
Unique-++⁻ʳ (x ∷ xs) {ys} (push x≢xs++ys Unique-xs++ys) = Unique-++⁻ʳ xs Unique-xs++ys
|
||||
|
||||
Unique-∈-++ˡ : ∀ {c} {C : Set c} {x : C} (xs : List C) {ys : List C} → Unique (xs ++ ys) → x ∈ xs → ¬ x ∈ ys
|
||||
Unique-∈-++ˡ [] _ ()
|
||||
Unique-∈-++ˡ {x = x} (x' ∷ xs) (push x≢xs++ys _) (here refl) = All¬-¬Any (++⁻ʳ xs x≢xs++ys)
|
||||
Unique-∈-++ˡ {x = x} (x' ∷ xs) (push _ Unique-xs++ys) (there x̷∈xs) = Unique-∈-++ˡ xs Unique-xs++ys x̷∈xs
|
||||
|
||||
Unique-narrow : ∀ {c} {C : Set c} {x : C} (xs : List C) {ys : List C} → Unique (xs ++ ys) → x ∈ xs → Unique (x ∷ ys)
|
||||
Unique-narrow [] _ ()
|
||||
Unique-narrow {x = x} (x' ∷ xs) (push x≢xs++ys Unique-xs++ys) (here refl) = push (++⁻ʳ xs x≢xs++ys) (Unique-++⁻ʳ xs Unique-xs++ys)
|
||||
Unique-narrow {x = x} (x' ∷ xs) (push _ Unique-xs++ys) (there x̷∈xs) = Unique-narrow xs Unique-xs++ys x̷∈xs
|
||||
|
||||
All-≢-map : ∀ {c d} {C : Set c} {D : Set d} (x : C) {xs : List C} (f : C → D) →
|
||||
Injective (_≡_ {_} {C}) (_≡_ {_} {D}) f →
|
||||
All (λ x' → ¬ x ≡ x') xs → All (λ y' → ¬ (f x) ≡ y') (mapˡ f xs)
|
||||
@@ -46,9 +77,8 @@ Unique-map : ∀ {c d} {C : Set c} {D : Set d} {l : List C} (f : C → D) →
|
||||
Unique-map {l = []} _ _ _ = empty
|
||||
Unique-map {l = x ∷ xs} f f-Injecitve (push x≢xs uxs) = push (All-≢-map x f f-Injecitve x≢xs) (Unique-map f f-Injecitve uxs)
|
||||
|
||||
All¬-¬Any : ∀ {p c} {C : Set c} {P : C → Set p} {l : List C} → All (λ x → ¬ P x) l → ¬ Any P l
|
||||
All¬-¬Any {l = x ∷ xs} (¬Px ∷ _) (here Px) = ¬Px Px
|
||||
All¬-¬Any {l = x ∷ xs} (_ ∷ ¬Pxs) (there Pxs) = All¬-¬Any ¬Pxs Pxs
|
||||
¬Any-map : ∀ {p₁ p₂ c} {C : Set c} {P₁ : C → Set p₁} {P₂ : C → Set p₂} {l : List C} → (∀ {x} → P₁ x → P₂ x) → ¬ Any P₂ l → ¬ Any P₁ l
|
||||
¬Any-map f ¬Any-P₂ Any-P₁ = ¬Any-P₂ (Any.map f Any-P₁)
|
||||
|
||||
All-single : ∀ {p c} {C : Set c} {P : C → Set p} {c : C} {l : List C} → All P l → c ∈ l → P c
|
||||
All-single {c = c} {l = x ∷ xs} (p ∷ ps) (here refl) = p
|
||||
@@ -106,3 +136,42 @@ _∧_ P Q a = P a × Q a
|
||||
|
||||
it : ∀ {a} {A : Set a} {{_ : A}} → A
|
||||
it {{x}} = x
|
||||
|
||||
z≢sf : ∀ {n : ℕ} (f : Fin n) → ¬ (Fin.zero ≡ Fin.suc f)
|
||||
z≢sf f ()
|
||||
|
||||
z≢mapsfs : ∀ {n : ℕ} (fs : List (Fin n)) → All (λ sf → ¬ zero ≡ sf) (mapˡ suc fs)
|
||||
z≢mapsfs [] = []
|
||||
z≢mapsfs (f ∷ fs') = z≢sf f ∷ z≢mapsfs fs'
|
||||
|
||||
fins : ∀ (n : ℕ) → Σ (List (Fin n)) Unique
|
||||
fins 0 = ([] , empty)
|
||||
fins (suc n') =
|
||||
let
|
||||
(inds' , unids') = fins n'
|
||||
in
|
||||
( zero ∷ mapˡ suc inds'
|
||||
, push (z≢mapsfs inds') (Unique-map suc suc-injective unids')
|
||||
)
|
||||
|
||||
fins-complete : ∀ (n : ℕ) (f : Fin n) → f ∈ (proj₁ (fins n))
|
||||
fins-complete (suc n') zero = here refl
|
||||
fins-complete (suc n') (suc f') = there (x∈xs⇒fx∈fxs suc (fins-complete n' f'))
|
||||
|
||||
findUniversal : ∀ {p c} {C : Set c} {R : C → C → Set p} (l : List C) → Decidable² R →
|
||||
Dec (Any (λ x → All (R x) l) l)
|
||||
findUniversal l Rdec = any? (λ x → all? (Rdec x) l) l
|
||||
|
||||
findUniversal-unique : ∀ {p c} {C : Set c} (R : C → C → Set p) (l : List C) →
|
||||
Antisymmetric _≡_ R →
|
||||
∀ x₁ x₂ → x₁ ∈ l → x₂ ∈ l → All (R x₁) l → All (R x₂) l →
|
||||
x₁ ≡ x₂
|
||||
findUniversal-unique R l Rantisym x₁ x₂ x₁∈l x₂∈l Allx₁ Allx₂ = Rantisym (lookup Allx₁ x₂∈l) (lookup Allx₂ x₁∈l)
|
||||
|
||||
x∷xs≢[] : ∀ {a} {A : Set a} (x : A) (xs : List A) → ¬ (x ∷ xs ≡ [])
|
||||
x∷xs≢[] x xs ()
|
||||
|
||||
foldr₁ : ∀ {a} {A : Set a} {l : List A} → ¬ (l ≡ []) → (A → A → A) → A
|
||||
foldr₁ {l = x ∷ []} _ _ = x
|
||||
foldr₁ {l = x ∷ x' ∷ xs} _ f = f x (foldr₁ {l = x' ∷ xs} (x∷xs≢[] x' xs) f)
|
||||
foldr₁ {l = []} l≢[] _ = ⊥-elim (l≢[] refl)
|
||||
|
||||
1
lean/.gitignore
vendored
Normal file
1
lean/.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
.lake/
|
||||
37
lean/Main.lean
Normal file
37
lean/Main.lean
Normal file
@@ -0,0 +1,37 @@
|
||||
import Spa.Analysis.Sign
|
||||
import Spa.Analysis.Constant
|
||||
import Spa.Analysis.Reaching
|
||||
import Spa.Language.Notation
|
||||
|
||||
namespace Spa
|
||||
|
||||
def testCode : Stmt := [obj_stmt|
|
||||
zero := 0;
|
||||
pos := zero + 1;
|
||||
neg := zero - 1;
|
||||
unknown := pos + neg
|
||||
]
|
||||
|
||||
def testCodeCond₁ : Stmt := [obj_stmt|
|
||||
var := 1;
|
||||
if var {
|
||||
var := var + 1
|
||||
} else {
|
||||
var := var - 1;
|
||||
var := 1
|
||||
}
|
||||
]
|
||||
|
||||
def testCodeCond₂ : Stmt := [obj_stmt|
|
||||
var := 1;
|
||||
if var { x := 1 } else { noop }
|
||||
]
|
||||
|
||||
def testProgram : Program := { rootStmt := testCode }
|
||||
|
||||
end Spa
|
||||
|
||||
def main : IO Unit :=
|
||||
IO.println (Spa.ConstAnalysis.output Spa.testProgram ++ "\n" ++
|
||||
Spa.SignAnalysis.output Spa.testProgram ++ "\n" ++
|
||||
Spa.ReachingAnalysis.output Spa.testProgram)
|
||||
28
lean/Spa.lean
Normal file
28
lean/Spa.lean
Normal file
@@ -0,0 +1,28 @@
|
||||
import Spa.Lattice
|
||||
import Spa.Fixedpoint
|
||||
import Spa.Lattice.Unit
|
||||
import Spa.Lattice.AboveBelow
|
||||
import Spa.Lattice.FiniteMap
|
||||
import Spa.Lattice.Bool
|
||||
import Spa.Language.Base
|
||||
import Spa.Language.Notation
|
||||
import Spa.Language.Semantics
|
||||
import Spa.Language.Graphs
|
||||
import Spa.Language.Traces
|
||||
import Spa.Language.Properties
|
||||
import Spa.Language
|
||||
import Spa.Analysis.Forward.Lattices
|
||||
import Spa.Analysis.Forward.Evaluation
|
||||
import Spa.Analysis.Forward.Adapters
|
||||
import Spa.Analysis.Forward
|
||||
import Spa.Showable
|
||||
import Spa.Analysis.Utils
|
||||
import Spa.Analysis.Sign
|
||||
import Spa.Analysis.Constant
|
||||
import Spa.Language.Tagged.Id
|
||||
import Spa.Language.Tagged.Derive
|
||||
import Spa.Language.Tagged.Basic
|
||||
import Spa.Language.Tagged.Properties
|
||||
import Spa.Language.Tagged.Graphs
|
||||
import Spa.Analysis.Reaching
|
||||
import Spa.Transformation.Licm
|
||||
149
lean/Spa/Analysis/Constant.lean
Normal file
149
lean/Spa/Analysis/Constant.lean
Normal file
@@ -0,0 +1,149 @@
|
||||
import Spa.Analysis.Forward
|
||||
import Spa.Analysis.Utils
|
||||
import Spa.Interp
|
||||
import Spa.Showable
|
||||
|
||||
namespace Spa
|
||||
|
||||
open Forward
|
||||
|
||||
abbrev ConstLattice : Type := AboveBelow ℤ
|
||||
|
||||
namespace ConstAnalysis
|
||||
|
||||
open AboveBelow in
|
||||
def plus : ConstLattice → ConstLattice → ConstLattice
|
||||
| bot, _ => bot
|
||||
| _, bot => bot
|
||||
| top, _ => top
|
||||
| _, top => top
|
||||
| mk z₁, mk z₂ => mk (z₁ + z₂)
|
||||
|
||||
open AboveBelow in
|
||||
def minus : ConstLattice → ConstLattice → ConstLattice
|
||||
| bot, _ => bot
|
||||
| _, bot => bot
|
||||
| top, _ => top
|
||||
| _, top => top
|
||||
| mk z₁, mk z₂ => mk (z₁ - z₂)
|
||||
|
||||
lemma plus_mono₂ : Monotone₂ plus :=
|
||||
AboveBelow.monotone₂_of_strict plus
|
||||
(fun y => by aesop) (fun x => by aesop)
|
||||
(fun y hy => by aesop) (fun x hx => by aesop)
|
||||
|
||||
lemma minus_mono₂ : Monotone₂ minus :=
|
||||
AboveBelow.monotone₂_of_strict minus
|
||||
(fun y => by aesop) (fun x => by aesop)
|
||||
(fun y hy => by aesop) (fun x hx => by aesop)
|
||||
|
||||
def interpConst : ConstLattice → Value → Prop
|
||||
| .bot, _ => False
|
||||
| .top, _ => True
|
||||
| .mk z, v => v = .int z
|
||||
|
||||
lemma interpConst_mk_disjoint {z₁ z₂ : ℤ} (hne : z₁ ≠ z₂) {v : Value} :
|
||||
¬(interpConst (.mk z₁) v ∧ interpConst (.mk z₂) v) := by
|
||||
rintro ⟨h₁, h₂⟩
|
||||
rw [h₁] at h₂
|
||||
injection h₂ with hz
|
||||
exact hne hz
|
||||
|
||||
instance constInterpretation : LatticeInterpretation ConstLattice where
|
||||
interp := interpConst
|
||||
interp_sup := fun v h => AboveBelow.interp_sup_of (fun _ h => h) (fun _ => trivial) v h
|
||||
interp_inf := fun v h => AboveBelow.interp_inf_of (fun hne _ => interpConst_mk_disjoint hne) v h
|
||||
|
||||
variable (prog : Program)
|
||||
|
||||
def eval : Expr → VariableValues ConstLattice prog → ConstLattice
|
||||
| .add e₁ e₂, vs => plus (eval e₁ vs) (eval e₂ vs)
|
||||
| .sub e₁ e₂, vs => minus (eval e₁ vs) (eval e₂ vs)
|
||||
| .var k, vs =>
|
||||
if h : FiniteMap.MemKey k vs then (FiniteMap.locate h).1 else .top
|
||||
| .num n, _ => .mk n
|
||||
|
||||
lemma eval_mono (e : Expr) : Monotone (eval prog e) := by
|
||||
induction e with
|
||||
| add e₁ e₂ ih₁ ih₂ =>
|
||||
intro vs₁ vs₂ h
|
||||
exact eval_combine₂ plus_mono₂ (ih₁ h) (ih₂ h)
|
||||
| sub e₁ e₂ ih₁ ih₂ =>
|
||||
intro vs₁ vs₂ h
|
||||
exact eval_combine₂ minus_mono₂ (ih₁ h) (ih₂ h)
|
||||
| var k =>
|
||||
intro vs₁ vs₂ h
|
||||
simp only [eval]
|
||||
by_cases hk : k ∈ prog.vars
|
||||
· rw [dif_pos (FiniteMap.MemKey_iff.mpr hk),
|
||||
dif_pos (FiniteMap.MemKey_iff.mpr hk)]
|
||||
exact FiniteMap.le_of_mem_mem prog.vars_nodup h
|
||||
(FiniteMap.locate _).2 (FiniteMap.locate _).2
|
||||
· rw [dif_neg (fun hm => hk (FiniteMap.MemKey_iff.mp hm)),
|
||||
dif_neg (fun hm => hk (FiniteMap.MemKey_iff.mp hm))]
|
||||
| num n =>
|
||||
intro vs₁ vs₂ _
|
||||
exact le_refl _
|
||||
|
||||
instance exprEvaluator : ExprEvaluator ConstLattice prog :=
|
||||
⟨eval prog, eval_mono prog⟩
|
||||
|
||||
def output : String :=
|
||||
show' (result ConstLattice prog)
|
||||
|
||||
lemma plus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
|
||||
(h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
|
||||
⟦plus g₁ g₂⟧ (.int (z₁ + z₂)) := by
|
||||
rcases g₁ with _ | _ | c₁ <;> rcases g₂ with _ | _ | c₂ <;>
|
||||
simp_all [plus, constInterpretation, interpConst]
|
||||
|
||||
lemma minus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
|
||||
(h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
|
||||
⟦minus g₁ g₂⟧ (.int (z₁ - z₂)) := by
|
||||
rcases g₁ with _ | _ | c₁ <;> rcases g₂ with _ | _ | c₂ <;>
|
||||
simp_all [minus, constInterpretation, interpConst]
|
||||
|
||||
instance eval_valid : ValidExprEvaluator ConstLattice prog := by
|
||||
constructor
|
||||
intro vs ρ e v hev
|
||||
induction hev with
|
||||
| num n =>
|
||||
intro _
|
||||
show ⟦eval prog (.num n) vs⟧ (.int n)
|
||||
rfl
|
||||
| var x v hxv =>
|
||||
intro hvs
|
||||
show ⟦eval prog (.var x) vs⟧ v
|
||||
simp only [eval]
|
||||
by_cases hk : FiniteMap.MemKey x vs
|
||||
· rw [dif_pos hk]
|
||||
exact hvs _ _ (FiniteMap.locate hk).2 _ hxv
|
||||
· rw [dif_neg hk]
|
||||
exact trivial
|
||||
| add e₁ e₂ z₁ z₂ _ _ ih₁ ih₂ =>
|
||||
intro hvs
|
||||
have h₁ : ⟦eval prog e₁ vs⟧ (.int z₁) := ih₁ hvs
|
||||
have h₂ : ⟦eval prog e₂ vs⟧ (.int z₂) := ih₂ hvs
|
||||
show ⟦eval prog (.add e₁ e₂) vs⟧ (.int (z₁ + z₂))
|
||||
exact plus_valid h₁ h₂
|
||||
| sub e₁ e₂ z₁ z₂ _ _ ih₁ ih₂ =>
|
||||
intro hvs
|
||||
have h₁ : ⟦eval prog e₁ vs⟧ (.int z₁) := ih₁ hvs
|
||||
have h₂ : ⟦eval prog e₂ vs⟧ (.int z₂) := ih₂ hvs
|
||||
show ⟦eval prog (.sub e₁ e₂) vs⟧ (.int (z₁ - z₂))
|
||||
exact minus_valid h₁ h₂
|
||||
|
||||
theorem analyze_correct {ρ : Env} (hrun : EvalStmt [] prog.rootStmt ρ) :
|
||||
⟦ variablesAt prog.finalState (result ConstLattice prog) ⟧ ρ :=
|
||||
Forward.analyze_correct ConstLattice prog hrun
|
||||
|
||||
theorem analyze_correct_at {ρf : Env} (hrun : EvalStmt [] prog.rootStmt ρf)
|
||||
{s : prog.State} {ρin ρout : Env}
|
||||
(hr : Reaches (prog.trace hrun) s ρin ρout) :
|
||||
⟦ joinForKey s (result ConstLattice prog) ⟧ ρin
|
||||
∧ ⟦ variablesAt s (result ConstLattice prog) ⟧ ρout :=
|
||||
Forward.analyze_correct_at ConstLattice prog hrun hr
|
||||
|
||||
end ConstAnalysis
|
||||
|
||||
end Spa
|
||||
174
lean/Spa/Analysis/Forward.lean
Normal file
174
lean/Spa/Analysis/Forward.lean
Normal file
@@ -0,0 +1,174 @@
|
||||
import Spa.Analysis.Forward.Lattices
|
||||
import Spa.Analysis.Forward.Evaluation
|
||||
import Spa.Analysis.Forward.Adapters
|
||||
import Spa.Fixedpoint
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace Forward
|
||||
|
||||
variable {L : Type} [FiniteHeightLattice L] {prog : Program} [E : StmtEvaluator L prog]
|
||||
|
||||
def updateVariablesForState (s : prog.State) (sv : StateVariables L prog) :
|
||||
VariableValues L prog := E.eval s (variablesAt s sv)
|
||||
|
||||
lemma updateVariablesForState_mono (s : prog.State) :
|
||||
Monotone (updateVariablesForState (L := L) s) := fun _ _ hle =>
|
||||
E.eval_mono s (variablesAt_le hle s)
|
||||
|
||||
def updateAll (sv : StateVariables L prog) : StateVariables L prog :=
|
||||
FiniteMap.generalizedUpdate id updateVariablesForState
|
||||
prog.states sv
|
||||
|
||||
lemma updateAll_mono : Monotone (updateAll (L := L) (prog := prog)) :=
|
||||
FiniteMap.generalizedUpdate_monotone monotone_id updateVariablesForState_mono
|
||||
|
||||
lemma updateAll_mem_eq {s : prog.State} {vs : VariableValues L prog}
|
||||
{sv : StateVariables L prog} (hmem : (s, vs) ∈ updateAll sv) :
|
||||
vs = updateVariablesForState s sv :=
|
||||
FiniteMap.generalizedUpdate_mem_eq (prog.states_complete s) hmem
|
||||
|
||||
lemma variablesAt_updateAll (s : prog.State) (sv : StateVariables L prog) :
|
||||
variablesAt s (updateAll sv) = updateVariablesForState s sv :=
|
||||
updateAll_mem_eq (variablesAt_mem s (updateAll sv))
|
||||
|
||||
def analyze (sv : StateVariables L prog) : StateVariables L prog :=
|
||||
updateAll (joinAll sv)
|
||||
|
||||
lemma analyze_mono : Monotone (analyze (L := L) (prog := prog)) := fun _ _ hle =>
|
||||
updateAll_mono (joinAll_mono hle)
|
||||
|
||||
variable [DecidableEq L]
|
||||
|
||||
variable (L prog) in
|
||||
def result : StateVariables L prog :=
|
||||
Fixedpoint.aFix analyze analyze_mono
|
||||
|
||||
variable (L prog) in
|
||||
lemma result_eq : result L prog = analyze (result L prog) :=
|
||||
Fixedpoint.aFix_eq analyze analyze_mono
|
||||
|
||||
lemma joinForKey_initialState :
|
||||
joinForKey prog.initialState (result L prog) = botV L prog := by
|
||||
rw [joinForKey, prog.incoming_initialState_eq_nil]
|
||||
rfl
|
||||
|
||||
class ValidStateEvaluator (L : Type) [FiniteHeightLattice L] (prog : Program)
|
||||
[E : StmtEvaluator L prog] [S : StateInterpretation L prog] where
|
||||
valid : ∀ (s₁ s₂ : prog.State) {ρ₁ ρ₂ ρ₃: Env}
|
||||
{vs : VariableValues L prog},
|
||||
(tr : Traceₗ prog.cfg s₁ s₂ ρ₁ ρ₂) →
|
||||
(hbs : EvalBasicStmtOpt ρ₂ (prog.cfg.nodes s₂) ρ₃) → ⟦ vs ⟧ (S.Pre tr) →
|
||||
⟦ E.eval s₂ vs ⟧ (S.Post (tr ++ hbs))
|
||||
botV_init : ⟦ botV L prog ⟧ (S.Pre (Traceₗ.single prog.cfg prog.initialState []))
|
||||
|
||||
instance [LatticeInterpretation L] [ValidStmtEvaluator L prog] :
|
||||
ValidStateEvaluator L prog where
|
||||
valid := by intro _ _ _ _ _ _ tr hbs hvs; exact ValidStmtEvaluator.valid hbs hvs
|
||||
botV_init := by intro k l _ v hmem; cases hmem
|
||||
|
||||
section
|
||||
variable [S : StateInterpretation L prog] [V : ValidStateEvaluator L prog]
|
||||
|
||||
omit [DecidableEq L] in
|
||||
lemma updateAll_matches {s₁ s₂ : prog.State} {sv : StateVariables L prog}
|
||||
{ρ₁ ρ₂ ρ₃ : Env}
|
||||
(tr : Traceₗ prog.cfg s₁ s₂ ρ₁ ρ₂)
|
||||
(hnode : EvalBasicStmtOpt ρ₂ (prog.code s₂) ρ₃)
|
||||
(hvs : ⟦ variablesAt s₂ sv ⟧ (S.Pre tr)) :
|
||||
⟦ variablesAt s₂ (updateAll sv) ⟧ (S.Post (tr ++ hnode)) := by
|
||||
rw [variablesAt_updateAll]
|
||||
exact V.valid s₁ s₂ tr hnode hvs
|
||||
|
||||
lemma stepTrace {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
|
||||
(tr : Traceₗ prog.cfg s₁ s₂ ρ₁ ρ₂)
|
||||
(hjoin : ⟦ joinForKey s₂ (result L prog) ⟧ (S.Pre tr))
|
||||
(hnode : EvalBasicStmtOpt ρ₂ (prog.code s₂) ρ₃) :
|
||||
⟦ variablesAt s₂ (result L prog) ⟧ (S.Post (tr ++ hnode)) := by
|
||||
rw [result_eq L prog]
|
||||
refine updateAll_matches tr hnode ?_
|
||||
rw [variablesAt_joinAll]
|
||||
exact hjoin
|
||||
|
||||
/-- Soundness at *every* visited node: if the analysis result over-approximates the
|
||||
incoming environment at the start of the trace, then at each node reached along the
|
||||
way it over-approximates both the environment entering that node (via `joinForKey`)
|
||||
and the environment leaving it (via `variablesAt`). The intermediate `variablesAt`
|
||||
evidence used to be computed and discarded inside `walkTrace`; here it is returned. -/
|
||||
lemma walkTrace_reaches {s₁ s₂ s₃: prog.State} {ρ₁ ρ₂ ρ₃: Env}
|
||||
{s : prog.State} {ρin ρout : Env}
|
||||
{tr : Trace prog.cfg s₂ s₃ ρ₂ ρ₃}
|
||||
(hr : Reaches tr s ρin ρout)
|
||||
(trₗ : Traceₗ prog.cfg s₁ s₂ ρ₁ ρ₂)
|
||||
(hjoin : ⟦ joinForKey s₂ (result L prog) ⟧ (S.Pre trₗ)) :
|
||||
⟦ joinForKey s (result L prog) ⟧ (S.Pre (trₗ ++ hr.pre))
|
||||
∧ ⟦ variablesAt s (result L prog) ⟧ (S.Post (trₗ ++ hr.post)) := by
|
||||
induction hr with
|
||||
| single_here hnode =>
|
||||
simp [Reaches.pre, Reaches.post]
|
||||
refine ⟨?_, ?_⟩ <;> try simpa [HAppend.hAppend]
|
||||
exact stepTrace trₗ hjoin hnode
|
||||
| edge_here hnode hedge rest =>
|
||||
simp [Reaches.pre, Reaches.post]
|
||||
refine ⟨?_, ?_⟩ <;> try simpa [HAppend.hAppend]
|
||||
exact stepTrace trₗ hjoin hnode
|
||||
| edge_there hnode hedge rest hr' ih =>
|
||||
have hstep := stepTrace trₗ hjoin hnode
|
||||
have hmem := FiniteMap.mem_valuesAt prog.states_nodup
|
||||
(prog.mem_incoming_of_edge hedge) (variablesAt_mem _ (result L prog))
|
||||
simpa [Reaches.pre, Reaches.post, HAppend.hAppend] using
|
||||
ih ((trₗ ++ hnode).addEdge hedge)
|
||||
(interp_foldr (S.post_pre (trₗ ++ hnode) hedge hstep) hmem)
|
||||
|
||||
omit [DecidableEq L] in
|
||||
/-- The final node of a trace is always reached, with the environment/state the trace
|
||||
ends in. Used to recover the final-state soundness theorem from `walkTrace_reaches`. -/
|
||||
def reaches_final {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
|
||||
(tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂) :
|
||||
Σ ρin, Reaches tr s₂ ρin ρ₂ :=
|
||||
match tr with
|
||||
| .single hnode => ⟨_, .single_here hnode⟩
|
||||
| .edge hnode hedge rest =>
|
||||
let ⟨ρin, r'⟩ := reaches_final rest; ⟨ρin, .edge_there hnode hedge _ r'⟩
|
||||
|
||||
omit [DecidableEq L] in
|
||||
/-- Reaching the final node covers the whole trace. -/
|
||||
@[simp] lemma reaches_final_post {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
|
||||
(tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂) :
|
||||
(reaches_final tr).2.post = tr := by
|
||||
induction tr with
|
||||
| single hnode => rfl
|
||||
| edge hnode hedge rest ih => simp [reaches_final, Reaches.post, ih]
|
||||
|
||||
variable (L prog) in
|
||||
/-- Soundness at every program point reached during execution: for any node `s` visited
|
||||
by the run `hrun` (witnessed by `hr`), the analysis result over-approximates both the
|
||||
environment entering `s` and the one leaving it. The final-state theorem
|
||||
`analyze_correct_state` is the special case where `s` is `prog.finalState`. -/
|
||||
theorem analyze_correct_at {ρf : Env} (hrun : EvalStmt [] prog.rootStmt ρf)
|
||||
{s : prog.State} {ρin ρout : Env}
|
||||
(hr : Reaches (prog.trace hrun) s ρin ρout) :
|
||||
⟦ joinForKey s (result L prog) ⟧ (S.Pre hr.pre)
|
||||
∧ ⟦ variablesAt s (result L prog) ⟧ (S.Post hr.post) := by
|
||||
refine walkTrace_reaches hr (Traceₗ.single _ _ []) ?_
|
||||
rw [joinForKey_initialState]
|
||||
exact ValidStateEvaluator.botV_init
|
||||
|
||||
variable (L prog) in
|
||||
theorem analyze_correct'
|
||||
{ρ : Env} (hrun : EvalStmt [] prog.rootStmt ρ) :
|
||||
⟦ variablesAt prog.finalState (result L prog) ⟧ (S.Post (prog.trace hrun)) := by
|
||||
have h := (analyze_correct_at L prog hrun (reaches_final (prog.trace hrun)).2).2
|
||||
rwa [reaches_final_post] at h
|
||||
|
||||
end
|
||||
|
||||
variable (L prog) in
|
||||
theorem analyze_correct [LatticeInterpretation L] [ValidStmtEvaluator L prog]
|
||||
{ρ : Env} (hrun : EvalStmt [] prog.rootStmt ρ) :
|
||||
⟦ variablesAt prog.finalState (result L prog) ⟧ ρ :=
|
||||
analyze_correct' L prog hrun
|
||||
|
||||
end Forward
|
||||
|
||||
end Spa
|
||||
64
lean/Spa/Analysis/Forward/Adapters.lean
Normal file
64
lean/Spa/Analysis/Forward/Adapters.lean
Normal file
@@ -0,0 +1,64 @@
|
||||
import Spa.Analysis.Forward.Evaluation
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace Forward
|
||||
|
||||
variable {L : Type} [Lattice L] {prog : Program} [E : ExprEvaluator L prog]
|
||||
|
||||
def updateVariablesFromExpression (k : String) (e : Expr)
|
||||
(vs : VariableValues L prog) : VariableValues L prog :=
|
||||
FiniteMap.generalizedUpdate id (fun _ vs => E.eval e vs) [k] vs
|
||||
|
||||
lemma updateVariablesFromExpression_mono (k : String) (e : Expr) :
|
||||
Monotone (updateVariablesFromExpression (L := L) (prog := prog) k e) :=
|
||||
FiniteMap.generalizedUpdate_monotone monotone_id (fun _ => E.eval_mono e)
|
||||
|
||||
def evalBasicStmt (bs : BasicStmt)
|
||||
(vs : VariableValues L prog) : VariableValues L prog :=
|
||||
match bs with
|
||||
| .assign k e => updateVariablesFromExpression k e vs
|
||||
| .noop => vs
|
||||
|
||||
lemma evalBasicStmt_mono (bs : BasicStmt) :
|
||||
Monotone (evalBasicStmt (L := L) (prog := prog) bs) := by
|
||||
cases bs with
|
||||
| assign k e => exact updateVariablesFromExpression_mono k e
|
||||
| noop => exact monotone_id
|
||||
|
||||
def evalBasicStmtOpt (obs : Option BasicStmt)
|
||||
(vs : VariableValues L prog) : VariableValues L prog :=
|
||||
match obs with
|
||||
| none => vs
|
||||
| some bs => evalBasicStmt bs vs
|
||||
|
||||
lemma evalBasicStmtOpt_mono (obs : Option BasicStmt) :
|
||||
Monotone (evalBasicStmtOpt (L := L) (prog := prog) obs) := by
|
||||
cases obs <;> unfold evalBasicStmtOpt
|
||||
· exact monotone_id
|
||||
· apply evalBasicStmt_mono
|
||||
|
||||
instance ExprEvaluator.toStmtEvaluator : StmtEvaluator L prog :=
|
||||
⟨evalBasicStmtOpt ∘ prog.code,
|
||||
by intro s; simp; exact (evalBasicStmtOpt_mono (prog.code s))⟩
|
||||
|
||||
instance ExprEvaluator.toStmtEvaluator_valid [LatticeInterpretation L]
|
||||
[ValidExprEvaluator L prog] : ValidStmtEvaluator L prog := by
|
||||
constructor
|
||||
simp [StmtEvaluator.eval, evalBasicStmtOpt]
|
||||
intro s vs ρ₁ ρ₂; generalize prog.code s = obs; intro hev hvs
|
||||
rcases hev with _ | @⟨_,bs,hev⟩ <;> try simpa
|
||||
rcases hev with _ | @⟨k, e, v, hev⟩ <;> try simpa
|
||||
intros k' l' hkl' v' hρ
|
||||
rcases hρ with _ | ⟨_,_,_,_,_,hne,hmem⟩ <;> simp [evalBasicStmt] at hkl'
|
||||
· have hl := FiniteMap.generalizedUpdate_mem_eq (f := id)
|
||||
(g := fun _ vs => E.eval e vs) (List.mem_singleton_self k) hkl'
|
||||
rewrite [hl]; simp
|
||||
exact ValidExprEvaluator.valid hev hvs
|
||||
· have hl := FiniteMap.generalizedUpdate_not_mem_backward
|
||||
(fun hmem => hne (List.mem_singleton.mp hmem)) hkl'
|
||||
apply hvs _ _ hl _ hmem
|
||||
|
||||
end Forward
|
||||
|
||||
end Spa
|
||||
29
lean/Spa/Analysis/Forward/Evaluation.lean
Normal file
29
lean/Spa/Analysis/Forward/Evaluation.lean
Normal file
@@ -0,0 +1,29 @@
|
||||
import Spa.Analysis.Forward.Lattices
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace Forward
|
||||
|
||||
variable (L : Type) [Lattice L] (prog : Program)
|
||||
|
||||
class StmtEvaluator where
|
||||
eval : prog.State → VariableValues L prog → VariableValues L prog
|
||||
eval_mono : ∀ s, Monotone (eval s)
|
||||
|
||||
class ExprEvaluator where
|
||||
eval : Expr → VariableValues L prog → L
|
||||
eval_mono : ∀ e, Monotone (eval e)
|
||||
|
||||
class ValidExprEvaluator [ExprEvaluator L prog] [I : LatticeInterpretation L] :
|
||||
Prop where
|
||||
valid : ∀ {vs : VariableValues L prog} {ρ : Env} {e : Expr} {v : Value},
|
||||
EvalExpr ρ e v → ⟦ vs ⟧ ρ → I.interp (ExprEvaluator.eval e vs) v
|
||||
|
||||
class ValidStmtEvaluator [E : StmtEvaluator L prog] [LatticeInterpretation L] :
|
||||
Prop where
|
||||
valid : ∀ {s : prog.State} {vs : VariableValues L prog} {ρ₁ ρ₂ : Env},
|
||||
EvalBasicStmtOpt ρ₁ (prog.code s) ρ₂ → ⟦ vs ⟧ ρ₁ → ⟦ E.eval s vs ⟧ ρ₂
|
||||
|
||||
end Forward
|
||||
|
||||
end Spa
|
||||
121
lean/Spa/Analysis/Forward/Lattices.lean
Normal file
121
lean/Spa/Analysis/Forward/Lattices.lean
Normal file
@@ -0,0 +1,121 @@
|
||||
import Spa.Language
|
||||
import Spa.Lattice.FiniteMap
|
||||
import Spa.Interp
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace Forward
|
||||
|
||||
variable (L : Type) [Lattice L] (prog : Program)
|
||||
|
||||
abbrev VariableValues : Type := FiniteMap String L prog.vars
|
||||
|
||||
abbrev StateVariables : Type := FiniteMap prog.State (VariableValues L prog) prog.states
|
||||
|
||||
def botV [FiniteHeightLattice L] : VariableValues L prog :=
|
||||
(⊥ : VariableValues L prog)
|
||||
|
||||
variable {L prog}
|
||||
|
||||
omit [Lattice L] in
|
||||
lemma states_memKey (s : prog.State) (sv : StateVariables L prog) :
|
||||
FiniteMap.MemKey s sv :=
|
||||
FiniteMap.MemKey_iff.mpr (prog.states_complete s)
|
||||
|
||||
def variablesAt (s : prog.State) (sv : StateVariables L prog) :
|
||||
VariableValues L prog :=
|
||||
(FiniteMap.locate (states_memKey s sv)).1
|
||||
|
||||
omit [Lattice L] in
|
||||
lemma variablesAt_mem (s : prog.State) (sv : StateVariables L prog) :
|
||||
(s, variablesAt s sv) ∈ sv :=
|
||||
(FiniteMap.locate (states_memKey s sv)).2
|
||||
|
||||
lemma variablesAt_le {sv₁ sv₂ : StateVariables L prog} (hle : sv₁ ≤ sv₂)
|
||||
(s : prog.State) : variablesAt s sv₁ ≤ variablesAt s sv₂ :=
|
||||
FiniteMap.le_of_mem_mem prog.states_nodup hle
|
||||
(variablesAt_mem s sv₁) (variablesAt_mem s sv₂)
|
||||
|
||||
variable [FiniteHeightLattice L]
|
||||
|
||||
def joinForKey (k : prog.State) (sv : StateVariables L prog) :
|
||||
VariableValues L prog :=
|
||||
(sv.valuesAt (prog.incoming k)).foldr (· ⊔ ·) (botV L prog)
|
||||
|
||||
lemma joinForKey_mono (k : prog.State) :
|
||||
Monotone (joinForKey (L := L) k) := by
|
||||
intro sv₁ sv₂ hle
|
||||
exact foldr_mono _ (FiniteMap.valuesAt_le hle (prog.incoming k)) (le_refl _)
|
||||
(fun b _ _ hab => sup_le_sup_right hab b)
|
||||
(fun a _ _ hab => sup_le_sup_left hab a)
|
||||
|
||||
def joinAll (sv : StateVariables L prog) : StateVariables L prog :=
|
||||
FiniteMap.generalizedUpdate id joinForKey prog.states sv
|
||||
|
||||
lemma joinAll_mono : Monotone (joinAll (L := L) (prog := prog)) :=
|
||||
FiniteMap.generalizedUpdate_monotone monotone_id joinForKey_mono
|
||||
|
||||
lemma joinAll_mem_eq {s : prog.State} {vs : VariableValues L prog}
|
||||
{sv : StateVariables L prog} (h : (s, vs) ∈ joinAll sv) :
|
||||
vs = joinForKey s sv :=
|
||||
FiniteMap.generalizedUpdate_mem_eq (prog.states_complete s) h
|
||||
|
||||
lemma variablesAt_joinAll (s : prog.State) (sv : StateVariables L prog) :
|
||||
variablesAt s (joinAll sv) = joinForKey s sv :=
|
||||
joinAll_mem_eq (variablesAt_mem s (joinAll sv))
|
||||
|
||||
class StateInterpretation (L : Type) [Lattice L] (prog : Program) where
|
||||
Proj : Type
|
||||
Pre : ∀ {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}, Traceₗ prog.cfg s₁ s₂ ρ₁ ρ₂ → Proj
|
||||
Post : ∀ {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}, Trace prog.cfg s₁ s₂ ρ₁ ρ₂ → Proj
|
||||
|
||||
interp : VariableValues L prog → (p : Proj) → Prop
|
||||
interp_sup : ∀ {vs₁ vs₂ : VariableValues L prog} {p : Proj},
|
||||
interp vs₁ p ∨ interp vs₂ p → interp (vs₁ ⊔ vs₂) p
|
||||
interp_inf : ∀ {vs₁ vs₂ : VariableValues L prog} {p : Proj},
|
||||
interp vs₁ p ∧ interp vs₂ p → interp (vs₁ ⊓ vs₂) p
|
||||
|
||||
post_pre : ∀ {vs} {s₁ s₂ s₃: prog.State} {ρ₁ ρ₂ : Env}
|
||||
(tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂) (hedge : (s₂, s₃) ∈ prog.cfg.edges),
|
||||
interp vs (Post tr) → interp vs (Pre (tr.addEdge hedge))
|
||||
|
||||
instance [S : StateInterpretation L prog] :
|
||||
Interp (VariableValues L prog) (S.Proj → Prop) :=
|
||||
⟨S.interp⟩
|
||||
|
||||
lemma interp_foldr [S : StateInterpretation L prog]
|
||||
{vs : VariableValues L prog} {vss : List (VariableValues L prog)}
|
||||
{p : S.Proj} (hvs : ⟦ vs ⟧ p) (hmem : vs ∈ vss) :
|
||||
⟦ vss.foldr (· ⊔ ·) (botV L prog) ⟧ p := by
|
||||
induction vss with
|
||||
| nil => cases hmem
|
||||
| cons vs' vss' ih =>
|
||||
rcases List.mem_cons.mp hmem with rfl | hmem'
|
||||
· exact S.interp_sup (Or.inl hvs)
|
||||
· exact S.interp_sup (Or.inr (ih hmem'))
|
||||
|
||||
variable [I : LatticeInterpretation L]
|
||||
|
||||
instance : StateInterpretation L prog where
|
||||
Proj := Env
|
||||
Pre := fun {_ _ _ ρ₂} _ => ρ₂
|
||||
Post := fun {_ _ _ ρ₂} _ => ρ₂
|
||||
|
||||
interp vs ρ := ∀ (k : String) (l : L), (k, l) ∈ vs →
|
||||
∀ (v : Value), Env.Mem (k, v) ρ → I.interp l v
|
||||
interp_sup := by
|
||||
intro vs₁ vs₂ ρ h k l hmem v hv
|
||||
obtain ⟨l₁, l₂, rfl, h₁, h₂⟩ := FiniteMap.mem_sup hmem
|
||||
rcases h with h | h
|
||||
· exact I.interp_sup v (Or.inl (h _ _ h₁ _ hv))
|
||||
· exact I.interp_sup v (Or.inr (h _ _ h₂ _ hv))
|
||||
interp_inf := by
|
||||
intro vs₁ vs₂ ρ h k l hmem v hv
|
||||
obtain ⟨l₁, l₂, rfl, h₁, h₂⟩ := FiniteMap.mem_inf hmem
|
||||
exact I.interp_inf v ⟨h.1 _ _ h₁ _ hv, h.2 _ _ h₂ _ hv⟩
|
||||
post_pre := by simp
|
||||
|
||||
|
||||
end Forward
|
||||
|
||||
end Spa
|
||||
135
lean/Spa/Analysis/Reaching.lean
Normal file
135
lean/Spa/Analysis/Reaching.lean
Normal file
@@ -0,0 +1,135 @@
|
||||
import Spa.Analysis.Forward
|
||||
import Spa.Lattice.Finset
|
||||
import Spa.Language.Tagged.Graphs
|
||||
import Spa.Showable
|
||||
|
||||
namespace Spa
|
||||
|
||||
open Forward
|
||||
|
||||
instance {n : ℕ} : Showable (Finset (Fin n)) :=
|
||||
⟨fun s =>
|
||||
"{" ++ (List.finRange n).foldr
|
||||
(fun i rest => if i ∈ s then show' i ++ ", " ++ rest else rest) ""
|
||||
++ "}"⟩
|
||||
|
||||
abbrev DefSet (prog : Program) : Type := Finset prog.NodeId
|
||||
|
||||
namespace ReachingAnalysis
|
||||
|
||||
variable (prog : Program)
|
||||
|
||||
def genSet (s : prog.State) : DefSet prog := (prog.nodeIdOf s).elim {} (fun x => {x})
|
||||
|
||||
def eval (s : prog.State) (vs : VariableValues (DefSet prog) prog) : VariableValues (DefSet prog) prog :=
|
||||
match prog.code s with
|
||||
| none => vs
|
||||
| some bs =>
|
||||
match bs with
|
||||
| .assign k _ => FiniteMap.generalizedUpdate id (fun _ _ => genSet prog s) [k] vs
|
||||
| .noop => vs
|
||||
|
||||
lemma eval_mono (s : prog.State) :
|
||||
Monotone (eval prog s) := by
|
||||
intros vs₁ vs₂ hle
|
||||
unfold eval; split <;> try simpa
|
||||
split <;> try simpa
|
||||
apply FiniteMap.generalizedUpdate_monotone monotone_id (fun _ => monotone_const)
|
||||
assumption
|
||||
|
||||
instance stmtEvaluator : StmtEvaluator (DefSet prog) prog :=
|
||||
⟨eval prog, eval_mono prog⟩
|
||||
|
||||
def output : String :=
|
||||
show' (result (DefSet prog) prog)
|
||||
|
||||
/-- The statements a trace executed, paired with the state each executed at,
|
||||
most recent first (matching `LastAssign`, which scans for the most recent
|
||||
assignment). This is `Trace.steps` (chronological) reversed, so facts about
|
||||
concatenating traces reduce to mathlib's `List.append`/`List.reverse` lemmas. -/
|
||||
abbrev Run (prog : Program) : Type := List (prog.State × BasicStmt)
|
||||
|
||||
@[aesop unsafe cases]
|
||||
inductive LastAssign (prog : Program) (x : String) : Run prog → prog.NodeId → Prop
|
||||
| here (s : prog.State) (e : Expr) (hc : prog.code s = some (.assign x e))
|
||||
(rest : Run prog) :
|
||||
LastAssign prog x ((s, .assign x e) :: rest) (prog.nodeIdOfNonempty s hc)
|
||||
| there (s : prog.State) (bs : BasicStmt) (hc : prog.code s = some bs)
|
||||
(rest : Run prog) {n : prog.NodeId} :
|
||||
(∀ e, bs ≠ .assign x e) → LastAssign prog x rest n →
|
||||
LastAssign prog x ((s, bs) :: rest) n
|
||||
|
||||
def runOfTraceₗ {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
|
||||
(tr : Traceₗ prog.cfg s₁ s₂ ρ₁ ρ₂) : Run prog :=
|
||||
tr.steps.reverse
|
||||
|
||||
def runOfTrace {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
|
||||
(tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂) : Run prog :=
|
||||
tr.steps.reverse
|
||||
|
||||
instance stateInterp : StateInterpretation (DefSet prog) prog where
|
||||
Proj := Run prog
|
||||
Pre := @runOfTraceₗ prog
|
||||
Post := @runOfTrace prog
|
||||
|
||||
interp vs run := ∀ (x : String) (assigners : DefSet prog), (x, assigners) ∈ vs →
|
||||
∀ (n : prog.NodeId), LastAssign prog x run n → n ∈ assigners
|
||||
interp_sup := by
|
||||
intro vs₁ vs₂ run h x assigners hmem n hla
|
||||
obtain ⟨a₁, a₂, rfl, h₁, h₂⟩ := FiniteMap.mem_sup hmem
|
||||
aesop (add simp Finset.mem_union)
|
||||
interp_inf := by
|
||||
intro vs₁ vs₂ run h x assigners hmem n hla
|
||||
obtain ⟨a₁, a₂, rfl, h₁, h₂⟩ := FiniteMap.mem_inf hmem
|
||||
aesop (add simp Finset.mem_inter)
|
||||
|
||||
post_pre := by
|
||||
intro vs s₁ s₂ s₃ ρ₁ ρ₂ tr hedge hvs
|
||||
simpa [runOfTrace, runOfTraceₗ] using hvs
|
||||
|
||||
private lemma valid_step (s : prog.State) {ρ₁ ρ₂ : Env}
|
||||
{obs : Option BasicStmt} (hcode : prog.code s = obs)
|
||||
(hbs : EvalBasicStmtOpt ρ₁ obs ρ₂)
|
||||
{vs : VariableValues (DefSet prog) prog} {run : Run prog}
|
||||
(hvs : ⟦vs⟧ run) :
|
||||
⟦eval prog s vs⟧ ((hbs.steps s).reverse ++ run) := by
|
||||
cases hbs with
|
||||
| none => simpa [eval, hcode, EvalBasicStmtOpt.steps] using hvs
|
||||
| some hbs =>
|
||||
cases hbs with
|
||||
| noop =>
|
||||
simp [eval, hcode, EvalBasicStmtOpt.steps]
|
||||
intro x assigners hmem n hla; aesop
|
||||
| assign x e v hev =>
|
||||
simp [eval, hcode, EvalBasicStmtOpt.steps]; intro k assigners hmem n hla
|
||||
by_cases hx : k = x
|
||||
· subst hx
|
||||
have hd := FiniteMap.generalizedUpdate_mem_eq (List.mem_singleton.mpr rfl) hmem
|
||||
rcases hla
|
||||
<;> simp [Program.nodeIdOfNonempty, hd, genSet, Option.get] <;> aesop
|
||||
· have hmem' := FiniteMap.generalizedUpdate_not_mem_backward
|
||||
(fun hc => hx (List.mem_singleton.mp hc)) hmem
|
||||
aesop
|
||||
|
||||
instance validStateEvaluator : ValidStateEvaluator (DefSet prog) prog where
|
||||
valid := by
|
||||
intro s₁ s₂ ρ₁ ρ₂ ρ₃ vs tr hbs hvs
|
||||
show ⟦eval prog s₂ vs⟧ (runOfTrace prog (tr ++ hbs))
|
||||
simpa [runOfTrace, runOfTraceₗ] using valid_step prog s₂ rfl hbs hvs
|
||||
botV_init := by intro x assigners _ n hla; cases hla
|
||||
|
||||
theorem analyze_correct {ρ : Env} (hrun : EvalStmt [] prog.rootStmt ρ) :
|
||||
⟦ variablesAt prog.finalState (result (DefSet prog) prog) ⟧
|
||||
(runOfTrace prog (prog.trace hrun)) :=
|
||||
Forward.analyze_correct' (DefSet prog) prog hrun
|
||||
|
||||
theorem analyze_correct_at {ρf : Env} (hrun : EvalStmt [] prog.rootStmt ρf)
|
||||
{s : prog.State} {ρin ρout : Env}
|
||||
(hr : Reaches (prog.trace hrun) s ρin ρout) :
|
||||
⟦ joinForKey s (result (DefSet prog) prog) ⟧ (runOfTraceₗ prog hr.pre)
|
||||
∧ ⟦ variablesAt s (result (DefSet prog) prog) ⟧ (runOfTrace prog hr.post) :=
|
||||
Forward.analyze_correct_at (DefSet prog) prog hrun hr
|
||||
|
||||
end ReachingAnalysis
|
||||
|
||||
end Spa
|
||||
225
lean/Spa/Analysis/Sign.lean
Normal file
225
lean/Spa/Analysis/Sign.lean
Normal file
@@ -0,0 +1,225 @@
|
||||
import Spa.Analysis.Forward
|
||||
import Spa.Analysis.Utils
|
||||
import Spa.Interp
|
||||
import Spa.Showable
|
||||
|
||||
namespace Spa
|
||||
|
||||
open Forward
|
||||
|
||||
inductive Sign where
|
||||
| plus
|
||||
| minus
|
||||
| zero
|
||||
deriving DecidableEq
|
||||
|
||||
attribute [aesop safe cases] Sign
|
||||
|
||||
instance : Showable Sign :=
|
||||
⟨fun
|
||||
| .plus => "+"
|
||||
| .minus => "-"
|
||||
| .zero => "0"⟩
|
||||
|
||||
instance : Inhabited Sign := ⟨.zero⟩
|
||||
|
||||
abbrev SignLattice : Type := AboveBelow Sign
|
||||
|
||||
open AboveBelow in
|
||||
def plus : SignLattice → SignLattice → SignLattice
|
||||
| bot, _ => bot
|
||||
| _, bot => bot
|
||||
| top, _ => top
|
||||
| _, top => top
|
||||
| mk .plus, mk .plus => mk .plus
|
||||
| mk .plus, mk .minus => top
|
||||
| mk .plus, mk .zero => mk .plus
|
||||
| mk .minus, mk .plus => top
|
||||
| mk .minus, mk .minus => mk .minus
|
||||
| mk .minus, mk .zero => mk .minus
|
||||
| mk .zero, mk .plus => mk .plus
|
||||
| mk .zero, mk .minus => mk .minus
|
||||
| mk .zero, mk .zero => mk .zero
|
||||
|
||||
open AboveBelow in
|
||||
def minus : SignLattice → SignLattice → SignLattice
|
||||
| bot, _ => bot
|
||||
| _, bot => bot
|
||||
| top, _ => top
|
||||
| _, top => top
|
||||
| mk .plus, mk .plus => top
|
||||
| mk .plus, mk .minus => mk .plus
|
||||
| mk .plus, mk .zero => mk .plus
|
||||
| mk .minus, mk .plus => mk .minus
|
||||
| mk .minus, mk .minus => top
|
||||
| mk .minus, mk .zero => mk .minus
|
||||
| mk .zero, mk .plus => mk .minus
|
||||
| mk .zero, mk .minus => mk .plus
|
||||
| mk .zero, mk .zero => mk .zero
|
||||
|
||||
lemma plus_mono₂ : Monotone₂ plus :=
|
||||
AboveBelow.monotone₂_of_strict plus
|
||||
(fun y => by aesop) (fun x => by aesop)
|
||||
(fun y hy => by aesop) (fun x hx => by aesop)
|
||||
|
||||
lemma minus_mono₂ : Monotone₂ minus :=
|
||||
AboveBelow.monotone₂_of_strict minus
|
||||
(fun y => by aesop) (fun x => by aesop)
|
||||
(fun y hy => by aesop) (fun x hx => by aesop)
|
||||
|
||||
def interpSign : SignLattice → Value → Prop
|
||||
| .bot, _ => False
|
||||
| .top, _ => True
|
||||
| .mk .plus, v => ∃ n : ℕ, v = .int (n + 1)
|
||||
| .mk .zero, v => v = .int 0
|
||||
| .mk .minus, v => ∃ n : ℕ, v = .int (-(n + 1))
|
||||
|
||||
lemma interpSign_mk_disjoint {s₁ s₂ : Sign} (hne : s₁ ≠ s₂) {v : Value} :
|
||||
¬(interpSign (.mk s₁) v ∧ interpSign (.mk s₂) v) := by
|
||||
rintro ⟨h₁, h₂⟩
|
||||
rcases s₁ <;> rcases s₂ <;> try exact hne rfl
|
||||
all_goals simp only [interpSign] at h₁ h₂
|
||||
· obtain ⟨n₁, rfl⟩ := h₁
|
||||
obtain ⟨n₂, hv⟩ := h₂
|
||||
injection hv with hz
|
||||
omega
|
||||
· obtain ⟨n₁, rfl⟩ := h₁
|
||||
injection h₂ with hz
|
||||
omega
|
||||
· obtain ⟨n₁, rfl⟩ := h₁
|
||||
obtain ⟨n₂, hv⟩ := h₂
|
||||
injection hv with hz
|
||||
omega
|
||||
· obtain ⟨n₁, rfl⟩ := h₁
|
||||
injection h₂ with hz
|
||||
omega
|
||||
· subst h₁
|
||||
obtain ⟨n₂, hv⟩ := h₂
|
||||
injection hv with hz
|
||||
omega
|
||||
· subst h₁
|
||||
obtain ⟨n₂, hv⟩ := h₂
|
||||
injection hv with hz
|
||||
omega
|
||||
|
||||
instance signInterpretation : LatticeInterpretation SignLattice where
|
||||
interp := interpSign
|
||||
interp_sup := fun v h => AboveBelow.interp_sup_of (fun _ h => h) (fun _ => trivial) v h
|
||||
interp_inf := fun v h => AboveBelow.interp_inf_of (fun hne _ => interpSign_mk_disjoint hne) v h
|
||||
|
||||
namespace SignAnalysis
|
||||
|
||||
variable (prog : Program)
|
||||
|
||||
def eval : Expr → VariableValues SignLattice prog → SignLattice
|
||||
| .add e₁ e₂, vs => plus (eval e₁ vs) (eval e₂ vs)
|
||||
| .sub e₁ e₂, vs => minus (eval e₁ vs) (eval e₂ vs)
|
||||
| .var k, vs =>
|
||||
if h : FiniteMap.MemKey k vs then (FiniteMap.locate h).1 else .top
|
||||
| .num 0, _ => .mk .zero
|
||||
| .num (_ + 1), _ => .mk .plus
|
||||
|
||||
lemma eval_mono (e : Expr) : Monotone (eval prog e) := by
|
||||
induction e with
|
||||
| add e₁ e₂ ih₁ ih₂ =>
|
||||
intro vs₁ vs₂ h
|
||||
exact eval_combine₂ plus_mono₂ (ih₁ h) (ih₂ h)
|
||||
| sub e₁ e₂ ih₁ ih₂ =>
|
||||
intro vs₁ vs₂ h
|
||||
exact eval_combine₂ minus_mono₂ (ih₁ h) (ih₂ h)
|
||||
| var k =>
|
||||
intro vs₁ vs₂ h
|
||||
simp only [eval]
|
||||
by_cases hk : k ∈ prog.vars
|
||||
· rw [dif_pos (FiniteMap.MemKey_iff.mpr hk),
|
||||
dif_pos (FiniteMap.MemKey_iff.mpr hk)]
|
||||
exact FiniteMap.le_of_mem_mem prog.vars_nodup h
|
||||
(FiniteMap.locate _).2 (FiniteMap.locate _).2
|
||||
· rw [dif_neg (fun hm => hk (FiniteMap.MemKey_iff.mp hm)),
|
||||
dif_neg (fun hm => hk (FiniteMap.MemKey_iff.mp hm))]
|
||||
| num n =>
|
||||
intro vs₁ vs₂ _
|
||||
cases n <;> exact le_refl _
|
||||
|
||||
instance exprEvaluator : ExprEvaluator SignLattice prog :=
|
||||
⟨eval prog, eval_mono prog⟩
|
||||
|
||||
def output : String :=
|
||||
show' (result SignLattice prog)
|
||||
|
||||
/-- A nonneg-shifted interpretation `∃ n : ℕ, z = n + 1` just means `z` is positive. -/
|
||||
private lemma int_pos_iff (z : ℤ) : (∃ n : ℕ, z = (n : ℤ) + 1) ↔ 0 < z := by
|
||||
constructor
|
||||
· rintro ⟨n, rfl⟩; omega
|
||||
· intro h; exact ⟨(z - 1).toNat, by omega⟩
|
||||
|
||||
/-- Dually, `∃ n : ℕ, z = -(n + 1)` just means `z` is negative. -/
|
||||
private lemma int_neg_iff (z : ℤ) : (∃ n : ℕ, z = -((n : ℤ) + 1)) ↔ z < 0 := by
|
||||
constructor
|
||||
· rintro ⟨n, rfl⟩; omega
|
||||
· intro h; exact ⟨(-z - 1).toNat, by omega⟩
|
||||
|
||||
lemma plus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
|
||||
(h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
|
||||
⟦plus g₁ g₂⟧ (.int (z₁ + z₂)) := by
|
||||
rcases g₁ with _ | _ | s₁ <;> rcases g₂ with _ | _ | s₂ <;>
|
||||
(try rcases s₁) <;> (try rcases s₂) <;>
|
||||
simp only [plus, signInterpretation, interpSign, Value.int.injEq, int_pos_iff, int_neg_iff]
|
||||
at h₁ h₂ ⊢ <;>
|
||||
omega
|
||||
|
||||
lemma minus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
|
||||
(h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
|
||||
⟦minus g₁ g₂⟧ (.int (z₁ - z₂)) := by
|
||||
rcases g₁ with _ | _ | s₁ <;> rcases g₂ with _ | _ | s₂ <;>
|
||||
(try rcases s₁) <;> (try rcases s₂) <;>
|
||||
simp only [minus, signInterpretation, interpSign, Value.int.injEq, int_pos_iff, int_neg_iff]
|
||||
at h₁ h₂ ⊢ <;>
|
||||
omega
|
||||
|
||||
instance eval_valid : ValidExprEvaluator SignLattice prog := by
|
||||
constructor
|
||||
intro vs ρ e v hev
|
||||
induction hev with
|
||||
| num n =>
|
||||
intro _
|
||||
show ⟦eval prog (.num n) vs⟧ (.int n)
|
||||
cases n with
|
||||
| zero => rfl
|
||||
| succ n' => exact ⟨n', congrArg Value.int (by norm_cast)⟩
|
||||
| var x v hxv =>
|
||||
intro hvs
|
||||
show ⟦eval prog (.var x) vs⟧ v
|
||||
simp only [eval]
|
||||
by_cases hk : FiniteMap.MemKey x vs
|
||||
· rw [dif_pos hk]
|
||||
exact hvs _ _ (FiniteMap.locate hk).2 _ hxv
|
||||
· rw [dif_neg hk]
|
||||
exact trivial
|
||||
| add e₁ e₂ z₁ z₂ _ _ ih₁ ih₂ =>
|
||||
intro hvs
|
||||
have h₁ : ⟦eval prog e₁ vs⟧ (.int z₁) := ih₁ hvs
|
||||
have h₂ : ⟦eval prog e₂ vs⟧ (.int z₂) := ih₂ hvs
|
||||
show ⟦eval prog (.add e₁ e₂) vs⟧ (.int (z₁ + z₂))
|
||||
exact plus_valid h₁ h₂
|
||||
| sub e₁ e₂ z₁ z₂ _ _ ih₁ ih₂ =>
|
||||
intro hvs
|
||||
have h₁ : ⟦eval prog e₁ vs⟧ (.int z₁) := ih₁ hvs
|
||||
have h₂ : ⟦eval prog e₂ vs⟧ (.int z₂) := ih₂ hvs
|
||||
show ⟦eval prog (.sub e₁ e₂) vs⟧ (.int (z₁ - z₂))
|
||||
exact minus_valid h₁ h₂
|
||||
|
||||
theorem analyze_correct {ρ : Env} (hrun : EvalStmt [] prog.rootStmt ρ) :
|
||||
⟦ variablesAt prog.finalState (result SignLattice prog) ⟧ ρ :=
|
||||
Forward.analyze_correct SignLattice prog hrun
|
||||
|
||||
theorem analyze_correct_at {ρf : Env} (hrun : EvalStmt [] prog.rootStmt ρf)
|
||||
{s : prog.State} {ρin ρout : Env}
|
||||
(hr : Reaches (prog.trace hrun) s ρin ρout) :
|
||||
⟦ joinForKey s (result SignLattice prog) ⟧ ρin
|
||||
∧ ⟦ variablesAt s (result SignLattice prog) ⟧ ρout :=
|
||||
Forward.analyze_correct_at SignLattice prog hrun hr
|
||||
|
||||
end SignAnalysis
|
||||
|
||||
end Spa
|
||||
10
lean/Spa/Analysis/Utils.lean
Normal file
10
lean/Spa/Analysis/Utils.lean
Normal file
@@ -0,0 +1,10 @@
|
||||
import Spa.Lattice
|
||||
|
||||
namespace Spa
|
||||
|
||||
lemma eval_combine₂ {O : Type*} [Preorder O] {combine : O → O → O}
|
||||
(hmono : Monotone₂ combine) {o₁ o₂ o₃ o₄ : O}
|
||||
(h₁ : o₁ ≤ o₃) (h₂ : o₂ ≤ o₄) : combine o₁ o₂ ≤ combine o₃ o₄ :=
|
||||
le_trans (hmono.1 o₂ h₁) (hmono.2 o₃ h₂)
|
||||
|
||||
end Spa
|
||||
56
lean/Spa/Fixedpoint.lean
Normal file
56
lean/Spa/Fixedpoint.lean
Normal file
@@ -0,0 +1,56 @@
|
||||
import Spa.Lattice
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace Fixedpoint
|
||||
|
||||
open FiniteHeightLattice (height)
|
||||
|
||||
variable {α : Type*} [DecidableEq α] [FiniteHeightLattice α]
|
||||
|
||||
def doStep (f : α → α) (hf : Monotone f) :
|
||||
∀ (g : ℕ) (c : LTSeries α), c.length + g = height (α := α) + 1 →
|
||||
c.last ≤ f c.last → {a : α // a = f a}
|
||||
| 0, c, hlen, _ =>
|
||||
absurd (FiniteHeightLattice.chains_bounded c) (by omega)
|
||||
| g + 1, c, hlen, hle =>
|
||||
if heq : c.last = f c.last then
|
||||
⟨c.last, heq⟩
|
||||
else
|
||||
doStep f hf g (c.snoc (f c.last) (lt_of_le_of_ne hle heq))
|
||||
(by simp [RelSeries.snoc]; omega)
|
||||
(by rw [RelSeries.last_snoc]; exact hf hle)
|
||||
|
||||
def fix (f : α → α) (hf : Monotone f) : {a : α // a = f a} :=
|
||||
doStep f hf (height (α := α) + 1) (RelSeries.singleton _ ⊥)
|
||||
(by simp)
|
||||
(by simp)
|
||||
|
||||
def aFix (f : α → α) (hf : Monotone f) : α :=
|
||||
(fix f hf).1
|
||||
|
||||
theorem aFix_eq (f : α → α) (hf : Monotone f) :
|
||||
aFix f hf = f (aFix f hf) :=
|
||||
(fix f hf).2
|
||||
|
||||
lemma doStep_le (f : α → α) (hf : Monotone f)
|
||||
{b : α} (hb : b = f b) :
|
||||
∀ (g : ℕ) (c : LTSeries α) (hlen : c.length + g = height (α := α) + 1)
|
||||
(hle : c.last ≤ f c.last), c.last ≤ b →
|
||||
(doStep f hf g c hlen hle : α) ≤ b
|
||||
| 0, c, hlen, _ => fun _ =>
|
||||
absurd (FiniteHeightLattice.chains_bounded c) (by omega)
|
||||
| g + 1, c, hlen, hle => fun hcb => by
|
||||
rw [doStep]
|
||||
split
|
||||
· exact hcb
|
||||
· exact doStep_le f hf hb g _ _ _
|
||||
(by rw [RelSeries.last_snoc]; exact le_of_le_of_eq (hf hcb) hb.symm)
|
||||
|
||||
theorem aFix_le (f : α → α) (hf : Monotone f)
|
||||
{a : α} (ha : a = f a) : aFix f hf ≤ a :=
|
||||
doStep_le f hf ha _ _ _ _ (by simp)
|
||||
|
||||
end Fixedpoint
|
||||
|
||||
end Spa
|
||||
20
lean/Spa/Interp.lean
Normal file
20
lean/Spa/Interp.lean
Normal file
@@ -0,0 +1,20 @@
|
||||
import Mathlib.Tactic.TypeStar
|
||||
|
||||
/-!
|
||||
|
||||
# Interpretation to a Semantic Domain
|
||||
|
||||
This file serves to introduce the double-angle-bracket "denotation"
|
||||
notation by prodiving a class instance `Interp`, whose single
|
||||
method `interp` is what the double brackets map to. -/
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- A type `α` that implements this class has denotation / meaning
|
||||
in the semantic domain `dom`. -/
|
||||
class Interp (α : Type*) (dom : outParam Type*) where
|
||||
interp : α → dom
|
||||
|
||||
notation:max (priority := high) "⟦" v "⟧" => Interp.interp v
|
||||
|
||||
end Spa
|
||||
6
lean/Spa/Language.lean
Normal file
6
lean/Spa/Language.lean
Normal file
@@ -0,0 +1,6 @@
|
||||
import Spa.Language.Base
|
||||
import Spa.Language.Semantics
|
||||
import Spa.Language.Graphs
|
||||
import Spa.Language.Traces
|
||||
import Spa.Language.Properties
|
||||
import Spa.Language.Program
|
||||
59
lean/Spa/Language/Base.lean
Normal file
59
lean/Spa/Language/Base.lean
Normal file
@@ -0,0 +1,59 @@
|
||||
import Mathlib.Data.Finset.Basic
|
||||
|
||||
/-!
|
||||
|
||||
# Base Language
|
||||
|
||||
This file defines the core object language for the program analysis and
|
||||
transformation. It's a very basic imperative language. The `Spa/Language/Tagged/Basic.lean`
|
||||
file provides an auto-derived version of the `Expr`, `BasicStmt`, and `Stmt` data
|
||||
types with unique IDs per condtructor, enabling in-AST pointers.
|
||||
|
||||
-/
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- A value-producing expression. Currently, this cannot have side effects. -/
|
||||
inductive Expr where
|
||||
| add (e₁ e₂ : Expr)
|
||||
| sub (e₁ e₂ : Expr)
|
||||
| var (x : String)
|
||||
| num (n : ℕ)
|
||||
deriving DecidableEq
|
||||
|
||||
/-- A statement that cannot alter control flow (and thus, can be part of a basic block).
|
||||
|
||||
This differs from, e.g., a loop, which can cause execution to jump to its top several times. -/
|
||||
inductive BasicStmt where
|
||||
| assign (x : String) (e : Expr)
|
||||
| noop
|
||||
deriving DecidableEq
|
||||
|
||||
/-- Any statements, which may or may not change program state (variable assignments). -/
|
||||
inductive Stmt where
|
||||
| basic (bs : BasicStmt)
|
||||
| andThen (s₁ s₂ : Stmt)
|
||||
| ifElse (e : Expr) (s₁ s₂ : Stmt)
|
||||
| whileLoop (e : Expr) (s : Stmt)
|
||||
deriving DecidableEq
|
||||
|
||||
/-- Variables mentioned in this expression. -/
|
||||
def Expr.vars : Expr → Finset String
|
||||
| .add l r => l.vars ∪ r.vars
|
||||
| .sub l r => l.vars ∪ r.vars
|
||||
| .var s => {s}
|
||||
| .num _ => ∅
|
||||
|
||||
/-- Variables assigned or mentioned in this basic statement. -/
|
||||
def BasicStmt.vars : BasicStmt → Finset String
|
||||
| .assign x e => {x} ∪ e.vars
|
||||
| .noop => ∅
|
||||
|
||||
/-- Variables assigned or mentioned in this statement. -/
|
||||
def Stmt.vars : Stmt → Finset String
|
||||
| .basic bs => bs.vars
|
||||
| .andThen s₁ s₂ => s₁.vars ∪ s₂.vars
|
||||
| .ifElse e s₁ s₂ => (e.vars ∪ s₁.vars) ∪ s₂.vars
|
||||
| .whileLoop e s => e.vars ∪ s.vars
|
||||
|
||||
end Spa
|
||||
360
lean/Spa/Language/Graphs.lean
Normal file
360
lean/Spa/Language/Graphs.lean
Normal file
@@ -0,0 +1,360 @@
|
||||
import Spa.Language.Base
|
||||
import Mathlib.Data.Fin.Tuple.Basic
|
||||
import Mathlib.Data.List.ProdSigma
|
||||
import Mathlib.Data.List.FinRange
|
||||
|
||||
/-!
|
||||
|
||||
# Algebraic Control Flow Graphs
|
||||
|
||||
This file defines control flow graphs and operations to naturally compose them,
|
||||
making it possible to inductively covnert a program in the object language
|
||||
(see `Spa.Stmt` in `Spa/Language/Base.lean`) into its corresponding graph.
|
||||
|
||||
Graphs are, in general, parameterized by their "payload" (the per-node data); see `GGraph`.
|
||||
This is useful because other operations, such as finding the CFG node corresponding
|
||||
to an AST node, are performed by embellishing a graph's basic blocks with their AST
|
||||
identifiers.
|
||||
|
||||
The operations are deliberately a little bit sloppy here, creating empty / statement-less
|
||||
CFG nodes. Additionally, the current CFG construction algorithm doesn't group
|
||||
consecutive statements in a single notional basic block into one node.
|
||||
This makes graph construction much easier to define, and might save us the
|
||||
trouble of (when trying to find the CFG node for an AST node) doing
|
||||
indexing into a list.
|
||||
|
||||
-/
|
||||
|
||||
/-- Logically, when combining `Fin`s from two distinct pools,
|
||||
the combination is disjoint. -/
|
||||
lemma Fin.castAdd_ne_natAdd {n m : ℕ} (i : Fin n) (j : Fin m) :
|
||||
Fin.castAdd m i ≠ Fin.natAdd n j := by
|
||||
intro h
|
||||
have := congrArg Fin.val h
|
||||
simp only [Fin.coe_castAdd, Fin.coe_natAdd] at this
|
||||
omega
|
||||
|
||||
/-- Bump the upper bound of a list of `Fin`s without changing their value. -/
|
||||
def List.finCastAdd {n : ℕ} (l : List (Fin n)) (m : ℕ) : List (Fin (n + m)) :=
|
||||
l.map (Fin.castAdd m)
|
||||
|
||||
/-- Bump the upper bound of a list of `Fin`s by adding the amount to their value. -/
|
||||
def List.finNatAdd {m : ℕ} (l : List (Fin m)) (n : ℕ) : List (Fin (n + m)) :=
|
||||
l.map (Fin.natAdd n)
|
||||
|
||||
/-- Bump the upper bound of a list of `Fin` pairs without changing their value. -/
|
||||
def List.finCastAddProd {n : ℕ} (l : List (Fin n × Fin n)) (m : ℕ) :
|
||||
List (Fin (n + m) × Fin (n + m)) :=
|
||||
l.map (fun e => (e.1.castAdd m, e.2.castAdd m))
|
||||
|
||||
/-- Bump the upper bound of a list of `Fin` pairs by adding the amount to their value. -/
|
||||
def List.finNatAddProd {m : ℕ} (l : List (Fin m × Fin m)) (n : ℕ) :
|
||||
List (Fin (n + m) × Fin (n + m)) :=
|
||||
l.map (fun e => (e.1.natAdd n, e.2.natAdd n))
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- Graph with general (`α`-labeled) nodes. By using a tuple `Fin size → α`
|
||||
and writing `edges` over the `Fin size`, guarantees all edges are between real nodes.
|
||||
|
||||
To make graph composition via operations not force a
|
||||
[`alga`](https://hackage.haskell.org/package/algebraic-graphs)-style "connect"-based
|
||||
algebra, explicitly defines `inputs` and `outputs`, which are the only nodes that
|
||||
get connected when graphs are sequenced. This makes the graph construction
|
||||
operations more naturally fit with how CFGs are created from `Stmt`s. -/
|
||||
structure GGraph (α : Type) where
|
||||
size : ℕ
|
||||
nodes : Fin size → α
|
||||
edges : List (Fin size × Fin size)
|
||||
inputs : List (Fin size)
|
||||
outputs : List (Fin size)
|
||||
|
||||
namespace GGraph
|
||||
|
||||
variable {α β : Type}
|
||||
|
||||
/-- An index (node) in the CFG. -/
|
||||
abbrev Index (g : GGraph α) : Type := Fin g.size
|
||||
|
||||
/-- An edge in the CFG. -/
|
||||
abbrev Edge (g : GGraph α) : Type := g.Index × g.Index
|
||||
|
||||
instance : Functor GGraph where
|
||||
map {α β : Type} (f : α → β) (g : GGraph α) : GGraph β :=
|
||||
{ size := g.size,
|
||||
nodes := f ∘ g.nodes
|
||||
edges := g.edges,
|
||||
inputs := g.inputs,
|
||||
outputs := g.outputs }
|
||||
|
||||
@[simp] lemma map_size (f : α → β) (g : GGraph α) : (f <$> g).size = g.size := rfl
|
||||
@[simp] lemma map_edges (f : α → β) (g : GGraph α) : (f <$> g).edges = g.edges := rfl
|
||||
@[simp] lemma map_inputs (f : α → β) (g : GGraph α) : (f <$> g).inputs = g.inputs := rfl
|
||||
@[simp] lemma map_outputs (f : α → β) (g : GGraph α) : (f <$> g).outputs = g.outputs := rfl
|
||||
|
||||
/-- Overlay two graphs: create a new graph whose nodes and edges come from two
|
||||
sub-graphs, without inserting any additional edges. Also combines the
|
||||
input and output node sets. -/
|
||||
def overlay (g₁ g₂ : GGraph α) : GGraph α where
|
||||
size := g₁.size + g₂.size
|
||||
nodes := Fin.append g₁.nodes g₂.nodes
|
||||
edges := g₁.edges.finCastAddProd g₂.size ++ g₂.edges.finNatAddProd g₁.size
|
||||
inputs := g₁.inputs.finCastAdd g₂.size ++ g₂.inputs.finNatAdd g₁.size
|
||||
outputs := g₁.outputs.finCastAdd g₂.size ++ g₂.outputs.finNatAdd g₁.size
|
||||
|
||||
@[inherit_doc] scoped infixr:70 " ∙ " => GGraph.overlay
|
||||
|
||||
/-- Sequence two CFGs: create a combined graph whose nodes and edges come
|
||||
from two subgraphs, __and__ make all the outputs of the left graph have edges to
|
||||
all the inputs of the right graph. By the semantics of CFGs, this
|
||||
encodes the fact that code first traverses the basic blocks in theleft
|
||||
graph, and does the same for the right graph. -/
|
||||
def sequence (g₁ g₂ : GGraph α) : GGraph α where
|
||||
size := g₁.size + g₂.size
|
||||
nodes := Fin.append g₁.nodes g₂.nodes
|
||||
edges := g₁.edges.finCastAddProd g₂.size ++ g₂.edges.finNatAddProd g₁.size ++
|
||||
(g₁.outputs.finCastAdd g₂.size).product (g₂.inputs.finNatAdd g₁.size)
|
||||
inputs := g₁.inputs.finCastAdd g₂.size
|
||||
outputs := g₂.outputs.finNatAdd g₁.size
|
||||
|
||||
@[inherit_doc] scoped infixr:70 " ⤳ " => GGraph.sequence
|
||||
|
||||
/-- When a graph `g` is wrapped in a `loop`, the index / node corresponding
|
||||
to the input of the new loop. -/
|
||||
def loopIn (g : GGraph α) : Fin (2 + g.size) := (0 : Fin 2).castAdd g.size
|
||||
|
||||
/-- When a graph `g` is wrapped in a `loop`, the index / node corresponding
|
||||
to the output of the new loop. -/
|
||||
def loopOut (g : GGraph α) : Fin (2 + g.size) := (1 : Fin 2).castAdd g.size
|
||||
|
||||
/-- Creates a zero-or-more loop loop in the CFG: connects all the output
|
||||
nodes of the CFG back to the graph's beginning, and also introduces a path
|
||||
to a new ending node (see `loopOut`) which bypasses the entire graph.
|
||||
|
||||
Notably, both the new input (`loopIn`) and new output (`loopOut`)
|
||||
nodes are necessary for correctness: adding a path from inputs to a
|
||||
hypothetical no-op end node encodes something like "just the first statement is executed".
|
||||
Similarly, just adding a path from a a hypothetical no-op beginning node
|
||||
to the outputs encodes "just the last statement is executed".
|
||||
|
||||
This is technically sloppy (see module comment), but it's simple.
|
||||
-/
|
||||
def loop (g : GGraph (Option β)) : GGraph (Option β) where
|
||||
size := 2 + g.size
|
||||
nodes := Fin.append (fun _ : Fin 2 => none) g.nodes
|
||||
edges := g.edges.finNatAddProd 2 ++
|
||||
((g.loopIn, ·) <$> g.inputs.finNatAdd 2) ++
|
||||
((·, g.loopOut) <$> g.outputs.finNatAdd 2) ++
|
||||
[(g.loopOut, g.loopIn), (g.loopIn, g.loopOut)]
|
||||
inputs := [g.loopIn]
|
||||
outputs := [g.loopOut]
|
||||
|
||||
@[simp] lemma loop_inputs (g : GGraph (Option β)) : (loop g).inputs = [g.loopIn] := rfl
|
||||
|
||||
@[simp] lemma loop_outputs (g : GGraph (Option β)) : (loop g).outputs = [g.loopOut] := rfl
|
||||
|
||||
/-- Creates a single-node graph whose node contains the given value. -/
|
||||
def singleton (a : α) : GGraph α where
|
||||
size := 1
|
||||
nodes := fun _ => a
|
||||
edges := []
|
||||
inputs := [0]
|
||||
outputs := [0]
|
||||
|
||||
/-- Creates a new graph with a single input and single output node. Useful to ensure there's
|
||||
a single point of entry and single point of exit. -/
|
||||
def wrap (g : GGraph (Option β)) : GGraph (Option β) :=
|
||||
singleton none ⤳ g ⤳ singleton none
|
||||
|
||||
/-- The input / entry node generated by `GGraph.wrap`. -/
|
||||
def wrapInput (g : GGraph (Option β)) : (wrap g).Index :=
|
||||
(0 : Fin 1).castAdd ((g ⤳ singleton none).size)
|
||||
|
||||
/-- The output / exit node generated by `GGraph.wrap`. -/
|
||||
def wrapOutput (g : GGraph (Option β)) : (wrap g).Index :=
|
||||
Fin.natAdd 1 ((Fin.natAdd g.size (0 : Fin 1)))
|
||||
|
||||
/-- The `wrapInput` is, indeed, the graph's only input after `wrap`. -/
|
||||
lemma wrap_inputs (g : GGraph (Option β)) :
|
||||
(wrap g).inputs = [g.wrapInput] := rfl
|
||||
|
||||
/-- The `wrapInput` is, indeed, the graph's only output after `wrap`. -/
|
||||
lemma wrap_outputs (g : GGraph (Option β)) :
|
||||
(wrap g).outputs = [g.wrapOutput] := rfl
|
||||
|
||||
@[simp] lemma map_singleton (f : α → β) (a : α) :
|
||||
f <$> singleton a = singleton (f a) := rfl
|
||||
|
||||
@[simp] lemma map_overlay (f : α → β) (g₁ g₂ : GGraph α) :
|
||||
f<$> (g₁ ∙ g₂) = f <$> g₁ ∙ f <$> g₂ := by
|
||||
rcases g₁ with ⟨n₁, nd₁, e₁, i₁, o₁⟩; rcases g₂ with ⟨n₂, nd₂, e₂, i₂, o₂⟩
|
||||
simp only [Functor.map, GGraph.overlay]
|
||||
congr 1
|
||||
funext i
|
||||
refine Fin.addCases ?_ ?_ i <;> intro j <;> simp [Fin.append_left, Fin.append_right]
|
||||
|
||||
@[simp] lemma map_sequence (f : α → β) (g₁ g₂ : GGraph α) :
|
||||
f <$> (g₁ ⤳ g₂) = (f <$> g₁) ⤳ (f <$> g₂) := by
|
||||
rcases g₁ with ⟨n₁, nd₁, e₁, i₁, o₁⟩; rcases g₂ with ⟨n₂, nd₂, e₂, i₂, o₂⟩
|
||||
simp only [Functor.map, GGraph.sequence]
|
||||
congr 1
|
||||
funext i
|
||||
refine Fin.addCases ?_ ?_ i <;> intro j <;> simp [Fin.append_left, Fin.append_right]
|
||||
|
||||
@[simp] lemma map_loop (h : β → γ) (g : GGraph (Option β)) :
|
||||
(Option.map h) <$> (loop g) = loop (Option.map h <$> g) := by
|
||||
rcases g with ⟨n, nd, e, i, o⟩
|
||||
simp only [Functor.map, GGraph.loop]
|
||||
congr 1
|
||||
funext i
|
||||
refine Fin.addCases ?_ ?_ i <;> intro j <;> simp [Fin.append_left, Fin.append_right]
|
||||
|
||||
@[simp] lemma map_wrap (h : β → γ) (g : GGraph (Option β)) :
|
||||
(Option.map h) <$> wrap g = wrap (Option.map h <$> g) := by
|
||||
simp [GGraph.wrap, GGraph.map_sequence, GGraph.map_singleton]
|
||||
|
||||
/-! ### Embeddings
|
||||
|
||||
Each composition operator includes its operands into the result via an index
|
||||
translation that preserves node payloads and edges. `Embed` captures exactly
|
||||
those two facts, so anything defined from `nodes` and `edges` (traces, node
|
||||
labels, …) can be transported along an embedding once, instead of once per
|
||||
operator.
|
||||
|
||||
`Embed` is deliberately a structure rather than a class: for `g ⤳ g`, both the
|
||||
left and the right inclusion inhabit the same type `Embed g (g ⤳ g)`, so
|
||||
instance resolution could silently pick the wrong copy. Embeddings into a
|
||||
composed graph are non-canonical by design; a named witness says which
|
||||
inclusion is meant. -/
|
||||
|
||||
/-- An embedding of graph `g` into graph `h`: an index translation that
|
||||
preserves node payloads and edges. -/
|
||||
structure Embed (g h : GGraph α) where
|
||||
f : g.Index → h.Index
|
||||
nodes_eq : ∀ i, h.nodes (f i) = g.nodes i
|
||||
edges_mem : ∀ {e : g.Edge}, e ∈ g.edges → (f e.1, f e.2) ∈ h.edges
|
||||
|
||||
/-- Embeddings compose. -/
|
||||
def Embed.trans {g₁ g₂ g₃ : GGraph α} (e₁ : Embed g₁ g₂) (e₂ : Embed g₂ g₃) :
|
||||
Embed g₁ g₃ where
|
||||
f := e₂.f ∘ e₁.f
|
||||
nodes_eq i := (e₂.nodes_eq (e₁.f i)).trans (e₁.nodes_eq i)
|
||||
edges_mem he := e₂.edges_mem (e₁.edges_mem he)
|
||||
|
||||
/-- The left operand's inclusion into a sequenced graph. -/
|
||||
def Embed.sequenceLeft (g₁ g₂ : GGraph α) : Embed g₁ (g₁ ⤳ g₂) where
|
||||
f i := i.castAdd g₂.size
|
||||
nodes_eq i := Fin.append_left g₁.nodes g₂.nodes i
|
||||
edges_mem he := List.mem_append_left _ (List.mem_append_left _ (List.mem_map_of_mem _ he))
|
||||
|
||||
/-- The right operand's inclusion into a sequenced graph. -/
|
||||
def Embed.sequenceRight (g₁ g₂ : GGraph α) : Embed g₂ (g₁ ⤳ g₂) where
|
||||
f i := i.natAdd g₁.size
|
||||
nodes_eq i := Fin.append_right g₁.nodes g₂.nodes i
|
||||
edges_mem he := List.mem_append_left _ (List.mem_append_right _ (List.mem_map_of_mem _ he))
|
||||
|
||||
/-- The left operand's inclusion into an overlaid graph. -/
|
||||
def Embed.overlayLeft (g₁ g₂ : GGraph α) : Embed g₁ (g₁ ∙ g₂) where
|
||||
f i := i.castAdd g₂.size
|
||||
nodes_eq i := Fin.append_left g₁.nodes g₂.nodes i
|
||||
edges_mem he := List.mem_append_left _ (List.mem_map_of_mem _ he)
|
||||
|
||||
/-- The right operand's inclusion into an overlaid graph. -/
|
||||
def Embed.overlayRight (g₁ g₂ : GGraph α) : Embed g₂ (g₁ ∙ g₂) where
|
||||
f i := i.natAdd g₁.size
|
||||
nodes_eq i := Fin.append_right g₁.nodes g₂.nodes i
|
||||
edges_mem he := List.mem_append_right _ (List.mem_map_of_mem _ he)
|
||||
|
||||
/-- The body's inclusion into a `loop` graph. -/
|
||||
def Embed.loop (g : GGraph (Option β)) : Embed g (loop g) where
|
||||
f i := i.natAdd 2
|
||||
nodes_eq i := Fin.append_right (fun _ : Fin 2 => none) g.nodes i
|
||||
edges_mem he := List.mem_append_left _ (List.mem_append_left _
|
||||
(List.mem_append_left _ (List.mem_map_of_mem _ he)))
|
||||
|
||||
variable (g : GGraph α)
|
||||
|
||||
/-- All the nodes in the graph. -/
|
||||
def indices : List g.Index := List.finRange g.size
|
||||
|
||||
/-- All of the graph's indices are listed in `indices`. -/
|
||||
lemma mem_indices (idx : g.Index) : idx ∈ g.indices :=
|
||||
List.mem_finRange idx
|
||||
|
||||
/-- `indices` does not have duplicates. -/
|
||||
lemma nodup_indices : g.indices.Nodup :=
|
||||
List.nodup_finRange g.size
|
||||
|
||||
/-- Predecessors of a particular node in the graph. --/
|
||||
def predecessors (idx : g.Index) : List g.Index :=
|
||||
g.indices.filter (fun idx' => (idx', idx) ∈ g.edges)
|
||||
|
||||
/-- When sequencing (proven here with `Graph.singleton` on the left), no edges
|
||||
exist from the right-hand graph back to the left. -/
|
||||
private lemma not_mem_edges_castAdd_sequence {g₂ : GGraph (Option β)} (i : Fin 1)
|
||||
(idx : (singleton none ⤳ g₂).Index) :
|
||||
((idx, i.castAdd g₂.size) : (singleton none ⤳ g₂).Edge)
|
||||
∉ (singleton none ⤳ g₂).edges := by
|
||||
intro h
|
||||
rcases List.mem_append.mp h with h' | h'
|
||||
· rcases List.mem_append.mp h' with h'' | h''
|
||||
· -- lifted edges of `singleton []`: there are none
|
||||
simp [singleton, List.finCastAddProd] at h''
|
||||
· -- lifted edges of g₂: targets are natAdd
|
||||
obtain ⟨e, _, heq⟩ := List.mem_map.mp h''
|
||||
exact Fin.castAdd_ne_natAdd i e.2 (congrArg Prod.snd heq).symm
|
||||
· -- product edges: targets are natAdd'd inputs of g₂
|
||||
obtain ⟨-, hb⟩ := List.mem_product.mp h'
|
||||
obtain ⟨j, -, heq⟩ := List.mem_map.mp hb
|
||||
exact Fin.castAdd_ne_natAdd i j heq.symm
|
||||
|
||||
/-- The input node of a graph after `Graph.wrap` has no predecessors. -/
|
||||
lemma wrap_predecessors_eq_nil (g : GGraph (Option β)) (idx : (wrap g).Index)
|
||||
(h : idx ∈ (wrap g).inputs) :
|
||||
(wrap g).predecessors idx = [] := by
|
||||
rw [wrap_inputs, List.mem_singleton] at h
|
||||
subst h
|
||||
rw [GGraph.predecessors, List.filter_eq_nil_iff]
|
||||
intro idx' _
|
||||
simpa using not_mem_edges_castAdd_sequence (g₂ := g ⤳ singleton none) 0 idx'
|
||||
|
||||
/-- There's there's an edge between two nodes `idx₁` and `idx₂`,
|
||||
then `idx₁` is the predecessor of `idx₂`. -/
|
||||
lemma mem_predecessors_of_edge {idx₁ idx₂ : g.Index}
|
||||
(h : (idx₁, idx₂) ∈ g.edges) : idx₁ ∈ g.predecessors idx₂ :=
|
||||
List.mem_filter.mpr ⟨g.mem_indices idx₁, by simpa using h⟩
|
||||
|
||||
/-- A node is a predecessor of another node only if there's an
|
||||
edge between them. -/
|
||||
lemma edge_of_mem_predecessors {idx₁ idx₂ : g.Index}
|
||||
(h : idx₁ ∈ g.predecessors idx₂) : (idx₁, idx₂) ∈ g.edges := by
|
||||
simpa using (List.mem_filter.mp h).2
|
||||
|
||||
end GGraph
|
||||
|
||||
/-- "Normal" graphs, for the purposes of the analyses in this
|
||||
framework, have basic statements in their nodes, and nothing else. -/
|
||||
abbrev Graph : Type := GGraph (Option BasicStmt)
|
||||
|
||||
namespace Graph
|
||||
|
||||
export GGraph (overlay sequence loop singleton wrap loop_inputs loop_outputs wrapInput wrapOutput wrap_inputs wrap_outputs)
|
||||
|
||||
@[inherit_doc] scoped infixr:70 " ∙ " => GGraph.overlay
|
||||
@[inherit_doc] scoped infixr:70 " ⤳ " => GGraph.sequence
|
||||
|
||||
end Graph
|
||||
|
||||
open Graph in
|
||||
def Stmt.cfg : Stmt → Graph
|
||||
-- A basic statement goes into a single basic block
|
||||
| .basic bs => singleton (some bs)
|
||||
-- Sequencing of statements corresponds naturally to CFG sequencing
|
||||
| .andThen s₁ s₂ => s₁.cfg ⤳ s₂.cfg
|
||||
-- An if can execute either one branch or the other; overlap them.
|
||||
-- Subsequent sequencing (etc.) will end up creating the forks and joins.
|
||||
| .ifElse _ s₁ s₂ => s₁.cfg ∙ s₂.cfg
|
||||
-- The `loop` construct was developed specifically for zero-or-more loops like this.
|
||||
| .whileLoop _ s => loop s.cfg
|
||||
|
||||
end Spa
|
||||
60
lean/Spa/Language/Notation.lean
Normal file
60
lean/Spa/Language/Notation.lean
Normal file
@@ -0,0 +1,60 @@
|
||||
import Spa.Language.Base
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-!
|
||||
Scoped quotation syntax for writing object-language programs.
|
||||
|
||||
`[obj_expr| … ]` builds an `Expr`, `[obj_stmt| … ]` builds a `Stmt`.
|
||||
|
||||
Example:
|
||||
```
|
||||
[obj_stmt|
|
||||
zero := 0;
|
||||
pos := zero + 1;
|
||||
if pos { x := 1 } else { noop };
|
||||
while x { x := x - 1 }
|
||||
]
|
||||
```
|
||||
-/
|
||||
|
||||
/-- Expressions of the object language. -/
|
||||
declare_syntax_cat obj_expr
|
||||
|
||||
syntax num : obj_expr
|
||||
syntax ident : obj_expr
|
||||
syntax:65 obj_expr:65 " + " obj_expr:66 : obj_expr
|
||||
syntax:65 obj_expr:65 " - " obj_expr:66 : obj_expr
|
||||
syntax "(" obj_expr ")" : obj_expr
|
||||
|
||||
/-- Statements of the object language. -/
|
||||
declare_syntax_cat obj_stmt
|
||||
|
||||
syntax "noop" : obj_stmt
|
||||
syntax ident " := " obj_expr : obj_stmt
|
||||
syntax "if " obj_expr " { " obj_stmt " } " "else" " { " obj_stmt " } " : obj_stmt
|
||||
syntax "while " obj_expr " { " obj_stmt " } " : obj_stmt
|
||||
syntax:50 obj_stmt:51 "; " obj_stmt:50 : obj_stmt
|
||||
syntax "(" obj_stmt ")" : obj_stmt
|
||||
|
||||
scoped syntax "[obj_expr| " obj_expr " ]" : term
|
||||
scoped syntax "[obj_stmt| " obj_stmt " ]" : term
|
||||
|
||||
scoped macro_rules
|
||||
| `([obj_expr| $n:num]) => `(Expr.num $n)
|
||||
| `([obj_expr| $x:ident]) => `(Expr.var $(Lean.quote x.getId.toString))
|
||||
| `([obj_expr| $a + $b]) => `(Expr.add [obj_expr| $a] [obj_expr| $b])
|
||||
| `([obj_expr| $a - $b]) => `(Expr.sub [obj_expr| $a] [obj_expr| $b])
|
||||
| `([obj_expr| ($e:obj_expr)]) => `([obj_expr| $e])
|
||||
|
||||
scoped macro_rules
|
||||
| `([obj_stmt| noop]) => `(Stmt.basic .noop)
|
||||
| `([obj_stmt| $x:ident := $e]) =>
|
||||
`(Stmt.basic (.assign $(Lean.quote x.getId.toString) [obj_expr| $e]))
|
||||
| `([obj_stmt| $s₁ ; $s₂]) => `(Stmt.andThen [obj_stmt| $s₁] [obj_stmt| $s₂])
|
||||
| `([obj_stmt| if $e { $s₁ } else { $s₂ }]) =>
|
||||
`(Stmt.ifElse [obj_expr| $e] [obj_stmt| $s₁] [obj_stmt| $s₂])
|
||||
| `([obj_stmt| while $e { $s }]) => `(Stmt.whileLoop [obj_expr| $e] [obj_stmt| $s])
|
||||
| `([obj_stmt| ($s:obj_stmt)]) => `([obj_stmt| $s])
|
||||
|
||||
end Spa
|
||||
77
lean/Spa/Language/Program.lean
Normal file
77
lean/Spa/Language/Program.lean
Normal file
@@ -0,0 +1,77 @@
|
||||
import Spa.Language.Base
|
||||
import Spa.Language.Semantics
|
||||
import Spa.Language.Graphs
|
||||
import Mathlib.Data.Finset.Sort
|
||||
import Mathlib.Data.String.Basic
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- A self-contained program to be evaluated, analyzed, and transformed. -/
|
||||
structure Program where
|
||||
/-- The statement at the top level of the program. Since `Spa.Stmt` contains
|
||||
sequencing via `Spa.Stmt.andThen`, this can encode any number of
|
||||
statements. -/
|
||||
rootStmt : Stmt
|
||||
/-- A memoized copy of the control-flow graph. This field is an
|
||||
implementation detail to avoid re-computing `Spa.GGraph.wrap` and `Spa.Stmt.cfg`
|
||||
every time the program's control flow graph is needed -/
|
||||
cfgCache : Thunk Graph := Thunk.mk fun _ => Graph.wrap rootStmt.cfg
|
||||
|
||||
namespace Program
|
||||
|
||||
variable (p : Program)
|
||||
|
||||
-- Runtime implementation of `cfg`: read the memoized graph.
|
||||
private def cfgImpl : Graph := p.cfgCache.get
|
||||
|
||||
/-- The control flow graph corresponding to this graph. -/
|
||||
@[implemented_by cfgImpl]
|
||||
def cfg : Graph := Graph.wrap p.rootStmt.cfg
|
||||
|
||||
/-- A state in the control flow `Spa.Graph` of this program. -/
|
||||
abbrev State : Type := p.cfg.Index
|
||||
|
||||
/-- Variables mentioned or defined in this program. -/
|
||||
def vars : List String := p.rootStmt.vars.sort (· ≤ ·)
|
||||
|
||||
/-- `vars` has no duplicates. -/
|
||||
lemma vars_nodup : p.vars.Nodup := Finset.sort_nodup _ _
|
||||
|
||||
/-- All the states in the program's control flow `Spa.Graph`. -/
|
||||
def states : List p.State := p.cfg.indices
|
||||
|
||||
/-- All states in the CFG are contained in `states`. -/
|
||||
lemma states_complete (s : p.State) : s ∈ p.states := p.cfg.mem_indices s
|
||||
|
||||
/-- `states` has no duplicates. -/
|
||||
lemma states_nodup : p.states.Nodup := p.cfg.nodup_indices
|
||||
|
||||
/-- Given a node of the program's CFG, return the code at that node.
|
||||
At this time, for convenience of proofs, the CFGs have at most
|
||||
one basic statement, and multi-statement basic blocks are encoded
|
||||
as chains of blocks. Thus, this returns at most one `Spa.BasicStmt`. -/
|
||||
@[reducible]
|
||||
def code (st : p.State) : Option BasicStmt := p.cfg.nodes st
|
||||
|
||||
/-- Get the predecessors of a particular CFG node / program state. -/
|
||||
def incoming (s : p.State) : List p.State := p.cfg.predecessors s
|
||||
|
||||
/-- The entry point of the program's CFG. -/
|
||||
def initialState : p.State := Graph.wrapInput p.rootStmt.cfg
|
||||
|
||||
/-- The exit point of the program's CFG. -/
|
||||
def finalState : p.State := Graph.wrapOutput p.rootStmt.cfg
|
||||
|
||||
/-- `incoming` is a faithful representation of edges in the CFG. -/
|
||||
lemma mem_incoming_of_edge {s₁ s₂ : p.State}
|
||||
(h : (s₁, s₂) ∈ p.cfg.edges) : s₁ ∈ p.incoming s₂ :=
|
||||
p.cfg.mem_predecessors_of_edge h
|
||||
|
||||
/-- The `initialState` has no incoming edges (it's the program start). -/
|
||||
lemma incoming_initialState_eq_nil : p.incoming p.initialState = [] :=
|
||||
GGraph.wrap_predecessors_eq_nil p.rootStmt.cfg p.initialState
|
||||
(by rw [Graph.wrap_inputs]; exact List.mem_singleton_self _)
|
||||
|
||||
end Program
|
||||
|
||||
end Spa
|
||||
226
lean/Spa/Language/Properties.lean
Normal file
226
lean/Spa/Language/Properties.lean
Normal file
@@ -0,0 +1,226 @@
|
||||
import Spa.Language.Traces
|
||||
|
||||
/-!
|
||||
|
||||
# Properties of the Object Language, CFGs, and Traces
|
||||
|
||||
This module encodes some properties of the language, mostly those having to do
|
||||
with connecting the computational view (the `Spa.Graph`s, on which static
|
||||
analyses are executed) to the semantic view (such as `EvalStmt`, which
|
||||
encodes the expected formal behavior of the language). In particular,
|
||||
to prove that our computationally-implemented static analyses are correct,
|
||||
we need to show that our computational model of their execution (the CFG)
|
||||
matches the formal description. Thus, the key result `cfg_sufficient`.
|
||||
|
||||
Many lemmas and definitions here aim are used to prove that result,
|
||||
by allowing inductive proofs on the construction of the CFG:
|
||||
the bits where we _build up_ the trace corresponding to each
|
||||
proof tree are exactly those when we have two graphs (through
|
||||
which traces exist) and we want to combine these graphs, while
|
||||
showing also that a combined trace exists as well. -/
|
||||
|
||||
namespace Spa
|
||||
|
||||
open Graph
|
||||
|
||||
section Embeddings
|
||||
|
||||
variable {g₁ g₂ : Graph} {ρ₁ ρ₂ : Env}
|
||||
|
||||
/-- Transport a trace along a graph embedding: an embedding preserves node
|
||||
payloads and edges, which is everything a trace is made of. This is the
|
||||
single induction behind all the per-operator lifting corollaries below. -/
|
||||
noncomputable def Trace.embed {g h : Graph} (e : GGraph.Embed g h)
|
||||
{idx₁ idx₂ : g.Index} (tr : Trace g idx₁ idx₂ ρ₁ ρ₂) :
|
||||
Trace h (e.f idx₁) (e.f idx₂) ρ₁ ρ₂ := by
|
||||
induction tr with
|
||||
| single hbs => exact Trace.single (by rwa [e.nodes_eq])
|
||||
| edge hbs he _ ih => exact Trace.edge (by rwa [e.nodes_eq]) (e.edges_mem he) ih
|
||||
|
||||
/-- When two graphs are overlaid, for each trace in the left graph,
|
||||
a corresponding trace exists in the combined graph. -/
|
||||
noncomputable def Trace.overlay_left {idx₁ idx₂ : g₁.Index}
|
||||
(tr : Trace g₁ idx₁ idx₂ ρ₁ ρ₂) :
|
||||
Trace (g₁ ∙ g₂) (idx₁.castAdd g₂.size) (idx₂.castAdd g₂.size) ρ₁ ρ₂ :=
|
||||
tr.embed (GGraph.Embed.overlayLeft g₁ g₂)
|
||||
|
||||
/-- When two graphs are overlaid, for each trace in the right graph,
|
||||
a corresponding trace exists in the combined graph. -/
|
||||
noncomputable def Trace.overlay_right {idx₁ idx₂ : g₂.Index}
|
||||
(tr : Trace g₂ idx₁ idx₂ ρ₁ ρ₂) :
|
||||
Trace (g₁ ∙ g₂) (idx₁.natAdd g₁.size) (idx₂.natAdd g₁.size) ρ₁ ρ₂ :=
|
||||
tr.embed (GGraph.Embed.overlayRight g₁ g₂)
|
||||
|
||||
/-- When two graphs are sequenced, for each trace in the first graph,
|
||||
a corresponding trace exists in the combined graph. -/
|
||||
noncomputable def Trace.sequence_left {idx₁ idx₂ : g₁.Index}
|
||||
(tr : Trace g₁ idx₁ idx₂ ρ₁ ρ₂) :
|
||||
Trace (g₁ ⤳ g₂) (idx₁.castAdd g₂.size) (idx₂.castAdd g₂.size) ρ₁ ρ₂ :=
|
||||
tr.embed (GGraph.Embed.sequenceLeft g₁ g₂)
|
||||
|
||||
/-- When two graphs are sequenced, for each trace in the second graph,
|
||||
a corresponding trace exists in the combined graph. -/
|
||||
noncomputable def Trace.sequence_right {idx₁ idx₂ : g₂.Index}
|
||||
(tr : Trace g₂ idx₁ idx₂ ρ₁ ρ₂) :
|
||||
Trace (g₁ ⤳ g₂) (idx₁.natAdd g₁.size) (idx₂.natAdd g₁.size) ρ₁ ρ₂ :=
|
||||
tr.embed (GGraph.Embed.sequenceRight g₁ g₂)
|
||||
|
||||
/-- Equivalent of `Trace.overlay_left` for end-to-end traces. -/
|
||||
noncomputable def EndToEndTrace.overlay_left (etr : EndToEndTrace g₁ ρ₁ ρ₂) :
|
||||
EndToEndTrace (g₁ ∙ g₂) ρ₁ ρ₂ := by
|
||||
obtain ⟨i₁, h₁, i₂, h₂, tr⟩ := etr
|
||||
exact ⟨i₁.castAdd g₂.size, List.mem_append_left _ (List.mem_map_of_mem _ h₁),
|
||||
i₂.castAdd g₂.size, List.mem_append_left _ (List.mem_map_of_mem _ h₂),
|
||||
tr.overlay_left⟩
|
||||
|
||||
/-- Equivalent of `Trace.overlay_right` for end-to-end traces. -/
|
||||
noncomputable def EndToEndTrace.overlay_right (etr : EndToEndTrace g₂ ρ₁ ρ₂) :
|
||||
EndToEndTrace (g₁ ∙ g₂) ρ₁ ρ₂ := by
|
||||
obtain ⟨i₁, h₁, i₂, h₂, tr⟩ := etr
|
||||
exact ⟨i₁.natAdd g₁.size, List.mem_append_right _ (List.mem_map_of_mem _ h₁),
|
||||
i₂.natAdd g₁.size, List.mem_append_right _ (List.mem_map_of_mem _ h₂),
|
||||
tr.overlay_right⟩
|
||||
|
||||
/-- When two graphs are sequenced, two end-to-end traces through the respective
|
||||
graphs can be sequenced to create an end-to-end trace in the combined
|
||||
graph. This is only possible for end-to-end traces and not for general
|
||||
`Trace`s, because sequencing only introduces edges from the output nodes
|
||||
of one graph to the input nodes of another graph. A non-end-to-end trace
|
||||
need to conclude at the output node, so it cannot necessarily be sequenced
|
||||
with a trace in another graph. -/
|
||||
noncomputable def EndToEndTrace.concat {ρ₃ : Env} (etr₁ : EndToEndTrace g₁ ρ₁ ρ₂)
|
||||
(etr₂ : EndToEndTrace g₂ ρ₂ ρ₃) : EndToEndTrace (g₁ ⤳ g₂) ρ₁ ρ₃ := by
|
||||
obtain ⟨i₁, h₁, i₂, h₂, tr₁⟩ := etr₁
|
||||
obtain ⟨j₁, k₁, j₂, k₂, tr₂⟩ := etr₂
|
||||
refine ⟨i₁.castAdd g₂.size, List.mem_map_of_mem _ h₁,
|
||||
j₂.natAdd g₁.size, List.mem_map_of_mem _ k₂,
|
||||
tr₁.sequence_left ++< ?_ >++ tr₂.sequence_right⟩
|
||||
exact List.mem_append_right _
|
||||
(List.mem_product.mpr ⟨List.mem_map_of_mem _ h₂, List.mem_map_of_mem _ k₁⟩)
|
||||
|
||||
end Embeddings
|
||||
|
||||
section Loop
|
||||
|
||||
variable {g : Graph} {ρ₁ ρ₂ ρ₃ : Env}
|
||||
|
||||
/-- A trace through a body CFG still exists (up to reindexing) in a zero-or-more loop CFG. -/
|
||||
noncomputable def Trace.loop {idx₁ idx₂ : g.Index} (tr : Trace g idx₁ idx₂ ρ₁ ρ₂) :
|
||||
Trace (Graph.loop g) (idx₁.natAdd 2) (idx₂.natAdd 2) ρ₁ ρ₂ :=
|
||||
tr.embed (GGraph.Embed.loop g)
|
||||
|
||||
/-- The beginning node of a loop graph is empty. -/
|
||||
private lemma loop_nodes_at_in :
|
||||
(Graph.loop g).nodes g.loopIn = none :=
|
||||
Fin.append_left (fun _ : Fin 2 => none) g.nodes 0
|
||||
|
||||
/-- The ending node of a loop graph is empty. -/
|
||||
private lemma loop_nodes_at_out :
|
||||
(Graph.loop g).nodes g.loopOut = none :=
|
||||
Fin.append_left (fun _ : Fin 2 => none) g.nodes 1
|
||||
|
||||
/-- Equivlaent of `Trace.loop` for end-to-end traces. -/
|
||||
noncomputable def EndToEndTrace.loop (etr : EndToEndTrace g ρ₁ ρ₂) :
|
||||
EndToEndTrace (Graph.loop g) ρ₁ ρ₂ := by
|
||||
obtain ⟨i₁, h₁, i₂, h₂, tr⟩ := etr
|
||||
-- the edge in → (2 ↑ʳ i₁), reached through the second edge group
|
||||
have hin : (g.loopIn, i₁.natAdd 2) ∈ (Graph.loop g).edges := by
|
||||
refine List.mem_append_left _ (List.mem_append_left _ (List.mem_append_right _ ?_))
|
||||
exact List.mem_map_of_mem _ (List.mem_map_of_mem _ h₁)
|
||||
-- the edge (2 ↑ʳ i₂) → out, reached through the third edge group
|
||||
have hout : (i₂.natAdd 2, g.loopOut) ∈ (Graph.loop g).edges := by
|
||||
refine List.mem_append_left _ (List.mem_append_right _ ?_)
|
||||
exact List.mem_map_of_mem _ (List.mem_map_of_mem _ h₂)
|
||||
refine ⟨g.loopIn, List.mem_singleton_self _, g.loopOut, List.mem_singleton_self _, ?_⟩
|
||||
exact Trace.single (loop_nodes_at_in ▸ EvalBasicStmtOpt.none) ++< hin >++
|
||||
tr.loop ++< hout >++ Trace.single (loop_nodes_at_out ▸ EvalBasicStmtOpt.none)
|
||||
|
||||
/-- The zero-or-more times loop has an edge to return back to the top, to continue after an iteration. -/
|
||||
private lemma loop_edge_out_in :
|
||||
((g.loopOut, g.loopIn) : (Graph.loop g).Edge) ∈ (Graph.loop g).edges := by
|
||||
refine List.mem_append_right _ ?_
|
||||
exact List.mem_cons_self _ _
|
||||
|
||||
/-- Two traces through a loop can be combined, since a loop can be executed any number of times. -/
|
||||
noncomputable def EndToEndTrace.loop_concat (etr₁ : EndToEndTrace (Graph.loop g) ρ₁ ρ₂)
|
||||
(etr₂ : EndToEndTrace (Graph.loop g) ρ₂ ρ₃) :
|
||||
EndToEndTrace (Graph.loop g) ρ₁ ρ₃ := by
|
||||
obtain ⟨i₁, h₁, i₂, h₂, tr₁⟩ := etr₁
|
||||
obtain ⟨j₁, k₁, j₂, k₂, tr₂⟩ := etr₂
|
||||
simp only [Graph.loop_inputs, Graph.loop_outputs, List.mem_singleton] at h₁ h₂ k₁ k₂
|
||||
subst h₁; subst h₂; subst k₁; subst k₂
|
||||
exact ⟨g.loopIn, List.mem_singleton_self _, g.loopOut, List.mem_singleton_self _,
|
||||
tr₁ ++< loop_edge_out_in >++ tr₂⟩
|
||||
|
||||
/-- A loop can be executed zero times. -/
|
||||
noncomputable def EndToEndTrace.loop_empty {ρ : Env} : EndToEndTrace (Graph.loop g) ρ ρ := by
|
||||
have hedge : ((g.loopIn, g.loopOut) : (Graph.loop g).Edge) ∈ (Graph.loop g).edges :=
|
||||
List.mem_append_right _ (List.mem_cons_of_mem _ (List.mem_cons_self _ _))
|
||||
exact ⟨g.loopIn, List.mem_singleton_self _, g.loopOut, List.mem_singleton_self _,
|
||||
Trace.single (loop_nodes_at_in ▸ EvalBasicStmtOpt.none) ++< hedge >++
|
||||
Trace.single (loop_nodes_at_out ▸ EvalBasicStmtOpt.none)⟩
|
||||
|
||||
end Loop
|
||||
|
||||
/-- A CFG consisting of only a single node has a trace through it corresponding to that node. -/
|
||||
noncomputable def EndToEndTrace.singleton {o : Option BasicStmt} {ρ₁ ρ₂ : Env}
|
||||
(h : EvalBasicStmtOpt ρ₁ o ρ₂) : EndToEndTrace (Graph.singleton o) ρ₁ ρ₂ :=
|
||||
⟨(0 : Fin 1), List.mem_singleton_self _, (0 : Fin 1), List.mem_singleton_self _,
|
||||
Trace.single h⟩
|
||||
|
||||
/-- If a CFG's only node is empty, the no-op trace exists through it. -/
|
||||
noncomputable def EndToEndTrace.singleton_nil (ρ : Env) :
|
||||
EndToEndTrace (Graph.singleton none) ρ ρ :=
|
||||
EndToEndTrace.singleton EvalBasicStmtOpt.none
|
||||
|
||||
/-- Invoking 'Graph.wrap` (which ensures a single entry and exit node for a CFG)
|
||||
does not invalidate traces in the original graph. -/
|
||||
noncomputable def EndToEndTrace.wrap {g : Graph} {ρ₁ ρ₂ : Env}
|
||||
(etr : EndToEndTrace g ρ₁ ρ₂) : EndToEndTrace (Graph.wrap g) ρ₁ ρ₂ :=
|
||||
(EndToEndTrace.singleton_nil ρ₁).concat (etr.concat (EndToEndTrace.singleton_nil ρ₂))
|
||||
|
||||
/-- Key result: the control flow graph admits every execution that's made
|
||||
possible by a language's semantics. Thus, the CFG encodes _at least_ all
|
||||
semantically-possible executions. Informally, we can conclude from this
|
||||
that if we compute a result that using the graph's edges to determine
|
||||
what's possible, this result will not disagree with the semantics.
|
||||
|
||||
Note that a CFG like $K_4$ (where the nodes are basic blocks) is
|
||||
technically also a sufficient graph, but is very likely meaningless in that
|
||||
it grossly overestimates the possible execution paths in the language, and
|
||||
thus is bound to produce less-than-specific results. There is as yet no
|
||||
result in this framework that the CFG we produce is _minimal_: loosely,
|
||||
posessing only edges for things that are admitted by the semantics.
|
||||
This is difficult to state (in its strongest form, this would
|
||||
require the CFG to be able to detect something like `while (alwaysFalse)`,
|
||||
and so remains a TODO. -/
|
||||
noncomputable def Stmt.cfg_sufficient {s : Stmt} {ρ₁ ρ₂ : Env}
|
||||
(h : EvalStmt ρ₁ s ρ₂) : EndToEndTrace s.cfg ρ₁ ρ₂ := by
|
||||
induction h with
|
||||
| basic ρ₁ ρ₂ bs hbs =>
|
||||
exact EndToEndTrace.singleton (EvalBasicStmtOpt.some hbs)
|
||||
| andThen ρ₁ ρ₂ ρ₃ s₁ s₂ _ _ ih₁ ih₂ =>
|
||||
exact ih₁.concat ih₂
|
||||
| ifTrue ρ₁ ρ₂ e z s₁ s₂ _ _ _ ih =>
|
||||
exact ih.overlay_left
|
||||
| ifFalse ρ₁ ρ₂ e s₁ s₂ _ _ ih =>
|
||||
exact ih.overlay_right
|
||||
| whileTrue ρ₁ ρ₂ ρ₃ e z s _ _ _ _ ih₁ ih₂ =>
|
||||
exact (ih₁.loop).loop_concat ih₂
|
||||
| whileFalse ρ e s _ =>
|
||||
exact EndToEndTrace.loop_empty
|
||||
|
||||
namespace Program
|
||||
|
||||
noncomputable def trace (p : Program) {ρ : Env} (h : EvalStmt [] p.rootStmt ρ) :
|
||||
Trace p.cfg p.initialState p.finalState [] ρ := by
|
||||
obtain ⟨i₁, h₁, i₂, h₂, tr⟩ := EndToEndTrace.wrap (Stmt.cfg_sufficient h)
|
||||
rw [Graph.wrap_inputs, List.mem_singleton] at h₁
|
||||
rw [Graph.wrap_outputs, List.mem_singleton] at h₂
|
||||
subst h₁; subst h₂
|
||||
exact tr
|
||||
|
||||
end Program
|
||||
|
||||
|
||||
end Spa
|
||||
99
lean/Spa/Language/Semantics.lean
Normal file
99
lean/Spa/Language/Semantics.lean
Normal file
@@ -0,0 +1,99 @@
|
||||
import Spa.Language.Base
|
||||
import Spa.Lattice
|
||||
import Spa.Interp
|
||||
|
||||
/-!
|
||||
|
||||
# Operational Semantics
|
||||
|
||||
This file contains the operational semantics for the object language defined in
|
||||
`Spa.Language.Base`. Right now, all values in the language are integers.
|
||||
The semantics are big-step, and lead to a fully constructed proof tree
|
||||
containing the derivation connecting the initial and final states.
|
||||
All pretty standard.
|
||||
|
||||
-/
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- A value in the object language. Currently, the only possible case is
|
||||
an integer. -/
|
||||
inductive Value where
|
||||
| int (z : ℤ)
|
||||
deriving DecidableEq
|
||||
|
||||
/-- An environment mapping variables to their values. -/
|
||||
def Env : Type := List (String × Value)
|
||||
|
||||
inductive Env.Mem : String × Value → Env → Prop
|
||||
| here (s : String) (v : Value) (ρ : Env) : Env.Mem (s, v) ((s, v) :: ρ)
|
||||
| there (s s' : String) (v v' : Value) (ρ : Env) :
|
||||
¬(s = s') → Env.Mem (s, v) ρ → Env.Mem (s, v) ((s', v') :: ρ)
|
||||
|
||||
/-- Inference rules for evaluating an expression (`Spa.Expr`) in a given
|
||||
environment. Pretty standard big-step expression evaluation. -/
|
||||
inductive EvalExpr : Env → Expr → Value → Prop
|
||||
| num (ρ : Env) (n : ℕ) : EvalExpr ρ (.num n) (.int n)
|
||||
| var (ρ : Env) (x : String) (v : Value) :
|
||||
Env.Mem (x, v) ρ → EvalExpr ρ (.var x) v
|
||||
| add (ρ : Env) (e₁ e₂ : Expr) (z₁ z₂ : ℤ) :
|
||||
EvalExpr ρ e₁ (.int z₁) → EvalExpr ρ e₂ (.int z₂) →
|
||||
EvalExpr ρ (.add e₁ e₂) (.int (z₁ + z₂))
|
||||
| sub (ρ : Env) (e₁ e₂ : Expr) (z₁ z₂ : ℤ) :
|
||||
EvalExpr ρ e₁ (.int z₁) → EvalExpr ρ e₂ (.int z₂) →
|
||||
EvalExpr ρ (.sub e₁ e₂) (.int (z₁ - z₂))
|
||||
|
||||
/-- Inference rules for evaluating a basic statement (`Spa.BasicStmt`) in
|
||||
a given environment, potentially changing the environment.
|
||||
Pretty standard big-step evaluation. -/
|
||||
inductive EvalBasicStmt : Env → BasicStmt → Env → Type
|
||||
| noop (ρ : Env) : EvalBasicStmt ρ .noop ρ
|
||||
| assign (ρ : Env) (x : String) (e : Expr) (v : Value) :
|
||||
EvalExpr ρ e v → EvalBasicStmt ρ (.assign x e) ((x, v) :: ρ)
|
||||
|
||||
/-- Inference rules for evaluating a basic-statement-or-nothing,
|
||||
which is the current representation of CFGs nodes. -/
|
||||
inductive EvalBasicStmtOpt : Env → Option BasicStmt → Env → Type
|
||||
| none {ρ : Env} : EvalBasicStmtOpt ρ Option.none ρ
|
||||
| some {ρ₁ ρ₂ : Env} {bs : BasicStmt} :
|
||||
EvalBasicStmt ρ₁ bs ρ₂ → EvalBasicStmtOpt ρ₁ (Option.some bs) ρ₂
|
||||
|
||||
/-- Inference rules for evaluating statements (`Spa.Stmt`) in a given
|
||||
environment, potentially changing the environment.
|
||||
Pretty standard big-step evaluation. -/
|
||||
inductive EvalStmt : Env → Stmt → Env → Type
|
||||
| basic (ρ₁ ρ₂ : Env) (bs : BasicStmt) :
|
||||
EvalBasicStmt ρ₁ bs ρ₂ → EvalStmt ρ₁ (.basic bs) ρ₂
|
||||
| andThen (ρ₁ ρ₂ ρ₃ : Env) (s₁ s₂ : Stmt) :
|
||||
EvalStmt ρ₁ s₁ ρ₂ → EvalStmt ρ₂ s₂ ρ₃ →
|
||||
EvalStmt ρ₁ (.andThen s₁ s₂) ρ₃
|
||||
| ifTrue (ρ₁ ρ₂ : Env) (e : Expr) (z : ℤ) (s₁ s₂ : Stmt) :
|
||||
EvalExpr ρ₁ e (.int z) → ¬(z = 0) → EvalStmt ρ₁ s₁ ρ₂ →
|
||||
EvalStmt ρ₁ (.ifElse e s₁ s₂) ρ₂
|
||||
| ifFalse (ρ₁ ρ₂ : Env) (e : Expr) (s₁ s₂ : Stmt) :
|
||||
EvalExpr ρ₁ e (.int 0) → EvalStmt ρ₁ s₂ ρ₂ →
|
||||
EvalStmt ρ₁ (.ifElse e s₁ s₂) ρ₂
|
||||
| whileTrue (ρ₁ ρ₂ ρ₃ : Env) (e : Expr) (z : ℤ) (s : Stmt) :
|
||||
EvalExpr ρ₁ e (.int z) → ¬(z = 0) → EvalStmt ρ₁ s ρ₂ →
|
||||
EvalStmt ρ₂ (.whileLoop e s) ρ₃ →
|
||||
EvalStmt ρ₁ (.whileLoop e s) ρ₃
|
||||
| whileFalse (ρ : Env) (e : Expr) (s : Stmt) :
|
||||
EvalExpr ρ e (.int 0) →
|
||||
EvalStmt ρ (.whileLoop e s) ρ
|
||||
|
||||
/-- For the purpose of static analysis, lattices we define describe program
|
||||
state, or better yet, they describe _values_ in the program.
|
||||
This class should be provided by each analysis' lattice (see also `Spa/Analysis/Forward.lean`)
|
||||
to describe what each lattice value means in terms of the language.
|
||||
|
||||
In addition to providing the interpretation (`Spa.Interp`), the lattice
|
||||
combinators `⊔` and `⊓` must respect disjunction and conjunction respectively.
|
||||
This is because possible paths through a control flow graph (`Spa/Language/Graphs.lean`),
|
||||
are tied to lattice operations used by the analysis engine. -/
|
||||
class LatticeInterpretation (L : Type*) [Lattice L] extends Interp L (Value → Prop) where
|
||||
interp_sup : ∀ {l₁ l₂ : L} (v : Value),
|
||||
interp l₁ v ∨ interp l₂ v → interp (l₁ ⊔ l₂) v
|
||||
interp_inf : ∀ {l₁ l₂ : L} (v : Value),
|
||||
interp l₁ v ∧ interp l₂ v → interp (l₁ ⊓ l₂) v
|
||||
|
||||
end Spa
|
||||
18
lean/Spa/Language/Tagged/Basic.lean
Normal file
18
lean/Spa/Language/Tagged/Basic.lean
Normal file
@@ -0,0 +1,18 @@
|
||||
import Spa.Language.Base
|
||||
import Spa.Language.Tagged.Id
|
||||
import Spa.Language.Tagged.Derive
|
||||
|
||||
derive_tagged Spa.Expr Spa.BasicStmt Spa.Stmt
|
||||
|
||||
namespace Spa
|
||||
|
||||
def tagStmt (s : Stmt) : Stmt.Tagged RawId := (s.tag 0).1
|
||||
|
||||
def Stmt.Tagged.subtreeIds {τ : Type} (s : Stmt.Tagged τ) : List τ :=
|
||||
s.foldTags (· :: ·) []
|
||||
|
||||
def Stmt.Tagged.isInLoopBody {τ : Type} [DecidableEq τ]
|
||||
(body : Stmt.Tagged τ) (id : τ) : Bool :=
|
||||
decide (id ∈ body.subtreeIds)
|
||||
|
||||
end Spa
|
||||
417
lean/Spa/Language/Tagged/DESCENDANT-TRACKING.md
Normal file
417
lean/Spa/Language/Tagged/DESCENDANT-TRACKING.md
Normal file
@@ -0,0 +1,417 @@
|
||||
# Descendant tracking (parked)
|
||||
|
||||
This is the formally-verified **interval-labeling / descendant** machinery that
|
||||
used to live in `Id.lean` and `Properties.lean`. It let you decide "is node `a`
|
||||
a descendant of node `b`?" with two integer comparisons on their identifiers,
|
||||
and *proved* that numeric test equivalent to structural subtree containment.
|
||||
|
||||
It was removed because the descendant test is a *computational optimization*:
|
||||
the same question can be answered by walking the AST, and nothing in the current
|
||||
pipeline needs the fast test yet. The proofs (a rose-tree flattening + a
|
||||
postorder `Good` invariant) are a real mechanization cost to carry. Parked here
|
||||
so it can be restored verbatim when LICM actually wants it.
|
||||
|
||||
## What stays in the live code
|
||||
|
||||
- `NodeId` collapses to a single unique index (`{ post : ℕ }`); `tag` still
|
||||
assigns each node a distinct postorder number.
|
||||
- The bidirectional mapping (`erase`/`tag` + `erase_tagStmt`) stays in
|
||||
`Properties.lean`.
|
||||
- The labelled-CFG id↔state mapping (`Cfg.lean`) is independent of this and is
|
||||
unaffected.
|
||||
|
||||
## Revival checklist
|
||||
|
||||
1. In `Id.lean`, give `NodeId` back its descendant-count field and the test:
|
||||
|
||||
```lean
|
||||
structure NodeId where
|
||||
post : ℕ
|
||||
desc : ℕ -- number of proper descendants (subtree size − 1); leaf = 0
|
||||
deriving DecidableEq, Repr
|
||||
|
||||
namespace NodeId
|
||||
|
||||
/-- Left endpoint of the node's postorder interval `[lo, post]`. -/
|
||||
def lo (a : NodeId) : ℕ := a.post - a.desc
|
||||
|
||||
/-- `a` is a descendant-or-self of `b`: `a.post` lies in `b`'s interval. -/
|
||||
def DescendantOf (a b : NodeId) : Prop := b.lo ≤ a.post ∧ a.post ≤ b.post
|
||||
|
||||
instance (a b : NodeId) : Decidable (DescendantOf a b) := by
|
||||
unfold DescendantOf; infer_instance
|
||||
|
||||
end NodeId
|
||||
```
|
||||
|
||||
2. In `Derive.lean`, make the generated `tag` store the descendant count again:
|
||||
change the emitted identifier in `mkTag` from `(⟨$last⟩ : $nId)` back to
|
||||
`(⟨$last, $last - n⟩ : $nId)`.
|
||||
|
||||
3. Paste the Lean block below back into `Properties.lean` (after the round-trip
|
||||
theorems). It builds against the `id.lo = lo`-premise form of `Good` and the
|
||||
childcount (`desc`) identifier. The headline result is
|
||||
`descendant_iff_tagStmt`; everything else is supporting machinery.
|
||||
|
||||
## The parked proofs
|
||||
|
||||
```lean
|
||||
/-- A rose tree of identifiers: the uniform shape underlying all three tagged
|
||||
AST types, used to reason about the postorder labeling generically. -/
|
||||
inductive IdTree where
|
||||
| node (id : NodeId) (children : List IdTree)
|
||||
|
||||
namespace IdTree
|
||||
|
||||
def rootId : IdTree → NodeId
|
||||
| .node id _ => id
|
||||
|
||||
@[simp] theorem rootId_node (id : NodeId) (cs : List IdTree) :
|
||||
(IdTree.node id cs).rootId = id := rfl
|
||||
|
||||
mutual
|
||||
def subtrees : IdTree → List IdTree
|
||||
| .node id cs => .node id cs :: subtreesList cs
|
||||
def subtreesList : List IdTree → List IdTree
|
||||
| [] => []
|
||||
| c :: cs => subtrees c ++ subtreesList cs
|
||||
end
|
||||
|
||||
@[simp] theorem subtrees_node (id : NodeId) (cs : List IdTree) :
|
||||
subtrees (.node id cs) = .node id cs :: subtreesList cs := rfl
|
||||
|
||||
@[simp] theorem subtreesList_nil : subtreesList [] = [] := rfl
|
||||
|
||||
@[simp] theorem subtreesList_cons (c : IdTree) (cs : List IdTree) :
|
||||
subtreesList (c :: cs) = subtrees c ++ subtreesList cs := rfl
|
||||
|
||||
def posts (t : IdTree) : List ℕ := (subtrees t).map (fun s => s.rootId.post)
|
||||
|
||||
def postsList (cs : List IdTree) : List ℕ := (subtreesList cs).map (fun s => s.rootId.post)
|
||||
|
||||
@[simp] theorem posts_node (id : NodeId) (cs : List IdTree) :
|
||||
posts (.node id cs) = id.post :: postsList cs := rfl
|
||||
|
||||
@[simp] theorem postsList_nil : postsList [] = [] := rfl
|
||||
|
||||
@[simp] theorem postsList_cons (c : IdTree) (cs : List IdTree) :
|
||||
postsList (c :: cs) = posts c ++ postsList cs := by
|
||||
simp [posts, postsList]
|
||||
|
||||
end IdTree
|
||||
|
||||
def Expr.Tagged.toIdTree : Expr.Tagged NodeId → IdTree
|
||||
| .add t a b => .node t [a.toIdTree, b.toIdTree]
|
||||
| .sub t a b => .node t [a.toIdTree, b.toIdTree]
|
||||
| .var t _ => .node t []
|
||||
| .num t _ => .node t []
|
||||
|
||||
def BasicStmt.Tagged.toIdTree : BasicStmt.Tagged NodeId → IdTree
|
||||
| .assign t _ e => .node t [e.toIdTree]
|
||||
| .noop t => .node t []
|
||||
|
||||
def Stmt.Tagged.toIdTree : Stmt.Tagged NodeId → IdTree
|
||||
| .basic t bs => .node t [bs.toIdTree]
|
||||
| .andThen t a b => .node t [a.toIdTree, b.toIdTree]
|
||||
| .ifElse t e a b => .node t [e.toIdTree, a.toIdTree, b.toIdTree]
|
||||
| .whileLoop t e s => .node t [e.toIdTree, s.toIdTree]
|
||||
|
||||
mutual
|
||||
inductive Good : ℕ → IdTree → Prop
|
||||
| mk {lo : ℕ} {id : NodeId} {cs : List IdTree} :
|
||||
id.lo = lo → GoodChildren lo cs id.post →
|
||||
Good lo (.node id cs)
|
||||
inductive GoodChildren : ℕ → List IdTree → ℕ → Prop
|
||||
| nil {pos : ℕ} : GoodChildren pos [] pos
|
||||
| cons {cur : ℕ} {c : IdTree} {cs : List IdTree} {pos : ℕ} :
|
||||
Good cur c → GoodChildren (c.rootId.post + 1) cs pos →
|
||||
GoodChildren cur (c :: cs) pos
|
||||
end
|
||||
|
||||
theorem Good.lo_le_post {lo : ℕ} {t : IdTree} (h : Good lo t) : lo ≤ t.rootId.post := by
|
||||
cases h with
|
||||
| mk hlo _ => simp only [NodeId.lo] at hlo; simp only [IdTree.rootId_node]; omega
|
||||
|
||||
theorem GoodChildren.cur_le_pos : ∀ {cur : ℕ} (cs : List IdTree) {pos : ℕ},
|
||||
GoodChildren cur cs pos → cur ≤ pos
|
||||
| _, [], _, h => by cases h; exact le_rfl
|
||||
| _, c :: cs, _, h => by
|
||||
cases h with
|
||||
| cons hc hcs =>
|
||||
have := hc.lo_le_post
|
||||
have := GoodChildren.cur_le_pos cs hcs
|
||||
omega
|
||||
|
||||
mutual
|
||||
theorem Good.mem_posts : ∀ {lo : ℕ} (t : IdTree), Good lo t →
|
||||
∀ x, x ∈ IdTree.posts t ↔ lo ≤ x ∧ x ≤ t.rootId.post
|
||||
| _, .node id cs, h, x => by
|
||||
cases h with
|
||||
| mk hlo hch =>
|
||||
simp only [IdTree.posts_node, List.mem_cons, IdTree.rootId_node]
|
||||
rw [GoodChildren.mem_postsList cs hch x]
|
||||
simp only [NodeId.lo] at hlo
|
||||
omega
|
||||
theorem GoodChildren.mem_postsList : ∀ {cur : ℕ} (cs : List IdTree) {pos : ℕ},
|
||||
GoodChildren cur cs pos → ∀ x, x ∈ IdTree.postsList cs ↔ cur ≤ x ∧ x < pos
|
||||
| _, [], _, h, x => by
|
||||
cases h
|
||||
simp only [IdTree.postsList_nil]
|
||||
constructor
|
||||
· intro hx; exact absurd hx (List.not_mem_nil x)
|
||||
· rintro ⟨h1, h2⟩; exfalso; omega
|
||||
| _, c :: cs, _, h, x => by
|
||||
cases h with
|
||||
| cons hc hcs =>
|
||||
simp only [IdTree.postsList_cons, List.mem_append]
|
||||
rw [Good.mem_posts c hc x, GoodChildren.mem_postsList cs hcs x]
|
||||
have := hc.lo_le_post
|
||||
have := GoodChildren.cur_le_pos cs hcs
|
||||
omega
|
||||
end
|
||||
|
||||
mutual
|
||||
theorem Good.nodup_posts : ∀ {lo : ℕ} (t : IdTree), Good lo t → (IdTree.posts t).Nodup
|
||||
| _, .node id cs, h => by
|
||||
cases h with
|
||||
| mk hlo hch =>
|
||||
simp only [IdTree.posts_node, List.nodup_cons]
|
||||
refine ⟨?_, GoodChildren.nodup_postsList cs hch⟩
|
||||
intro hmem
|
||||
rw [GoodChildren.mem_postsList cs hch id.post] at hmem
|
||||
omega
|
||||
theorem GoodChildren.nodup_postsList : ∀ {cur : ℕ} (cs : List IdTree) {pos : ℕ},
|
||||
GoodChildren cur cs pos → (IdTree.postsList cs).Nodup
|
||||
| _, [], _, h => by cases h; simp only [IdTree.postsList_nil, List.nodup_nil]
|
||||
| _, c :: cs, _, h => by
|
||||
cases h with
|
||||
| cons hc hcs =>
|
||||
simp only [IdTree.postsList_cons, List.nodup_append]
|
||||
refine ⟨Good.nodup_posts c hc, GoodChildren.nodup_postsList cs hcs, ?_⟩
|
||||
intro x hx1 hx2
|
||||
rw [Good.mem_posts c hc x] at hx1
|
||||
rw [GoodChildren.mem_postsList cs hcs x] at hx2
|
||||
omega
|
||||
end
|
||||
|
||||
mutual
|
||||
theorem Good.subtree_good : ∀ {lo : ℕ} (t : IdTree), Good lo t →
|
||||
∀ s ∈ IdTree.subtrees t, Good s.rootId.lo s
|
||||
| _, .node id cs, h, s, hs => by
|
||||
cases h with
|
||||
| mk hlo hch =>
|
||||
rw [IdTree.subtrees_node, List.mem_cons] at hs
|
||||
rcases hs with rfl | hs
|
||||
· simp only [IdTree.rootId_node]; rw [hlo]; exact Good.mk hlo hch
|
||||
· exact GoodChildren.subtree_good cs hch s hs
|
||||
theorem GoodChildren.subtree_good : ∀ {cur : ℕ} (cs : List IdTree) {pos : ℕ},
|
||||
GoodChildren cur cs pos → ∀ s ∈ IdTree.subtreesList cs, Good s.rootId.lo s
|
||||
| _, [], _, _, s, hs => by simp only [IdTree.subtreesList_nil, List.not_mem_nil] at hs
|
||||
| _, c :: cs, _, h, s, hs => by
|
||||
cases h with
|
||||
| cons hc hcs =>
|
||||
rw [IdTree.subtreesList_cons, List.mem_append] at hs
|
||||
rcases hs with hs | hs
|
||||
· exact Good.subtree_good c hc s hs
|
||||
· exact GoodChildren.subtree_good cs hcs s hs
|
||||
end
|
||||
|
||||
mutual
|
||||
theorem IdTree.subtrees_subset : ∀ (t : IdTree) {b : IdTree},
|
||||
b ∈ subtrees t → subtrees b ⊆ subtrees t
|
||||
| .node id cs, b, hb => by
|
||||
rw [subtrees_node, List.mem_cons] at hb
|
||||
rcases hb with rfl | hb
|
||||
· exact fun _ h => h
|
||||
· intro x hx
|
||||
rw [subtrees_node, List.mem_cons]
|
||||
exact Or.inr (IdTree.subtreesList_subset cs hb hx)
|
||||
theorem IdTree.subtreesList_subset : ∀ (cs : List IdTree) {b : IdTree},
|
||||
b ∈ subtreesList cs → subtrees b ⊆ subtreesList cs
|
||||
| [], b, hb => by simp only [subtreesList_nil, List.not_mem_nil] at hb
|
||||
| c :: cs, b, hb => by
|
||||
rw [subtreesList_cons, List.mem_append] at hb
|
||||
intro x hx
|
||||
rw [subtreesList_cons, List.mem_append]
|
||||
rcases hb with hb | hb
|
||||
· exact Or.inl (IdTree.subtrees_subset c hb hx)
|
||||
· exact Or.inr (IdTree.subtreesList_subset cs hb hx)
|
||||
end
|
||||
|
||||
theorem IdTree.eq_of_post_eq {l : List IdTree}
|
||||
(h : (l.map (fun s => s.rootId.post)).Nodup) {a c : IdTree}
|
||||
(ha : a ∈ l) (hc : c ∈ l) (hpost : a.rootId.post = c.rootId.post) : a = c := by
|
||||
induction l with
|
||||
| nil => exact absurd ha (List.not_mem_nil a)
|
||||
| cons d ds ih =>
|
||||
simp only [List.map_cons, List.nodup_cons] at h
|
||||
obtain ⟨hd, htl⟩ := h
|
||||
simp only [List.mem_cons] at ha hc
|
||||
rcases ha with rfl | ha <;> rcases hc with rfl | hc
|
||||
· rfl
|
||||
· exfalso; apply hd; rw [hpost]; exact List.mem_map_of_mem _ hc
|
||||
· exfalso; apply hd; rw [← hpost]; exact List.mem_map_of_mem _ ha
|
||||
· exact ih htl ha hc
|
||||
|
||||
theorem descendant_iff_of_good {lo : ℕ} {t : IdTree} (hg : Good lo t)
|
||||
{a b : IdTree} (ha : a ∈ IdTree.subtrees t) (hb : b ∈ IdTree.subtrees t) :
|
||||
a.rootId.DescendantOf b.rootId ↔ a ∈ IdTree.subtrees b := by
|
||||
have hgb : Good b.rootId.lo b := Good.subtree_good t hg b hb
|
||||
constructor
|
||||
· rintro ⟨h1, h2⟩
|
||||
have hmem : a.rootId.post ∈ IdTree.posts b := by
|
||||
rw [Good.mem_posts b hgb a.rootId.post]; exact ⟨h1, h2⟩
|
||||
rw [IdTree.posts, List.mem_map] at hmem
|
||||
obtain ⟨c, hc_mem, hc_post⟩ := hmem
|
||||
have hc_t : c ∈ IdTree.subtrees t := IdTree.subtrees_subset t hb hc_mem
|
||||
have hac : a = c :=
|
||||
IdTree.eq_of_post_eq (hg.nodup_posts t) ha hc_t hc_post.symm
|
||||
rw [hac]; exact hc_mem
|
||||
· intro hsub
|
||||
have hmem : a.rootId.post ∈ IdTree.posts b := by
|
||||
rw [IdTree.posts, List.mem_map]; exact ⟨a, hsub, rfl⟩
|
||||
rw [Good.mem_posts b hgb a.rootId.post] at hmem
|
||||
exact hmem
|
||||
|
||||
/-! ### Tagging produces a good tree
|
||||
|
||||
We bridge from the `tag` traversal to the abstract `Good` invariant, by induction
|
||||
on the plain AST. Each lemma also records that the returned counter is one past
|
||||
the root's postorder index. -/
|
||||
|
||||
theorem Expr.tag_spec : ∀ (e : Expr) (n : ℕ),
|
||||
Good n (e.tag n).1.toIdTree ∧ (e.tag n).1.toIdTree.rootId.post + 1 = (e.tag n).2 := by
|
||||
intro e
|
||||
induction e with
|
||||
| num k =>
|
||||
intro n
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree]
|
||||
exact Good.mk (by simp only [NodeId.lo]; omega) GoodChildren.nil
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| var x =>
|
||||
intro n
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree]
|
||||
exact Good.mk (by simp only [NodeId.lo]; omega) GoodChildren.nil
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| add a b iha ihb =>
|
||||
intro n
|
||||
obtain ⟨gA, pA⟩ := iha n
|
||||
obtain ⟨gB, pB⟩ := ihb (a.tag n).2
|
||||
have lA := gA.lo_le_post
|
||||
have lB := gB.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gA ?_
|
||||
rw [pA]; refine GoodChildren.cons gB ?_; rw [pB]; exact GoodChildren.nil
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| sub a b iha ihb =>
|
||||
intro n
|
||||
obtain ⟨gA, pA⟩ := iha n
|
||||
obtain ⟨gB, pB⟩ := ihb (a.tag n).2
|
||||
have lA := gA.lo_le_post
|
||||
have lB := gB.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gA ?_
|
||||
rw [pA]; refine GoodChildren.cons gB ?_; rw [pB]; exact GoodChildren.nil
|
||||
· simp only [Expr.tag, Expr.Tagged.toIdTree, IdTree.rootId_node]
|
||||
|
||||
theorem BasicStmt.tag_spec : ∀ (bs : BasicStmt) (n : ℕ),
|
||||
Good n (bs.tag n).1.toIdTree ∧ (bs.tag n).1.toIdTree.rootId.post + 1 = (bs.tag n).2 := by
|
||||
intro bs
|
||||
cases bs with
|
||||
| noop =>
|
||||
intro n
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [BasicStmt.tag, BasicStmt.Tagged.toIdTree]
|
||||
exact Good.mk (by simp only [NodeId.lo]; omega) GoodChildren.nil
|
||||
· simp only [BasicStmt.tag, BasicStmt.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| assign x e =>
|
||||
intro n
|
||||
obtain ⟨gE, pE⟩ := Expr.tag_spec e n
|
||||
have lE := gE.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [BasicStmt.tag, BasicStmt.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gE ?_
|
||||
rw [pE]; exact GoodChildren.nil
|
||||
· simp only [BasicStmt.tag, BasicStmt.Tagged.toIdTree, IdTree.rootId_node]
|
||||
|
||||
theorem Stmt.tag_spec : ∀ (s : Stmt) (n : ℕ),
|
||||
Good n (s.tag n).1.toIdTree ∧ (s.tag n).1.toIdTree.rootId.post + 1 = (s.tag n).2 := by
|
||||
intro s
|
||||
induction s with
|
||||
| basic bs =>
|
||||
intro n
|
||||
obtain ⟨gBs, pBs⟩ := BasicStmt.tag_spec bs n
|
||||
have lBs := gBs.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gBs ?_
|
||||
rw [pBs]; exact GoodChildren.nil
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| andThen a b iha ihb =>
|
||||
intro n
|
||||
obtain ⟨gA, pA⟩ := iha n
|
||||
obtain ⟨gB, pB⟩ := ihb (a.tag n).2
|
||||
have lA := gA.lo_le_post
|
||||
have lB := gB.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gA ?_
|
||||
rw [pA]; refine GoodChildren.cons gB ?_; rw [pB]; exact GoodChildren.nil
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| ifElse e a b iha ihb =>
|
||||
intro n
|
||||
obtain ⟨gE, pE⟩ := Expr.tag_spec e n
|
||||
obtain ⟨gA, pA⟩ := iha (e.tag n).2
|
||||
obtain ⟨gB, pB⟩ := ihb (a.tag (e.tag n).2).2
|
||||
have lE := gE.lo_le_post
|
||||
have lA := gA.lo_le_post
|
||||
have lB := gB.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gE ?_
|
||||
rw [pE]; refine GoodChildren.cons gA ?_
|
||||
rw [pA]; refine GoodChildren.cons gB ?_; rw [pB]; exact GoodChildren.nil
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree, IdTree.rootId_node]
|
||||
| whileLoop e s ih =>
|
||||
intro n
|
||||
obtain ⟨gE, pE⟩ := Expr.tag_spec e n
|
||||
obtain ⟨gS, pS⟩ := ih (e.tag n).2
|
||||
have lE := gE.lo_le_post
|
||||
have lS := gS.lo_le_post
|
||||
refine ⟨?_, ?_⟩
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree]
|
||||
refine Good.mk ?_ ?_
|
||||
· simp only [NodeId.lo]; omega
|
||||
· refine GoodChildren.cons gE ?_
|
||||
rw [pE]; refine GoodChildren.cons gS ?_; rw [pS]; exact GoodChildren.nil
|
||||
· simp only [Stmt.tag, Stmt.Tagged.toIdTree, IdTree.rootId_node]
|
||||
|
||||
/-- A freshly tagged program is a well-tagged tree (rooted at postorder start `0`). -/
|
||||
theorem good_tagStmt (s : Stmt) : Good 0 (tagStmt s).toIdTree :=
|
||||
(Stmt.tag_spec s 0).1
|
||||
|
||||
/-- **Descendant characterization.** The numeric `NodeId.DescendantOf` relation on
|
||||
two nodes of a tagged program holds exactly when one is structurally contained in
|
||||
the other's subtree. -/
|
||||
theorem descendant_iff_tagStmt (s : Stmt) {a b : IdTree}
|
||||
(ha : a ∈ IdTree.subtrees (tagStmt s).toIdTree)
|
||||
(hb : b ∈ IdTree.subtrees (tagStmt s).toIdTree) :
|
||||
a.rootId.DescendantOf b.rootId ↔ a ∈ IdTree.subtrees b :=
|
||||
descendant_iff_of_good (good_tagStmt s) ha hb
|
||||
```
|
||||
509
lean/Spa/Language/Tagged/Derive.lean
Normal file
509
lean/Spa/Language/Tagged/Derive.lean
Normal file
@@ -0,0 +1,509 @@
|
||||
import Lean
|
||||
import Mathlib.Tactic.DeriveTraversable
|
||||
import Spa.Language.Base
|
||||
import Spa.Language.Tagged.Id
|
||||
|
||||
/-!
|
||||
# The `derive_tagged` command
|
||||
|
||||
`derive_tagged T₁ T₂ … Tₙ` takes a family of (possibly mutually recursive)
|
||||
inductive types and generates, for each `Tᵢ`:
|
||||
|
||||
* a *tagged* mirror inductive `Tᵢ.Tagged (τ : Type)`, in which every constructor
|
||||
carries a leading `tag : τ` field and every field whose type is a family
|
||||
member is retyped to its `.Tagged τ` counterpart;
|
||||
* `Tᵢ.Tagged.erase : Tᵢ.Tagged τ → Tᵢ`, forgetting all tags;
|
||||
* `Tᵢ.tag : Tᵢ → ℕ → Tᵢ.Tagged RawId × ℕ`, assigning every node a unique
|
||||
`RawId` (its postorder index) by a single unified traversal that threads a
|
||||
counter; the whole family shares one counter, so identifiers are unique across
|
||||
types.
|
||||
|
||||
The generated declarations have exactly the shape of the hand-written reference;
|
||||
see `Spa/Language/Tagged/Basic.lean` (which invokes this command) and the proofs
|
||||
in `Spa/Language/Tagged/Properties.lean`.
|
||||
|
||||
Scope: the generator handles non-indexed inductives whose constructor fields are
|
||||
either scalars or *direct* references to a family member (which covers the object
|
||||
language). Nested occurrences such as `List Tᵢ` are not supported.
|
||||
-/
|
||||
|
||||
open Lean Elab Command Meta
|
||||
|
||||
namespace Spa.DeriveTagged
|
||||
|
||||
/-- One constructor field, classified as a recursive family reference or a scalar
|
||||
(whose type syntax we keep verbatim for the mirror inductive). -/
|
||||
structure FieldData where
|
||||
isRec : Bool
|
||||
recType : Name
|
||||
typeStx : Term
|
||||
|
||||
/-- A constructor: its original (full) name, short name, and fields. -/
|
||||
structure CtorData where
|
||||
origName : Name
|
||||
shortName : Name
|
||||
fields : Array FieldData
|
||||
|
||||
/-- A family member together with its constructors. -/
|
||||
structure TypeData where
|
||||
name : Name
|
||||
ctors : Array CtorData
|
||||
|
||||
def taggedOf (n : Name) : Name := n ++ `Tagged
|
||||
def eraseOf (n : Name) : Name := n ++ `Tagged ++ `erase
|
||||
def rootTagOf (n : Name) : Name := n ++ `Tagged ++ `rootTag
|
||||
def tagOf (n : Name) : Name := n ++ `tag
|
||||
def foldTagsOf (n : Name) : Name := n ++ `Tagged ++ `foldTags
|
||||
def wfOf (n : Name) : Name := n ++ `Tagged ++ `WF
|
||||
def narrowOf (n : Name) : Name := n ++ `Tagged ++ `narrow
|
||||
def narrowEraseOf (n : Name) : Name := n ++ `Tagged ++ `narrow_erase
|
||||
def tagLeOf (n : Name) : Name := n ++ `tag_le
|
||||
def tagRootTagPostOf (n : Name) : Name := n ++ `tag_rootTag_post
|
||||
def tagWfOf (n : Name) : Name := n ++ `tag_wf
|
||||
|
||||
/-- Project the `i`-th conjunct (1-based) out of `hyp`, which has type a
|
||||
right-nested `And` of `total` conjuncts, e.g. `hyp |>.2 |>.2 |>.1`. -/
|
||||
def projAnd {m : Type → Type} [Monad m] [MonadQuotation m]
|
||||
(hyp : Term) (i total : Nat) : m Term := do
|
||||
let mut t := hyp
|
||||
for _ in [0:i-1] do
|
||||
t ← `($t |>.2)
|
||||
if i < total then
|
||||
t ← `($t |>.1)
|
||||
return t
|
||||
|
||||
/-- Combine a non-empty array of propositions into a right-nested conjunction. -/
|
||||
def mkAndR {m : Type → Type} [Monad m] [MonadQuotation m]
|
||||
(cs : Array Term) : m Term := do
|
||||
let mut t := cs.back!
|
||||
for c in cs.pop.reverse do
|
||||
t ← `($c ∧ $t)
|
||||
return t
|
||||
|
||||
/-- For a constructor, return one entry per *recursive* field: its argument
|
||||
identifier, the family member it references, and the start-counter expression at
|
||||
which it is tagged (`n`, then `(a.tag n).2`, …) — the same threading `mkTag`
|
||||
uses. -/
|
||||
def recChildren (cd : CtorData) (argNames : Array Ident) (nStart : Term) :
|
||||
CommandElabM (Array (Ident × Name × Term)) := do
|
||||
let mut res : Array (Ident × Name × Term) := #[]
|
||||
let mut cur := nStart
|
||||
for (f, a) in cd.fields.zip argNames do
|
||||
if f.isRec then
|
||||
res := res.push (a, f.recType, cur)
|
||||
cur ← `(($(mkIdent (tagOf f.recType)) $a $cur) |>.2)
|
||||
return res
|
||||
|
||||
/-- Inspect the family, classifying each constructor field. -/
|
||||
def gather (family : Array Name) (τ : Ident) : TermElabM (Array TypeData) := do
|
||||
let famSet : NameSet := family.foldl (·.insert ·) {}
|
||||
family.mapM fun tn => do
|
||||
let iv ← getConstInfoInduct tn
|
||||
let ctors ← iv.ctors.toArray.mapM fun cn => do
|
||||
let cv ← getConstInfoCtor cn
|
||||
let fields ← forallTelescopeReducing cv.type fun args _ => do
|
||||
let fieldArgs := args.extract iv.numParams args.size
|
||||
fieldArgs.mapM fun a => do
|
||||
let ty ← inferType a
|
||||
match ty.getAppFn.constName? with
|
||||
| some hn =>
|
||||
if famSet.contains hn then
|
||||
return { isRec := true, recType := hn, typeStx := ← `($(mkIdent (taggedOf hn)) $τ) }
|
||||
else
|
||||
return { isRec := false, recType := default, typeStx := ← Lean.PrettyPrinter.delab ty }
|
||||
| none =>
|
||||
return { isRec := false, recType := default, typeStx := ← Lean.PrettyPrinter.delab ty }
|
||||
return { origName := cn, shortName := cn.componentsRev.head!, fields }
|
||||
return { name := tn, ctors }
|
||||
|
||||
/-- The arrow type `τ → <fields…> → Self τ` of a tagged constructor. -/
|
||||
def ctorArrow (cd : CtorData) (self : Term) (τ : Ident) : TermElabM Term := do
|
||||
let mut t := self
|
||||
for f in cd.fields.reverse do
|
||||
t ← `($(f.typeStx) → $t)
|
||||
`($τ → $t)
|
||||
|
||||
/-- The tagged mirror inductives, one per family member. The family is a DAG
|
||||
(`Expr ← BasicStmt ← Stmt`), not genuinely mutual, so they are emitted as
|
||||
separate inductives in dependency order rather than a `mutual` block.
|
||||
|
||||
`Functor`/`Traversable` instances are derived separately by `mkDeriveInstances`
|
||||
below rather than via an inline `deriving` clause. -/
|
||||
def mkInductives (tds : Array TypeData) (τ : Ident) :
|
||||
CommandElabM (Array (TSyntax `command)) := do
|
||||
tds.mapM fun td => do
|
||||
let self ← `($(mkIdent (taggedOf td.name)) $τ)
|
||||
let ctors ← td.ctors.mapM fun cd => do
|
||||
let aty ← Command.liftTermElabM (ctorArrow cd self τ)
|
||||
`(Lean.Parser.Command.ctor| | $(mkIdent cd.shortName):ident : $aty)
|
||||
`(command| inductive $(mkIdent (taggedOf td.name)):ident ($τ : Type) where $ctors*)
|
||||
|
||||
/-- A `deriving instance Functor, Traversable for Tᵢ.Tagged` command per family
|
||||
member. Since every tagged type is a single-parameter, direct-recursive
|
||||
inductive in `τ`, Mathlib's deriving handler produces clean (`sorry`-free)
|
||||
instances, giving `map`, `traverse`, and the `Traversable.foldr`/`toList` folds
|
||||
for free.
|
||||
|
||||
These are emitted as *separate* commands in dependency order (rather than an
|
||||
inline `deriving` clause on each inductive) for two reasons: deriving
|
||||
`Stmt.Tagged` needs the `Expr.Tagged`/`BasicStmt.Tagged` instances already in
|
||||
scope, and — because every member's type name ends in `.Tagged` — the handler's
|
||||
auto-generated instance name (`instFunctorTagged`, built from the type's last
|
||||
component) collides across the family unless each derive sees the environment
|
||||
the previous one updated; separate commands give it that, so the names
|
||||
disambiguate to `instFunctorTagged`, `instFunctorTagged_1`, ….
|
||||
|
||||
The hand-written `foldTags` is retained alongside these: it is a
|
||||
structural-recursion fold that `simp`/`decide` reduce cleanly, unlike the
|
||||
abstract `Traversable.foldr` (defined via the `FreeMonoid`/`Const` applicative),
|
||||
which reduces under `decide`/`rfl` but not naive `simp` unfolding. -/
|
||||
def mkDeriveInstances (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
tds.mapM fun td =>
|
||||
`(command| deriving instance Functor, Traversable for $(mkIdent (taggedOf td.name)))
|
||||
|
||||
/-- The `erase` functions, one per family member (separate defs in dependency
|
||||
order — each calls only already-defined lower members). -/
|
||||
def mkErase (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
tds.mapM fun td => do
|
||||
let mut pats : Array Term := #[]
|
||||
let mut rhss : Array Term := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map (fun i => mkIdent (.mkSimple s!"a{i}"))
|
||||
let pat ← `($(mkIdent (taggedOf td.name ++ cd.shortName)) _ $argNames*)
|
||||
let eraseArgs ← (cd.fields.zip argNames).mapM fun (f, a) =>
|
||||
if f.isRec then `($(mkIdent (eraseOf f.recType)) $a) else pure a
|
||||
let rhs ← `($(mkIdent cd.origName) $eraseArgs*)
|
||||
pats := pats.push pat
|
||||
rhss := rhss.push rhs
|
||||
`(command| def $(mkIdent (eraseOf td.name)) {τ : Type} :
|
||||
$(mkIdent (taggedOf td.name)) τ → $(mkIdent td.name) :=
|
||||
fun x => match x with $[| $pats => $rhss]*)
|
||||
|
||||
/-- The `rootTag` accessors (one non-recursive `def` per type). -/
|
||||
def mkRootTag (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let tIdent := mkIdent `t
|
||||
tds.mapM fun td => do
|
||||
let mut pats : Array Term := #[]
|
||||
let mut rhss : Array Term := #[]
|
||||
for cd in td.ctors do
|
||||
let hole ← `(_)
|
||||
let wilds := Array.mkArray cd.fields.size hole
|
||||
pats := pats.push (← `($(mkIdent (taggedOf td.name ++ cd.shortName)) $tIdent $wilds*))
|
||||
rhss := rhss.push tIdent
|
||||
`(command| def $(mkIdent (rootTagOf td.name)) {τ : Type} :
|
||||
$(mkIdent (taggedOf td.name)) τ → τ :=
|
||||
fun x => match x with $[| $pats => $rhss]*)
|
||||
|
||||
/-- The postorder `tag` functions, one per family member (separate defs in
|
||||
dependency order). -/
|
||||
def mkTag (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let nId := mkIdent ``Spa.RawId
|
||||
tds.mapM fun td => do
|
||||
let mut pats : Array Term := #[]
|
||||
let mut rhss : Array Term := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map (fun i => mkIdent (.mkSimple s!"a{i}"))
|
||||
let pat ← `($(mkIdent cd.origName) $argNames*)
|
||||
let mut cur : Term ← `(n)
|
||||
let mut lets : Array (Ident × Term) := #[]
|
||||
let mut taggedArgs : Array Term := #[]
|
||||
let mut ri := 0
|
||||
for (f, a) in cd.fields.zip argNames do
|
||||
if f.isRec then
|
||||
let rName := mkIdent (.mkSimple s!"r{ri}")
|
||||
let rhsCall ← `($(mkIdent (tagOf f.recType)) $a $cur)
|
||||
lets := lets.push (rName, rhsCall)
|
||||
taggedArgs := taggedArgs.push (← `($rName |>.1))
|
||||
cur ← `($rName |>.2)
|
||||
ri := ri + 1
|
||||
else
|
||||
taggedArgs := taggedArgs.push a
|
||||
let last := cur
|
||||
let tagged ← `($(mkIdent (taggedOf td.name ++ cd.shortName))
|
||||
(⟨$last⟩ : $nId) $taggedArgs*)
|
||||
let mut body ← `(($tagged, $last + 1))
|
||||
for (rName, rhs) in lets.reverse do
|
||||
body ← `(let $rName := $rhs; $body)
|
||||
pats := pats.push pat
|
||||
rhss := rhss.push body
|
||||
`(command| def $(mkIdent (tagOf td.name)) :
|
||||
$(mkIdent td.name) → Nat → $(mkIdent (taggedOf td.name)) $nId × Nat :=
|
||||
fun e n => match e with $[| $pats => $rhss]*)
|
||||
|
||||
/-- The tag-fold functions: `foldTags f acc t` applies `f` to every tag in `t`,
|
||||
right-to-left, threading `acc`. This is the `Foldable`/`foldr`-over-tags the
|
||||
hand-written collectors (e.g. `subtreeIds`) reduce to. One separate def per
|
||||
family member (the family is a DAG, so no `mutual` block is needed). -/
|
||||
def mkFoldTags (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let τ := mkIdent `τ
|
||||
let m := mkIdent `M
|
||||
let fId := mkIdent `f
|
||||
let accId := mkIdent `acc
|
||||
let tagId := mkIdent `t
|
||||
tds.mapM fun td => do
|
||||
let mut pats : Array Term := #[]
|
||||
let mut rhss : Array Term := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map (fun i => mkIdent (.mkSimple s!"a{i}"))
|
||||
let pat ← `($(mkIdent (taggedOf td.name ++ cd.shortName)) $tagId $argNames*)
|
||||
let mut body : Term := accId
|
||||
for (fld, a) in (cd.fields.zip argNames).reverse do
|
||||
if fld.isRec then
|
||||
body ← `($(mkIdent (foldTagsOf fld.recType)) $fId $body $a)
|
||||
body ← `($fId $tagId $body)
|
||||
pats := pats.push pat
|
||||
rhss := rhss.push body
|
||||
`(command| def $(mkIdent (foldTagsOf td.name)) {$τ:ident : Type} {$m:ident : Type}
|
||||
($fId : $τ → $m → $m) ($accId : $m) :
|
||||
$(mkIdent (taggedOf td.name)) $τ → $m :=
|
||||
fun x => match x with $[| $pats => $rhss]*)
|
||||
|
||||
/-- The well-formedness predicate `T.Tagged.WF : T.Tagged RawId → Prop`: every
|
||||
recursive child's root tag has a strictly smaller postorder index than the node's
|
||||
own tag, and each child is itself well-formed. Leaf constructors are `True`. -/
|
||||
def mkWF (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let tId := mkIdent `t
|
||||
let rawId := mkIdent ``Spa.RawId
|
||||
tds.mapM fun td => do
|
||||
let mut pats : Array Term := #[]
|
||||
let mut rhss : Array Term := #[]
|
||||
for cd in td.ctors do
|
||||
let hasRec := cd.fields.any (·.isRec)
|
||||
let mut patArgs : Array Term := #[]
|
||||
let mut recArgs : Array Ident := #[]
|
||||
let mut i := 0
|
||||
for f in cd.fields do
|
||||
if f.isRec then
|
||||
let a := mkIdent (.mkSimple s!"a{i}")
|
||||
patArgs := patArgs.push a
|
||||
recArgs := recArgs.push a
|
||||
else
|
||||
patArgs := patArgs.push (← `(_))
|
||||
i := i + 1
|
||||
let tagBind : Term ← if hasRec then `($tId) else `(_)
|
||||
let pat ← `($(mkIdent (taggedOf td.name ++ cd.shortName)) $tagBind $patArgs*)
|
||||
let rhs ← if recArgs.isEmpty then `(True) else do
|
||||
let bounds ← recArgs.mapM fun a => `($(a).rootTag.post < $(tId).post)
|
||||
let wfs ← recArgs.mapM fun a => `($(a).WF)
|
||||
mkAndR (bounds ++ wfs)
|
||||
pats := pats.push pat
|
||||
rhss := rhss.push rhs
|
||||
`(command| def $(mkIdent (wfOf td.name)) :
|
||||
$(mkIdent (taggedOf td.name)) $rawId → Prop :=
|
||||
fun x => match x with $[| $pats => $rhss]*)
|
||||
|
||||
/-- The `narrow` coercion `T.Tagged RawId → T.Tagged (Fin N)`, given a bound on
|
||||
the root tag and a well-formedness proof. Each node's tag becomes the `Fin N`
|
||||
built from its postorder index, and recursion threads the bound through `lt_trans`
|
||||
and the (definitionally unfolded) `WF` conjunction. -/
|
||||
def mkNarrow (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let rawId := mkIdent ``Spa.RawId
|
||||
let tId := mkIdent `t
|
||||
let nId := mkIdent `N
|
||||
let hId := mkIdent `h
|
||||
let hwfId := mkIdent `hwf
|
||||
let tgId := mkIdent `tg
|
||||
tds.mapM fun td => do
|
||||
let self ← `($(mkIdent (taggedOf td.name)) $rawId)
|
||||
let mut patss : Array (Array Term) := #[]
|
||||
let mut rhss : Array Term := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map fun i => mkIdent (.mkSimple s!"a{i}")
|
||||
let ctorPat ← `($(mkIdent (taggedOf td.name ++ cd.shortName)) $tgId $argNames*)
|
||||
let k := (cd.fields.filter (·.isRec)).size
|
||||
let mut newArgs : Array Term := #[]
|
||||
let mut ri := 0
|
||||
for (f, a) in cd.fields.zip argNames do
|
||||
if f.isRec then
|
||||
let bound ← projAnd hwfId (ri + 1) (2 * k)
|
||||
let wf ← projAnd hwfId (k + ri + 1) (2 * k)
|
||||
newArgs := newArgs.push (← `($(a).narrow (lt_trans $bound $hId) $wf))
|
||||
ri := ri + 1
|
||||
else
|
||||
newArgs := newArgs.push a
|
||||
let built ← `($(mkIdent (taggedOf td.name ++ cd.shortName)) ⟨$(tgId).post, $hId⟩ $newArgs*)
|
||||
let nPat ← `(_)
|
||||
let hPat ← `($hId)
|
||||
let hwfPat : Term ← if k == 0 then `(_) else `($hwfId)
|
||||
patss := patss.push #[ctorPat, nPat, hPat, hwfPat]
|
||||
rhss := rhss.push built
|
||||
`(command| def $(mkIdent (narrowOf td.name)) : ($tId : $self) → {$nId : ℕ} →
|
||||
$(tId).rootTag.post < $nId → $(tId).WF → $(mkIdent (taggedOf td.name)) (Fin $nId)
|
||||
$[| $[$patss],* => $rhss]*)
|
||||
|
||||
/-- `T.tag_rootTag_post`: the root tag of a freshly tagged node is exactly one
|
||||
below the threaded-out counter, i.e. the node itself is numbered last (postorder).
|
||||
A uniform `cases <;> simp` discharges every constructor. -/
|
||||
def mkTagRootTagPost (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let eId := mkIdent `e
|
||||
let nId := mkIdent `n
|
||||
tds.mapM fun td =>
|
||||
`(command| theorem $(mkIdent (tagRootTagPostOf td.name))
|
||||
($eId : $(mkIdent td.name)) ($nId : ℕ) :
|
||||
($(eId).tag $nId).1.rootTag.post + 1 = ($(eId).tag $nId).2 := by
|
||||
cases $eId:ident <;>
|
||||
simp [$(mkIdent (tagOf td.name)):ident, $(mkIdent (rootTagOf td.name)):ident])
|
||||
|
||||
/-- `T.tag_le`: tagging only ever advances the counter (`n ≤ (e.tag n).2`).
|
||||
Proved by induction; each arm threads the counter through its recursive children
|
||||
(using the relevant `tag_le`/induction hypothesis) and closes with `omega`. -/
|
||||
def mkTagLe (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let eId := mkIdent `e
|
||||
let nId := mkIdent `n
|
||||
tds.mapM fun td => do
|
||||
let mut ctorLabels : Array Ident := #[]
|
||||
let mut binderss : Array (Array Ident) := #[]
|
||||
let mut tacs : Array (TSyntax ``Lean.Parser.Tactic.tacticSeq) := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map fun i => mkIdent (.mkSimple s!"a{i}")
|
||||
let mut ihBinders : Array Ident := #[]
|
||||
let mut haveTacs : Array (TSyntax `tactic) := #[]
|
||||
let mut cur : Term ← `($nId)
|
||||
let mut i := 0
|
||||
for (f, a) in cd.fields.zip argNames do
|
||||
if f.isRec then
|
||||
let fact ← if f.recType == td.name then
|
||||
`($(mkIdent (.mkSimple s!"ih{i}")) $cur)
|
||||
else
|
||||
`($(mkIdent (tagLeOf f.recType)) $a $cur)
|
||||
if f.recType == td.name then
|
||||
ihBinders := ihBinders.push (mkIdent (.mkSimple s!"ih{i}"))
|
||||
haveTacs := haveTacs.push (← `(tactic| have := $fact))
|
||||
cur ← `(($(mkIdent (tagOf f.recType)) $a $cur) |>.2)
|
||||
i := i + 1
|
||||
let simpTac ← `(tactic| simp only [$(mkIdent (tagOf td.name)):ident])
|
||||
let omegaTac ← `(tactic| omega)
|
||||
let allTacs := #[simpTac] ++ haveTacs ++ #[omegaTac]
|
||||
ctorLabels := ctorLabels.push (mkIdent cd.shortName)
|
||||
binderss := binderss.push (argNames ++ ihBinders)
|
||||
tacs := tacs.push (← `(tacticSeq| $[$allTacs]*))
|
||||
`(command| theorem $(mkIdent (tagLeOf td.name)) ($eId : $(mkIdent td.name)) ($nId : ℕ) :
|
||||
$nId ≤ ($(eId).tag $nId).2 := by
|
||||
induction $eId:ident generalizing $nId:ident with
|
||||
$[| $ctorLabels:ident $binderss* => $tacs]*)
|
||||
|
||||
/-- `T.tag_wf`: a freshly tagged term is well-formed. Each recursive child's
|
||||
bound conjunct is closed by `omega` from that child's `tag_rootTag_post` plus the
|
||||
`tag_le` of every later child (which bounds the threaded-out counter), and each
|
||||
well-formedness conjunct is the child's induction hypothesis / `tag_wf`. -/
|
||||
def mkTagWf (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let eId := mkIdent `e
|
||||
let nId := mkIdent `n
|
||||
tds.mapM fun td => do
|
||||
let mut ctorLabels : Array Ident := #[]
|
||||
let mut binderss : Array (Array Ident) := #[]
|
||||
let mut tacs : Array (TSyntax ``Lean.Parser.Tactic.tacticSeq) := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map fun i => mkIdent (.mkSimple s!"a{i}")
|
||||
-- recursive children: (arg, recType, startCounter, sameType?, fieldIndex)
|
||||
let mut recs : Array (Ident × Name × Term × Bool × Nat) := #[]
|
||||
let mut cur : Term ← `($nId)
|
||||
let mut i := 0
|
||||
for (f, a) in cd.fields.zip argNames do
|
||||
if f.isRec then
|
||||
recs := recs.push (a, f.recType, cur, f.recType == td.name, i)
|
||||
cur ← `(($(mkIdent (tagOf f.recType)) $a $cur) |>.2)
|
||||
i := i + 1
|
||||
let k := recs.size
|
||||
let ihBinders := (recs.filter (·.2.2.2.1)).map fun r => mkIdent (.mkSimple s!"ih{r.2.2.2.2}")
|
||||
let tac : TSyntax ``Lean.Parser.Tactic.tacticSeq ← if k == 0 then
|
||||
`(tacticSeq| exact True.intro)
|
||||
else do
|
||||
let mut comps : Array Term := #[]
|
||||
-- bound conjuncts
|
||||
for idx in [0:k] do
|
||||
let (a, rt, s, _, _) := recs[idx]!
|
||||
let mut bHaves : Array (TSyntax `tactic) :=
|
||||
#[← `(tactic| have := $(mkIdent (tagRootTagPostOf rt)) $a $s)]
|
||||
for j in [idx+1:k] do
|
||||
let (aj, rtj, sj, _, _) := recs[j]!
|
||||
bHaves := bHaves.push (← `(tactic| have := $(mkIdent (tagLeOf rtj)) $aj $sj))
|
||||
bHaves := bHaves.push (← `(tactic| omega))
|
||||
comps := comps.push (← `(by $(← `(tacticSeq| $[$bHaves]*))))
|
||||
-- well-formedness conjuncts
|
||||
for idx in [0:k] do
|
||||
let (a, rt, s, same, fi) := recs[idx]!
|
||||
comps := comps.push <| ← if same then `($(mkIdent (.mkSimple s!"ih{fi}")) $s)
|
||||
else `($(mkIdent (tagWfOf rt)) $a $s)
|
||||
let simpTac ← `(tactic| simp only
|
||||
[$(mkIdent (tagOf td.name)):ident, $(mkIdent (wfOf td.name)):ident])
|
||||
let exactTac ← `(tactic| exact ⟨$comps,*⟩)
|
||||
`(tacticSeq| $[$(#[simpTac, exactTac])]*)
|
||||
ctorLabels := ctorLabels.push (mkIdent cd.shortName)
|
||||
binderss := binderss.push (argNames ++ ihBinders)
|
||||
tacs := tacs.push tac
|
||||
`(command| theorem $(mkIdent (tagWfOf td.name)) ($eId : $(mkIdent td.name)) ($nId : ℕ) :
|
||||
($(eId).tag $nId).1.WF := by
|
||||
induction $eId:ident generalizing $nId:ident with
|
||||
$[| $ctorLabels:ident $binderss* => $tacs]*)
|
||||
|
||||
/-- `T.Tagged.narrow_erase`: narrowing the tag type does not change the erased
|
||||
(untagged) term. A per-constructor `simp` with the local `narrow`/`erase`
|
||||
equations, the lower members' `narrow_erase`, and the induction hypotheses. -/
|
||||
def mkNarrowErase (tds : Array TypeData) : CommandElabM (Array (TSyntax `command)) := do
|
||||
let rawId := mkIdent ``Spa.RawId
|
||||
let tId := mkIdent `t
|
||||
let nId := mkIdent `N
|
||||
let hId := mkIdent `h
|
||||
let hwfId := mkIdent `hwf
|
||||
let tgId := mkIdent `tg
|
||||
tds.mapM fun td => do
|
||||
let mut ctorLabels : Array Ident := #[]
|
||||
let mut binderss : Array (Array Ident) := #[]
|
||||
let mut tacs : Array (TSyntax ``Lean.Parser.Tactic.tacticSeq) := #[]
|
||||
for cd in td.ctors do
|
||||
let argNames := (Array.range cd.fields.size).map fun i => mkIdent (.mkSimple s!"a{i}")
|
||||
let mut lemmas : Array Term :=
|
||||
#[← `($(mkIdent (narrowOf td.name))), ← `($(mkIdent (eraseOf td.name)))]
|
||||
let mut ihBinders : Array Ident := #[]
|
||||
let mut seenLower : Array Name := #[]
|
||||
let mut i := 0
|
||||
for f in cd.fields do
|
||||
if f.isRec then
|
||||
if f.recType == td.name then
|
||||
let ih := mkIdent (.mkSimple s!"ih{i}")
|
||||
ihBinders := ihBinders.push ih
|
||||
lemmas := lemmas.push (← `($ih))
|
||||
else if !seenLower.contains f.recType then
|
||||
seenLower := seenLower.push f.recType
|
||||
lemmas := lemmas.push (← `($(mkIdent (narrowEraseOf f.recType))))
|
||||
i := i + 1
|
||||
let introTac ← `(tactic| intro $nId $hId $hwfId)
|
||||
let simpTac ← `(tactic| simp [$[$lemmas:term],*])
|
||||
ctorLabels := ctorLabels.push (mkIdent cd.shortName)
|
||||
binderss := binderss.push (#[tgId] ++ argNames ++ ihBinders)
|
||||
tacs := tacs.push (← `(tacticSeq| $[$(#[introTac, simpTac])]*))
|
||||
`(command| theorem $(mkIdent (narrowEraseOf td.name)) :
|
||||
($tId : $(mkIdent (taggedOf td.name)) $rawId) → ∀ {$nId : ℕ}
|
||||
($hId : $(tId).rootTag.post < $nId) ($hwfId : $(tId).WF),
|
||||
($(tId).narrow $hId $hwfId).erase = $(tId).erase := by
|
||||
intro $tId:ident
|
||||
induction $tId:ident with
|
||||
$[| $ctorLabels:ident $binderss* => $tacs]*)
|
||||
|
||||
/-- `derive_tagged T₁ … Tₙ` — generate tagged mirrors, `erase`, and `tag` for the
|
||||
given family of inductives. -/
|
||||
syntax (name := deriveTaggedCmd) "derive_tagged " ident+ : command
|
||||
|
||||
@[command_elab deriveTaggedCmd]
|
||||
def elabDeriveTagged : CommandElab := fun stx => do
|
||||
match stx with
|
||||
| `(derive_tagged $ids*) =>
|
||||
let family ← ids.mapM fun i => Command.liftCoreM (realizeGlobalConstNoOverload i)
|
||||
let τ := mkIdent `τ
|
||||
let tds ← Command.liftTermElabM (gather family τ)
|
||||
for d in (← mkInductives tds τ) do elabCommand d
|
||||
for d in (← mkDeriveInstances tds) do elabCommand d
|
||||
for d in (← mkRootTag tds) do elabCommand d
|
||||
for d in (← mkErase tds) do elabCommand d
|
||||
for d in (← mkTag tds) do elabCommand d
|
||||
for d in (← mkFoldTags tds) do elabCommand d
|
||||
for d in (← mkWF tds) do elabCommand d
|
||||
for d in (← mkNarrow tds) do elabCommand d
|
||||
for d in (← mkTagRootTagPost tds) do elabCommand d
|
||||
for d in (← mkTagLe tds) do elabCommand d
|
||||
for d in (← mkTagWf tds) do elabCommand d
|
||||
for d in (← mkNarrowErase tds) do elabCommand d
|
||||
| _ => throwUnsupportedSyntax
|
||||
|
||||
end Spa.DeriveTagged
|
||||
104
lean/Spa/Language/Tagged/Graphs.lean
Normal file
104
lean/Spa/Language/Tagged/Graphs.lean
Normal file
@@ -0,0 +1,104 @@
|
||||
import Spa.Language
|
||||
import Spa.Language.Graphs
|
||||
import Spa.Language.Tagged.Basic
|
||||
import Spa.Language.Tagged.Properties
|
||||
|
||||
namespace Spa
|
||||
|
||||
open GGraph
|
||||
|
||||
def Stmt.Tagged.cfg {τ : Type} : Stmt.Tagged τ → GGraph (Option (BasicStmt.Tagged τ))
|
||||
| .basic _ bs => GGraph.singleton (some bs)
|
||||
| .andThen _ s₁ s₂ => s₁.cfg ⤳ s₂.cfg
|
||||
| .ifElse _ _ s₁ s₂ => s₁.cfg ∙ s₂.cfg
|
||||
| .whileLoop _ _ s => GGraph.loop s.cfg
|
||||
|
||||
theorem Stmt.Tagged.cfg_graph {τ : Type} : ∀ (t : Stmt.Tagged τ),
|
||||
(Option.map BasicStmt.Tagged.erase) <$> t.cfg = t.erase.cfg
|
||||
| .basic _ bs => by simp [Stmt.Tagged.cfg, Stmt.cfg, Stmt.Tagged.erase, BasicStmt.Tagged.erase]
|
||||
| .andThen _ s₁ s₂ => by
|
||||
simp [Stmt.Tagged.cfg, Stmt.cfg, Stmt.Tagged.erase, Stmt.Tagged.cfg_graph s₁, Stmt.Tagged.cfg_graph s₂]
|
||||
| .ifElse _ _ s₁ s₂ => by
|
||||
simp [Stmt.Tagged.cfg, Stmt.cfg, Stmt.Tagged.erase, Stmt.Tagged.cfg_graph s₁, Stmt.Tagged.cfg_graph s₂]
|
||||
| .whileLoop _ _ s => by
|
||||
simp [Stmt.Tagged.cfg, Stmt.cfg, Stmt.Tagged.erase, Stmt.Tagged.cfg_graph s]
|
||||
|
||||
def GGraph.nodeLabel {τ : Type} (g : GGraph (Option (BasicStmt.Tagged τ))) (i : g.Index) :
|
||||
Option τ :=
|
||||
(g.nodes i).map BasicStmt.Tagged.rootTag
|
||||
|
||||
def GGraph.stateOf {τ : Type} [DecidableEq τ] (g : GGraph (Option (BasicStmt.Tagged τ)))
|
||||
(id : τ) : Option g.Index :=
|
||||
g.indices.find? (fun i => decide (g.nodeLabel i = some id))
|
||||
|
||||
theorem GGraph.stateOf_label {τ : Type} [DecidableEq τ]
|
||||
{g : GGraph (Option (BasicStmt.Tagged τ))} {id : τ}
|
||||
{i : g.Index} (h : g.stateOf id = some i) : g.nodeLabel i = some id := by
|
||||
rw [GGraph.stateOf] at h
|
||||
simpa using List.find?_some h
|
||||
|
||||
namespace Program
|
||||
|
||||
variable (p : Program)
|
||||
|
||||
def tagged : Stmt.Tagged RawId := tagStmt p.rootStmt
|
||||
|
||||
def size : ℕ := p.tagged.rootTag.post + 1
|
||||
|
||||
theorem size_pos : 0 < p.size := Nat.succ_pos _
|
||||
|
||||
abbrev NodeId : Type := Fin p.size
|
||||
|
||||
theorem tagged_wf : p.tagged.WF := Stmt.tag_wf p.rootStmt 0
|
||||
|
||||
def taggedFin : Stmt.Tagged p.NodeId :=
|
||||
p.tagged.narrow (Nat.lt_succ_self _) p.tagged_wf
|
||||
|
||||
def taggedCfg : GGraph (Option (BasicStmt.Tagged p.NodeId)) :=
|
||||
GGraph.wrap p.taggedFin.cfg
|
||||
|
||||
theorem taggedCfg_erase :
|
||||
(Option.map BasicStmt.Tagged.erase) <$> p.taggedCfg = p.cfg := by
|
||||
rw [taggedCfg, GGraph.map_wrap, Stmt.Tagged.cfg_graph, taggedFin,
|
||||
Stmt.Tagged.narrow_erase, tagged, erase_tagStmt]
|
||||
rfl
|
||||
|
||||
theorem taggedCfg_size : p.taggedCfg.size = p.cfg.size := by
|
||||
conv_rhs => rw [← p.taggedCfg_erase]
|
||||
rfl
|
||||
|
||||
def nodeIdOf (s : p.State) : Option p.NodeId :=
|
||||
p.taggedCfg.nodeLabel (Fin.cast p.taggedCfg_size.symm s)
|
||||
|
||||
def stateOfNodeId (id : p.NodeId) : Option p.State :=
|
||||
(p.taggedCfg.stateOf id).map (Fin.cast p.taggedCfg_size)
|
||||
|
||||
theorem cfg_nodes_eq (s : p.State) :
|
||||
p.cfg.nodes s = Option.map BasicStmt.Tagged.erase
|
||||
(p.taggedCfg.nodes (Fin.cast p.taggedCfg_size.symm s)) := by
|
||||
have key : ∀ (g : Graph) (hsz : p.taggedCfg.size = g.size),
|
||||
(Option.map BasicStmt.Tagged.erase) <$> p.taggedCfg = g →
|
||||
∀ i : Fin g.size,
|
||||
g.nodes i = Option.map BasicStmt.Tagged.erase
|
||||
(p.taggedCfg.nodes (Fin.cast hsz.symm i)) := by
|
||||
intro g hsz hg i
|
||||
subst hg
|
||||
rfl
|
||||
exact key p.cfg p.taggedCfg_size p.taggedCfg_erase s
|
||||
|
||||
theorem nodeIdOf_isSome_of_code {s : p.State} {bs : BasicStmt}
|
||||
(h : p.code s = some bs) : (p.nodeIdOf s).isSome = true := by
|
||||
have hc : Option.map BasicStmt.Tagged.erase
|
||||
(p.taggedCfg.nodes (Fin.cast p.taggedCfg_size.symm s)) = some bs := by
|
||||
rw [← p.cfg_nodes_eq s]; exact h
|
||||
unfold Program.nodeIdOf GGraph.nodeLabel
|
||||
cases hcase : p.taggedCfg.nodes (Fin.cast p.taggedCfg_size.symm s) with
|
||||
| none => rw [hcase] at hc; simp at hc
|
||||
| some tbs => simp
|
||||
|
||||
def nodeIdOfNonempty (s : p.State) {bs : BasicStmt} (h : p.code s = some bs) : p.NodeId :=
|
||||
(p.nodeIdOf s).get (p.nodeIdOf_isSome_of_code h)
|
||||
|
||||
end Program
|
||||
|
||||
end Spa
|
||||
9
lean/Spa/Language/Tagged/Id.lean
Normal file
9
lean/Spa/Language/Tagged/Id.lean
Normal file
@@ -0,0 +1,9 @@
|
||||
import Mathlib.Data.Nat.Notation
|
||||
|
||||
namespace Spa
|
||||
|
||||
structure RawId where
|
||||
post : ℕ
|
||||
deriving DecidableEq, Repr
|
||||
|
||||
end Spa
|
||||
29
lean/Spa/Language/Tagged/Properties.lean
Normal file
29
lean/Spa/Language/Tagged/Properties.lean
Normal file
@@ -0,0 +1,29 @@
|
||||
import Spa.Language.Tagged.Basic
|
||||
|
||||
namespace Spa
|
||||
|
||||
@[simp] theorem Expr.erase_tag (e : Expr) (n : ℕ) : (e.tag n).1.erase = e := by
|
||||
induction e generalizing n with
|
||||
| add a b iha ihb => simp [Expr.tag, Expr.Tagged.erase, iha, ihb]
|
||||
| sub a b iha ihb => simp [Expr.tag, Expr.Tagged.erase, iha, ihb]
|
||||
| var x => simp [Expr.tag, Expr.Tagged.erase]
|
||||
| num k => simp [Expr.tag, Expr.Tagged.erase]
|
||||
|
||||
@[simp] theorem BasicStmt.erase_tag (bs : BasicStmt) (n : ℕ) :
|
||||
(bs.tag n).1.erase = bs := by
|
||||
cases bs with
|
||||
| assign x e => simp [BasicStmt.tag, BasicStmt.Tagged.erase]
|
||||
| noop => simp [BasicStmt.tag, BasicStmt.Tagged.erase]
|
||||
|
||||
@[simp] theorem Stmt.erase_tag (s : Stmt) (n : ℕ) : (s.tag n).1.erase = s := by
|
||||
induction s generalizing n with
|
||||
| basic bs => simp [Stmt.tag, Stmt.Tagged.erase]
|
||||
| andThen a b iha ihb => simp [Stmt.tag, Stmt.Tagged.erase, iha, ihb]
|
||||
| ifElse e a b iha ihb => simp [Stmt.tag, Stmt.Tagged.erase, iha, ihb]
|
||||
| whileLoop e s ih => simp [Stmt.tag, Stmt.Tagged.erase, ih]
|
||||
|
||||
/-- Erasing a freshly tagged program recovers it. -/
|
||||
theorem erase_tagStmt (s : Stmt) : (tagStmt s).erase = s := by
|
||||
simp [tagStmt]
|
||||
|
||||
end Spa
|
||||
46
lean/Spa/Language/Tagged/TODO.md
Normal file
46
lean/Spa/Language/Tagged/TODO.md
Normal file
@@ -0,0 +1,46 @@
|
||||
# Tagged AST — follow-ups
|
||||
|
||||
## Descendant tracking — parked
|
||||
|
||||
The interval-labeling descendant test and its correctness proof
|
||||
(`descendant_iff_tagStmt` and supporting rose-tree/`Good` machinery) have been
|
||||
removed from the live code and parked in `DESCENDANT-TRACKING.md`, with a revival
|
||||
checklist. It's a computational optimization not yet needed; revive it (and the
|
||||
`NodeId.desc` field) when LICM wants fast ancestor queries.
|
||||
|
||||
## ID → CFG-state mapping — plan part B — DONE
|
||||
|
||||
`Graphs.lean` now defines a payload-generic `GGraph α` (with `Graph := GGraph
|
||||
(List BasicStmt)` as the concrete CFG), so the labelled CFG **reuses** the graph
|
||||
combinators instead of mirroring them. In `Cfg.lean`:
|
||||
`buildCfgL : Stmt.Tagged NodeId → GGraph (List (BasicStmt.Tagged NodeId))` is just
|
||||
`buildCfg` at the tagged payload; `buildCfgL_graph :
|
||||
(buildCfgL t).map (List.map erase) = buildCfg t.erase` connects it to the real
|
||||
CFG; and `GGraph.nodeLabel`/`GGraph.stateOf` read a node's id straight from its
|
||||
payload (`stateOf_label` is the soundness). No `LGraph`, no separate `label`
|
||||
field, no duplicated combinators.
|
||||
|
||||
## ID → CFG-state mapping — totality — DONE
|
||||
|
||||
The `Option`-valued `nodeIdOf`/`stateOfNodeId` are now proven total on the inputs
|
||||
that matter (`Graphs.lean`), via a payload-list characterization of the CFG:
|
||||
|
||||
- `GGraph.nodeList` flattens `nodes` into the list of payloads, with combinator
|
||||
lemmas (`nodeList_comp/link/loop/wrap`) reducing it through the CFG builders.
|
||||
- `Stmt.Tagged.basics` lists a program's basic statements; the master lemma
|
||||
`Stmt.Tagged.cfg_nodeList_filter` (and its program-level
|
||||
`taggedCfg_nodeList_filter`) shows the non-empty CFG nodes are *exactly* the
|
||||
singletons `[bs]` for `bs ∈ basics`.
|
||||
- AST ⇒ CFG: `exists_state_of_mem_basics` (a state with payload `[bs]`) and
|
||||
`stateOfNodeId_isSome` (the search succeeds).
|
||||
- CFG ⇒ AST: `exists_basic_of_code_ne_nil` (a non-empty node is `[bs]`, with
|
||||
`code = [bs.erase]` and `nodeIdOf = some bs.rootTag`) and `nodeIdOf_isSome`.
|
||||
|
||||
All `propext`/`Quot.sound`-only (no `sorry`, no choice).
|
||||
|
||||
Remaining nice-to-have:
|
||||
- Injectivity: distinct basic-statement ids map to distinct states, giving a
|
||||
two-sided id ↔ state correspondence (upgrading the existence results above to a
|
||||
genuine bijection, and pinning `stateOfNodeId (bs.rootTag)` to *the* state
|
||||
holding `bs`). The `tag`-uniqueness fact this needs (`Nodup` of postorder tags)
|
||||
was part of the parked descendant machinery in `DESCENDANT-TRACKING.md`.
|
||||
266
lean/Spa/Language/Traces.lean
Normal file
266
lean/Spa/Language/Traces.lean
Normal file
@@ -0,0 +1,266 @@
|
||||
import Spa.Language.Semantics
|
||||
import Spa.Language.Graphs
|
||||
import Spa.Language.Program
|
||||
|
||||
/-!
|
||||
|
||||
# Program Traces
|
||||
|
||||
This module defines program traces tied to Control Flow Graphs, or CFGs
|
||||
(see `Spa.GGraph` and `Spa.Graph`). These traces boil town to sequences of
|
||||
basic-block executions (really, `Spa.BasicStmt` executions), each of which must
|
||||
have an actual basic block in the graph _and_ be connected to the previous
|
||||
basic block by an edge. In this way, traces encode executions admitted
|
||||
by the CFG.
|
||||
|
||||
While the regular `Trace` is just _any_ path through the graph, an
|
||||
`EndToEndTrace` is a path from the entry node to the exit node, denoting
|
||||
full program execution.
|
||||
|
||||
Properties about graphs and language semantics (especially,
|
||||
the fact that the graph contains the proper basic block and edges
|
||||
to represent any program execution according to the
|
||||
language's big-step semantics `EvalStmt`) is found
|
||||
in `Spa/Language/Properties.lean`.
|
||||
|
||||
-/
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- A partial trace through a graph `g`, starting right before
|
||||
the execution of the basic block at the first index, and
|
||||
ending right after the execution of the basic block at the last index. -/
|
||||
inductive Trace (g : Graph) : g.Index → g.Index → Env → Env → Type
|
||||
| single {ρ₁ ρ₂ : Env} {idx : g.Index} :
|
||||
EvalBasicStmtOpt ρ₁ (g.nodes idx) ρ₂ → Trace g idx idx ρ₁ ρ₂
|
||||
| edge {ρ₁ ρ₂ ρ₃ : Env} {idx₁ idx₂ idx₃ : g.Index} :
|
||||
EvalBasicStmtOpt ρ₁ (g.nodes idx₁) ρ₂ → (idx₁, idx₂) ∈ g.edges →
|
||||
Trace g idx₂ idx₃ ρ₂ ρ₃ → Trace g idx₁ idx₃ ρ₁ ρ₃
|
||||
|
||||
/-!
|
||||
|
||||
## Open Traces
|
||||
|
||||
A normal `Trace` starts right before one state, and ends right after another.
|
||||
This is convenient for inductively proving correctness / sufficience, but
|
||||
awkward because 1) no empty traces exist and 2) concatenation requires an extra
|
||||
edge.
|
||||
|
||||
However, when attempting an "empty" trace, two types are equally possible:
|
||||
traces that end _right before_ executing a state (`Traceₗ`) and
|
||||
traces that begin _right after_ executing a state (`Traceᵣ`). They
|
||||
are symmetric and can be concatenated with full traces on the left
|
||||
and right, respectively. -/
|
||||
|
||||
/-- Left-open trace, representing execution that ends right before `idx₂`. -/
|
||||
inductive Traceₗ (g : Graph) : g.Index → g.Index → Env → Env → Type where
|
||||
| nil {idx : g.Index} {ρ : Env} : Traceₗ g idx idx ρ ρ
|
||||
| cons {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
EvalBasicStmtOpt ρ₁ (g.nodes idx₁) ρ₂ →
|
||||
(idx₁, idx₂) ∈ g.edges →
|
||||
Traceₗ g idx₂ idx₃ ρ₂ ρ₃ → Traceₗ g idx₁ idx₃ ρ₁ ρ₃
|
||||
|
||||
def Traceₗ.single (g : Graph) (idx : g.Index) (ρ : Env) : Traceₗ g idx idx ρ ρ := .nil
|
||||
|
||||
/-- Right-open trace, representing execution that starts right after `idx₁`. -/
|
||||
inductive Traceᵣ (g : Graph) : g.Index → g.Index → Env → Env → Type where
|
||||
| nil {idx : g.Index} {ρ : Env} : Traceᵣ g idx idx ρ ρ
|
||||
| cons {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
Traceᵣ g idx₁ idx₂ ρ₁ ρ₂ →
|
||||
(idx₂, idx₃) ∈ g.edges →
|
||||
EvalBasicStmtOpt ρ₂ (g.nodes idx₃) ρ₃ → Traceᵣ g idx₁ idx₃ ρ₁ ρ₃
|
||||
|
||||
def Traceᵣ.single (g : Graph) (idx : g.Index) (ρ : Env) : Traceᵣ g idx idx ρ ρ := .nil
|
||||
|
||||
/-- Sequence two traces together. Since the endpoint of the first trace
|
||||
is _after_ its last basic block's execution, and the beginning of
|
||||
the next trace is _before_ its first basic block's execution,
|
||||
there must be an edge to connect the two. -/
|
||||
def Trace.concat {g : Graph} {idx₁ idx₂ idx₃ idx₄ : g.Index}
|
||||
{ρ₁ ρ₂ ρ₃ : Env} (tr₁ : Trace g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(he : (idx₂, idx₃) ∈ g.edges) (tr₂ : Trace g idx₃ idx₄ ρ₂ ρ₃) :
|
||||
Trace g idx₁ idx₄ ρ₁ ρ₃ :=
|
||||
match tr₁ with
|
||||
| single hbs => edge hbs he tr₂
|
||||
| edge hbs he' tr₁' => edge hbs he' (tr₁'.concat he tr₂)
|
||||
|
||||
scoped notation:65 tr₁:66 " ++< " he " >++ " tr₂:65 => Trace.concat tr₁ he tr₂
|
||||
|
||||
def Trace.addEdge {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ : Env} :
|
||||
Trace g idx₁ idx₂ ρ₁ ρ₂ →
|
||||
(idx₂, idx₃) ∈ g.edges →
|
||||
Traceₗ g idx₁ idx₃ ρ₁ ρ₂
|
||||
| .single hnode, hedge => .cons hnode hedge .nil
|
||||
| .edge hnode hedge' rest, hedge => .cons hnode hedge' (rest.addEdge hedge)
|
||||
|
||||
@[aesop simp]
|
||||
def Traceₗ.append {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
Traceₗ g idx₁ idx₂ ρ₁ ρ₂ → Traceₗ g idx₂ idx₃ ρ₂ ρ₃ →
|
||||
Traceₗ g idx₁ idx₃ ρ₁ ρ₃
|
||||
| .nil, rhs => rhs
|
||||
| .cons hnode hedge rest, rhs => .cons hnode hedge (rest.append rhs)
|
||||
|
||||
@[simp] def traceₗ_append_nil {g : Graph} {idx₁ idx₂ : g.Index} {ρ₁ ρ₂ : Env}
|
||||
{trₗ : Traceₗ g idx₁ idx₂ ρ₁ ρ₂} : trₗ.append Traceₗ.nil = trₗ := by
|
||||
induction trₗ <;> aesop
|
||||
|
||||
def Traceₗ.appendTrace {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
Traceₗ g idx₁ idx₂ ρ₁ ρ₂ → Trace g idx₂ idx₃ ρ₂ ρ₃ →
|
||||
Trace g idx₁ idx₃ ρ₁ ρ₃
|
||||
| .nil, rhs => rhs
|
||||
| .cons hnode hedge rest, rhs => .edge hnode hedge (rest.appendTrace rhs)
|
||||
|
||||
def Traceₗ.appendStep {g : Graph} {idx₁ idx₂ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
Traceₗ g idx₁ idx₂ ρ₁ ρ₂ → EvalBasicStmtOpt ρ₂ (g.nodes idx₂) ρ₃ →
|
||||
Trace g idx₁ idx₂ ρ₁ ρ₃ := fun trₗ hbs => trₗ.appendTrace (Trace.single hbs)
|
||||
|
||||
def Trace.appendRight {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
Trace g idx₁ idx₂ ρ₁ ρ₂ → Traceᵣ g idx₂ idx₃ ρ₂ ρ₃ →
|
||||
Trace g idx₁ idx₃ ρ₁ ρ₃
|
||||
| lhs, .nil => lhs
|
||||
| lhs, .cons rest hedge hnode => Trace.concat (lhs.appendRight rest) hedge (.single hnode)
|
||||
|
||||
instance instHAppendTraceLTraceL {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
HAppend (Traceₗ g idx₁ idx₂ ρ₁ ρ₂) (Traceₗ g idx₂ idx₃ ρ₂ ρ₃) (Traceₗ g idx₁ idx₃ ρ₁ ρ₃) where
|
||||
hAppend := Traceₗ.append
|
||||
|
||||
instance instHAppendTraceLTrace {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
HAppend (Traceₗ g idx₁ idx₂ ρ₁ ρ₂) (Trace g idx₂ idx₃ ρ₂ ρ₃) (Trace g idx₁ idx₃ ρ₁ ρ₃) where
|
||||
hAppend := Traceₗ.appendTrace
|
||||
|
||||
instance instHAppendTraceLStep {g : Graph} {idx₁ idx₂ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
HAppend (Traceₗ g idx₁ idx₂ ρ₁ ρ₂) (EvalBasicStmtOpt ρ₂ (g.nodes idx₂) ρ₃) (Trace g idx₁ idx₂ ρ₁ ρ₃) where
|
||||
hAppend := Traceₗ.appendStep
|
||||
|
||||
instance instHAppendTraceTraceR {g : Graph} {idx₁ idx₂ idx₃ : g.Index} {ρ₁ ρ₂ ρ₃ : Env} :
|
||||
HAppend (Trace g idx₁ idx₂ ρ₁ ρ₂) (Traceᵣ g idx₂ idx₃ ρ₂ ρ₃) (Trace g idx₁ idx₃ ρ₁ ρ₃) where
|
||||
hAppend := Trace.appendRight
|
||||
|
||||
/-!
|
||||
|
||||
## Trace Steps
|
||||
|
||||
Analyses that care about *which statements executed* (e.g. reaching
|
||||
definitions) need to project a trace down to its list of executed statements.
|
||||
Defining that projection here, once, as a chronological mathlib `List` means
|
||||
all the re-association facts about concatenating traces come for free from
|
||||
`List.append_assoc` and friends, instead of being re-proven per analysis. -/
|
||||
|
||||
/-- The (index, statement) pairs executed by a single optional-statement step:
|
||||
none if the node is empty, and the node's statement otherwise. -/
|
||||
def EvalBasicStmtOpt.steps {α : Type*} (idx : α) {ρ₁ ρ₂ : Env} {obs : Option BasicStmt} :
|
||||
EvalBasicStmtOpt ρ₁ obs ρ₂ → List (α × BasicStmt)
|
||||
| .none => []
|
||||
| .some (bs := bs) _ => [(idx, bs)]
|
||||
|
||||
/-- The statements executed by a left-open trace, in chronological order. -/
|
||||
def Traceₗ.steps {g : Graph} {idx₁ idx₂ : g.Index} {ρ₁ ρ₂ : Env} :
|
||||
Traceₗ g idx₁ idx₂ ρ₁ ρ₂ → List (g.Index × BasicStmt)
|
||||
| .nil => []
|
||||
| .cons (idx₁ := idx) hnode _ rest => hnode.steps idx ++ rest.steps
|
||||
|
||||
/-- The statements executed by a trace, in chronological order. -/
|
||||
def Trace.steps {g : Graph} {idx₁ idx₂ : g.Index} {ρ₁ ρ₂ : Env} :
|
||||
Trace g idx₁ idx₂ ρ₁ ρ₂ → List (g.Index × BasicStmt)
|
||||
| .single (idx := idx) hnode => hnode.steps idx
|
||||
| .edge (idx₁ := idx) hnode _ rest => hnode.steps idx ++ rest.steps
|
||||
|
||||
@[simp] lemma Traceₗ.steps_append {g : Graph} {idx₁ idx₂ idx₃ : g.Index}
|
||||
{ρ₁ ρ₂ ρ₃ : Env} (tr₁ : Traceₗ g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(tr₂ : Traceₗ g idx₂ idx₃ ρ₂ ρ₃) :
|
||||
(tr₁ ++ tr₂).steps = tr₁.steps ++ tr₂.steps := by
|
||||
show (tr₁.append tr₂).steps = _
|
||||
induction tr₁ <;> simp [Traceₗ.append, Traceₗ.steps, *]
|
||||
|
||||
@[simp] lemma Traceₗ.steps_appendTrace {g : Graph} {idx₁ idx₂ idx₃ : g.Index}
|
||||
{ρ₁ ρ₂ ρ₃ : Env} (tr₁ : Traceₗ g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(tr₂ : Trace g idx₂ idx₃ ρ₂ ρ₃) :
|
||||
(tr₁ ++ tr₂).steps = tr₁.steps ++ tr₂.steps := by
|
||||
show (tr₁.appendTrace tr₂).steps = _
|
||||
induction tr₁ <;> simp [Traceₗ.appendTrace, Traceₗ.steps, Trace.steps, *]
|
||||
|
||||
@[simp] lemma Traceₗ.steps_appendStep {g : Graph} {idx₁ idx₂ : g.Index}
|
||||
{ρ₁ ρ₂ ρ₃ : Env} (tr : Traceₗ g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(hbs : EvalBasicStmtOpt ρ₂ (g.nodes idx₂) ρ₃) :
|
||||
(tr ++ hbs).steps = tr.steps ++ hbs.steps idx₂ :=
|
||||
Traceₗ.steps_appendTrace tr (Trace.single hbs)
|
||||
|
||||
@[simp] lemma Trace.steps_addEdge {g : Graph} {idx₁ idx₂ idx₃ : g.Index}
|
||||
{ρ₁ ρ₂ : Env} (tr : Trace g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(hedge : (idx₂, idx₃) ∈ g.edges) :
|
||||
(tr.addEdge hedge).steps = tr.steps := by
|
||||
induction tr <;> simp [Trace.addEdge, Trace.steps, Traceₗ.steps, *]
|
||||
|
||||
@[simp] lemma Traceₗ.append_addEdge {g : Graph}
|
||||
{idx₁ idx₂ idx₃ idx₄ : g.Index} {ρ₁ ρ₂ ρ₃ ρ₄ : Env}
|
||||
(trₗ : Traceₗ g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(hnode : EvalBasicStmtOpt ρ₂ (g.nodes idx₂) ρ₃)
|
||||
(hedge : (idx₂, idx₃) ∈ g.edges)
|
||||
(rest : Traceₗ g idx₃ idx₄ ρ₃ ρ₄) :
|
||||
trₗ.append (Traceₗ.cons hnode hedge rest) =
|
||||
(Trace.addEdge (trₗ.appendStep hnode) hedge).append rest := by
|
||||
induction trₗ <;> simp [Traceₗ.append, Traceₗ.appendStep, Traceₗ.appendTrace, Trace.addEdge, *]
|
||||
|
||||
@[simp] lemma Traceₗ.appendTrace_addEdge {g : Graph}
|
||||
{idx₁ idx₂ idx₃ idx₄ : g.Index} {ρ₁ ρ₂ ρ₃ ρ₄ : Env}
|
||||
(trₗ : Traceₗ g idx₁ idx₂ ρ₁ ρ₂)
|
||||
(hnode : EvalBasicStmtOpt ρ₂ (g.nodes idx₂) ρ₃)
|
||||
(hedge : (idx₂, idx₃) ∈ g.edges)
|
||||
(rest : Trace g idx₃ idx₄ ρ₃ ρ₄) :
|
||||
trₗ.appendTrace (Trace.edge hnode hedge rest) =
|
||||
(Trace.addEdge (trₗ.appendStep hnode) hedge).appendTrace rest := by
|
||||
induction trₗ <;> simp [Traceₗ.appendTrace, Traceₗ.appendStep, Trace.addEdge, *]
|
||||
|
||||
/-- A beginning-to-end trace corresponding to the CFG `g`. -/
|
||||
inductive EndToEndTrace (g : Graph) (ρ₁ ρ₂ : Env) : Type
|
||||
| intro (idx₁ : g.Index) (idx₁_mem : idx₁ ∈ g.inputs)
|
||||
(idx₂ : g.Index) (idx₂_mem : idx₂ ∈ g.outputs)
|
||||
(trace : Trace g idx₁ idx₂ ρ₁ ρ₂) : EndToEndTrace g ρ₁ ρ₂
|
||||
|
||||
inductive Reaches {prog : Program} : {s₁ s₂ : prog.State} → {ρ₁ ρ₂ : Env} →
|
||||
Trace prog.cfg s₁ s₂ ρ₁ ρ₂ →
|
||||
(s : prog.State) → (ρin ρout : Env) → Type
|
||||
| single_here {s₁ : prog.State} {ρ₁ ρ₂ : Env}
|
||||
(hnode : EvalBasicStmtOpt ρ₁ (prog.code s₁) ρ₂) :
|
||||
Reaches (.single hnode) s₁ ρ₁ ρ₂
|
||||
| edge_here {s₁ s₂ s₃ : prog.State} {ρ₁ ρ₂ ρ₃ : Env}
|
||||
(hnode : EvalBasicStmtOpt ρ₁ (prog.code s₁) ρ₂)
|
||||
(hedge : (s₁, s₂) ∈ prog.cfg.edges) (rest : Trace prog.cfg s₂ s₃ ρ₂ ρ₃) :
|
||||
Reaches (.edge hnode hedge rest) s₁ ρ₁ ρ₂
|
||||
| edge_there {s₁ s₂ s₃ : prog.State} {ρ₁ ρ₂ ρ₃ : Env}
|
||||
(hnode : EvalBasicStmtOpt ρ₁ (prog.code s₁) ρ₂)
|
||||
(hedge : (s₁, s₂) ∈ prog.cfg.edges) (rest : Trace prog.cfg s₂ s₃ ρ₂ ρ₃)
|
||||
{s : prog.State} {ρin ρout : Env} :
|
||||
Reaches rest s ρin ρout →
|
||||
Reaches (.edge hnode hedge rest) s ρin ρout
|
||||
|
||||
def Reaches.pre {prog : Program} {s₁ s₂ s: prog.State}
|
||||
{ρ₁ ρ₂ ρin ρout : Env} {tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂} :
|
||||
(r : Reaches tr s ρin ρout) → Traceₗ prog.cfg s₁ s ρ₁ ρin
|
||||
| .single_here _ => .nil
|
||||
| .edge_here _ _ _ => .nil
|
||||
| .edge_there hnode hedge _ r => .cons hnode hedge r.pre
|
||||
|
||||
def Reaches.post {prog : Program} {s₁ s₂ s: prog.State}
|
||||
{ρ₁ ρ₂ ρin ρout : Env} {tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂} :
|
||||
(r : Reaches tr s ρin ρout) → Trace prog.cfg s₁ s ρ₁ ρout
|
||||
| .single_here hnode => .single hnode
|
||||
| .edge_here hnode _ _ => .single hnode
|
||||
| .edge_there hnode hedge _ r => .edge hnode hedge r.post
|
||||
|
||||
def Reaches.first {prog : Program} {s₁ s₂ s: prog.State}
|
||||
{ρ₁ ρ₂ ρin ρout : Env} {tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂} :
|
||||
(r : Reaches tr s ρin ρout) → Σ ρ₁', Reaches tr s₁ ρ₁ ρ₁'
|
||||
| .single_here hnode => ⟨_, .single_here hnode⟩
|
||||
| .edge_here hnode hedge hrest => ⟨_, .edge_here hnode hedge hrest⟩
|
||||
| .edge_there hnode hedge hrest tmp' => ⟨_, .edge_here hnode hedge hrest⟩
|
||||
|
||||
def Reaches.step {prog : Program} {s₁ s₂ s: prog.State}
|
||||
{ρ₁ ρ₂ ρin ρout : Env} {tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂} :
|
||||
(r : Reaches tr s ρin ρout) → EvalBasicStmtOpt ρin (prog.code s) ρout
|
||||
| .single_here hnode => hnode
|
||||
| .edge_here hnode hedge hrest => hnode
|
||||
| .edge_there hnode hedge hrest tmp' => tmp'.step
|
||||
|
||||
|
||||
end Spa
|
||||
152
lean/Spa/Lattice.lean
Normal file
152
lean/Spa/Lattice.lean
Normal file
@@ -0,0 +1,152 @@
|
||||
import Mathlib.Order.Lattice
|
||||
import Mathlib.Order.RelSeries
|
||||
|
||||
/-!
|
||||
|
||||
# Lattice Definitions
|
||||
|
||||
This file provides some definitions for lattices. It used to be more critical
|
||||
when this was an Agda project, since it defined (semi)lattices, the ordering
|
||||
relation, etc. However, these have been lifted into `Mathlib.Order.Lattice`
|
||||
etc.. What remains are a couple of theorems about folds, as well
|
||||
as `FiniteHeightLattice`, the core concept of lattice-based static
|
||||
program analyses. See the documentation on that class for more information. -/
|
||||
|
||||
namespace Option
|
||||
|
||||
/-- Equality-sensitive eliminator for options in which the `some` case
|
||||
is sensitive to the base `β`. This makes it mirror a one-element fold
|
||||
more closely. -/
|
||||
def elimEq {α : Type*} {β : Sort*} :
|
||||
(o : Option α) → β → ((a : α) → o = some a → β → β) → β
|
||||
| none, b, _ => b
|
||||
| some a, b, f => f a rfl b
|
||||
|
||||
end Option
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- Predicate for binary functions independently monotone in both their arguments. -/
|
||||
def Monotone₂ {α β γ : Type*} [Preorder α] [Preorder β] [Preorder γ]
|
||||
(f : α → β → γ) : Prop :=
|
||||
(∀ b, Monotone (f · b)) ∧ (∀ a, Monotone (f a ·))
|
||||
|
||||
section Folds
|
||||
|
||||
variable {α β : Type*} [Preorder α] [Preorder β]
|
||||
|
||||
/-- (right) folds are monotonic in both their arguments if the underlying accumulator function is. -/
|
||||
lemma foldr_mono {l₁ l₂ : List α} (f : α → β → β) {b₁ b₂ : β}
|
||||
(hl : List.Forall₂ (· ≤ ·) l₁ l₂) (hb : b₁ ≤ b₂)
|
||||
(hf₁ : ∀ b, Monotone (f · b)) (hf₂ : ∀ a, Monotone (f a ·)) :
|
||||
l₁.foldr f b₁ ≤ l₂.foldr f b₂ := by
|
||||
induction hl with
|
||||
| nil => exact hb
|
||||
| cons hxy _ ih =>
|
||||
exact le_trans (hf₁ _ hxy) (hf₂ _ ih)
|
||||
|
||||
/-- (left) folds are monotinic in both their arguments if the underlying accumulator function is. -/
|
||||
lemma foldl_mono {l₁ l₂ : List α} (f : β → α → β) {b₁ b₂ : β}
|
||||
(hl : List.Forall₂ (· ≤ ·) l₁ l₂) (hb : b₁ ≤ b₂)
|
||||
(hf₁ : ∀ a, Monotone (f · a)) (hf₂ : ∀ b, Monotone (f b ·)) :
|
||||
l₁.foldl f b₁ ≤ l₂.foldl f b₂ := by
|
||||
induction hl generalizing b₁ b₂ with
|
||||
| nil => exact hb
|
||||
| cons hxy _ ih =>
|
||||
exact ih (le_trans (hf₁ _ hb) (hf₂ _ hxy))
|
||||
|
||||
omit [Preorder α] in
|
||||
/-- (right) folds on a particular list are monotonic if the underlying accumulator is monotonic in its accumulator argument. -/
|
||||
lemma foldr_mono' (l : List α) (f : α → β → β)
|
||||
(hf : ∀ a, Monotone (f a ·)) : Monotone (l.foldr f ·) := by
|
||||
intro b₁ b₂ hb
|
||||
induction l with
|
||||
| nil => exact hb
|
||||
| cons x xs ih => exact hf x ih
|
||||
|
||||
omit [Preorder α] in
|
||||
/-- (left) folds on a particular list are monotonic if the underlying accumulator is monotonic in its accumulator argument. -/
|
||||
lemma foldl_mono' (l : List α) (f : β → α → β)
|
||||
(hf : ∀ a, Monotone (f · a)) : Monotone fun b => l.foldl f b := by
|
||||
intro b₁ b₂ hb
|
||||
induction l generalizing b₁ b₂ with
|
||||
| nil => exact hb
|
||||
| cons x xs ih => exact ih (hf x hb)
|
||||
|
||||
omit [Preorder α] in
|
||||
/-- The equality-aware eliminator (that also alters its behavior dependent on base case)
|
||||
for option is monotonic. -/
|
||||
lemma elimEq_self_mono (o : Option α) (g : (a : α) → o = some a → β → β)
|
||||
(hg : ∀ a h, Monotone (g a h)) :
|
||||
Monotone (o.elimEq · g) := by
|
||||
cases o with
|
||||
| none => exact monotone_id
|
||||
| some a => exact hg a rfl
|
||||
|
||||
end Folds
|
||||
|
||||
/-- Predicate on types with `Preorder` that claims all $<$ chains in the type have at most `n` comparisons. -/
|
||||
def BoundedChains (α : Type*) [Preorder α] (n : ℕ) : Prop :=
|
||||
∀ c : LTSeries α, c.length ≤ n
|
||||
|
||||
/-- Since a singleton type's preorder has no nonempty `<` chains,
|
||||
they are vacuously bounded by any minimum height. -/
|
||||
lemma boundedChains_of_subsingleton (α : Type*) [Preorder α] [Subsingleton α]
|
||||
(n : ℕ) : BoundedChains α n := fun c => by
|
||||
by_contra hc
|
||||
push_neg at hc
|
||||
exact (c.step ⟨0, by omega⟩).ne (Subsingleton.elim _ _)
|
||||
|
||||
/-- A finite height lattice is a lattice in which all chains $a < \ldots < z$ have a maximum height `height`. -/
|
||||
class FiniteHeightLattice (α : Type*) extends Lattice α, OrderBot α, OrderTop α where
|
||||
height : ℕ
|
||||
chains_bounded : BoundedChains α height
|
||||
|
||||
-- a < ... < z
|
||||
-- ----------- length <= height
|
||||
|
||||
namespace FiniteHeightLattice
|
||||
|
||||
/-- This is something like a lemma about isomorphic types having the same height.
|
||||
Given a finite-height lattice `α`, lattice `β`, and a `Monotone` bijection
|
||||
between the two, we can show that lattice `β` also has a finite height.
|
||||
|
||||
The proof is fairly trivial: any chain in `β` can be transported to a chain in `α`,
|
||||
and must be bounded by the same height by `FiniteHeightLattice.chains_bounded`. -/
|
||||
def transport {α β : Type*} [Lattice β]
|
||||
[I : FiniteHeightLattice α] (f : α → β) (g : β → α)
|
||||
(hf : Monotone f) (hg : Monotone g)
|
||||
(hfg : Function.LeftInverse f g) :
|
||||
FiniteHeightLattice β where
|
||||
toLattice := inferInstance
|
||||
toOrderBot := {
|
||||
bot := f (⊥ : α)
|
||||
bot_le := fun b => by
|
||||
rw [← hfg b]
|
||||
exact hf (_root_.bot_le : (⊥ : α) ≤ g b) }
|
||||
toOrderTop := {
|
||||
top := f (⊤ : α)
|
||||
le_top := fun b => by
|
||||
rw [← hfg b]
|
||||
exact hf (_root_.le_top : g b ≤ (⊤ : α)) }
|
||||
height := I.height
|
||||
chains_bounded := fun c =>
|
||||
I.chains_bounded (c.map g (hg.strictMono_of_injective hfg.injective))
|
||||
|
||||
/-- A `Unique` lattice trivially has finite height: its only chain is the singleton
|
||||
`[default]`, and there are no nontrivial `<` chains in a subsingleton. -/
|
||||
def ofUnique (α : Type*) [Lattice α] [Unique α] :
|
||||
FiniteHeightLattice α where
|
||||
toLattice := inferInstance
|
||||
toOrderBot := {
|
||||
bot := default
|
||||
bot_le := fun _ => le_of_eq (Subsingleton.elim _ _) }
|
||||
toOrderTop := {
|
||||
top := default
|
||||
le_top := fun _ => le_of_eq (Subsingleton.elim _ _) }
|
||||
height := 0
|
||||
chains_bounded := boundedChains_of_subsingleton α 0
|
||||
|
||||
end FiniteHeightLattice
|
||||
|
||||
end Spa
|
||||
191
lean/Spa/Lattice/AboveBelow.lean
Normal file
191
lean/Spa/Lattice/AboveBelow.lean
Normal file
@@ -0,0 +1,191 @@
|
||||
import Spa.Lattice
|
||||
|
||||
/-!
|
||||
|
||||
# The Above-Below Lattice
|
||||
|
||||
This file defines the `AboveBelow` lattice, which takes a flat domain
|
||||
$a_1, \ldots, a_n \in \alpha$ and lifts it into a lattice bounded
|
||||
above by a synthetic $\top$ element, and below by a synthetic $\bot$
|
||||
element.
|
||||
|
||||
$$
|
||||
\begin{array}{ccccc}
|
||||
&& \top && \\
|
||||
& \swarrow & \downarrow & \searrow & \\
|
||||
a_1 & & … & & a_n \\
|
||||
& \searrow & \downarrow & \swarrow & \\
|
||||
&& \bot &&
|
||||
\end{array}
|
||||
$$
|
||||
|
||||
This lattice is also a `Spa.FiniteHeightLattice`, because no chain can
|
||||
exceed the bottom-to-top chain $\bot < a_i < \top$.
|
||||
|
||||
The above-below lattice is helpful for for analyses such as
|
||||
`Spa/Analysis/Sign.lean` and `Spa/Analysis/Constant.lean`, whose
|
||||
classifications of values (by sign or by exact value) do not have
|
||||
any inherent structure beyond "matching exactly".
|
||||
|
||||
-/
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- The above-below lattice, with bottom element `bot` and top element `top`. -/
|
||||
@[aesop safe cases]
|
||||
inductive AboveBelow (α : Type*) where
|
||||
| bot
|
||||
| top
|
||||
| mk (x : α)
|
||||
deriving DecidableEq
|
||||
|
||||
namespace AboveBelow
|
||||
|
||||
instance {α : Type*} [ToString α] : ToString (AboveBelow α) where
|
||||
toString
|
||||
| bot => "⊥"
|
||||
| top => "⊤"
|
||||
| mk x => toString x
|
||||
|
||||
variable {α : Type*} [DecidableEq α]
|
||||
|
||||
instance : Max (AboveBelow α) where
|
||||
max
|
||||
| bot, x => x
|
||||
| top, _ => top
|
||||
| mk x, mk y => if x = y then mk x else top
|
||||
| mk x, bot => mk x
|
||||
| mk _, top => top
|
||||
|
||||
instance : Min (AboveBelow α) where
|
||||
min
|
||||
| bot, _ => bot
|
||||
| top, x => x
|
||||
| mk x, mk y => if x = y then mk x else bot
|
||||
| mk _, bot => bot
|
||||
| mk x, top => mk x
|
||||
|
||||
@[simp] lemma bot_sup (x : AboveBelow α) : bot ⊔ x = x := rfl
|
||||
@[simp] lemma top_sup (x : AboveBelow α) : top ⊔ x = top := rfl
|
||||
@[simp] lemma sup_bot (x : AboveBelow α) : x ⊔ bot = x := by cases x <;> rfl
|
||||
@[simp] lemma sup_top (x : AboveBelow α) : x ⊔ top = top := by cases x <;> rfl
|
||||
@[simp] lemma mk_sup_mk (x y : α) :
|
||||
(mk x ⊔ mk y : AboveBelow α) = if x = y then mk x else top := rfl
|
||||
|
||||
@[simp] lemma bot_inf (x : AboveBelow α) : bot ⊓ x = bot := rfl
|
||||
@[simp] lemma top_inf (x : AboveBelow α) : top ⊓ x = x := rfl
|
||||
@[simp] lemma inf_bot (x : AboveBelow α) : x ⊓ bot = bot := by cases x <;> rfl
|
||||
@[simp] lemma inf_top (x : AboveBelow α) : x ⊓ top = x := by cases x <;> rfl
|
||||
@[simp] lemma mk_inf_mk (x y : α) :
|
||||
(mk x ⊓ mk y : AboveBelow α) = if x = y then mk x else bot := rfl
|
||||
|
||||
protected lemma sup_comm (a b : AboveBelow α) : a ⊔ b = b ⊔ a := by aesop
|
||||
protected lemma sup_assoc (a b c : AboveBelow α) : a ⊔ b ⊔ c = a ⊔ (b ⊔ c) := by aesop
|
||||
protected lemma inf_comm (a b : AboveBelow α) : a ⊓ b = b ⊓ a := by aesop
|
||||
protected lemma inf_assoc (a b c : AboveBelow α) : a ⊓ b ⊓ c = a ⊓ (b ⊓ c) := by aesop
|
||||
protected lemma sup_inf_self (a b : AboveBelow α) : a ⊔ a ⊓ b = a := by aesop
|
||||
protected lemma inf_sup_self (a b : AboveBelow α) : a ⊓ (a ⊔ b) = a := by aesop
|
||||
|
||||
instance : Lattice (AboveBelow α) :=
|
||||
Lattice.mk' AboveBelow.sup_comm AboveBelow.sup_assoc
|
||||
AboveBelow.inf_comm AboveBelow.inf_assoc
|
||||
AboveBelow.sup_inf_self AboveBelow.inf_sup_self
|
||||
|
||||
lemma le_iff {a b : AboveBelow α} : a ≤ b ↔ a ⊔ b = b := sup_eq_right.symm
|
||||
|
||||
lemma bot_le' (a : AboveBelow α) : (bot : AboveBelow α) ≤ a :=
|
||||
le_iff.mpr (bot_sup a)
|
||||
|
||||
lemma le_top' (a : AboveBelow α) : a ≤ (top : AboveBelow α) :=
|
||||
le_iff.mpr (sup_top a)
|
||||
|
||||
instance : OrderBot (AboveBelow α) where
|
||||
bot := bot
|
||||
bot_le := bot_le'
|
||||
|
||||
instance : OrderTop (AboveBelow α) where
|
||||
top := top
|
||||
le_top := le_top'
|
||||
|
||||
lemma bot_lt_mk (x : α) : (bot : AboveBelow α) < mk x := lt_of_le_of_ne (bot_le' _) (by simp)
|
||||
lemma mk_lt_top (x : α) : (mk x : AboveBelow α) < top := lt_of_le_of_ne (le_top' _) (by simp)
|
||||
lemma bot_lt_top : (bot : AboveBelow α) < top := lt_of_le_of_ne (bot_le' _) (by simp)
|
||||
|
||||
lemma le_cases {a b : AboveBelow α} (h : a ≤ b) :
|
||||
a = bot ∨ b = top ∨ a = b := by
|
||||
rw [le_iff] at h
|
||||
rcases a with _ | _ | x <;> rcases b with _ | _ | y <;> simp_all
|
||||
|
||||
/-- If `f` sends `⊥` to `⊥` (in both arguments) and `⊤` to `⊤`
|
||||
(against any non-`⊥` argument), it is monotone in both arguments.
|
||||
The values of the the elements in `α` are irrelevant since they
|
||||
are always incomparable. This makes it easy to prove monotonicity
|
||||
for operations that "just" combine their flat elements, or give up. -/
|
||||
lemma monotone₂_of_strict {β γ : Type*} [DecidableEq β] [DecidableEq γ]
|
||||
(f : AboveBelow α → AboveBelow β → AboveBelow γ)
|
||||
(hbotl : ∀ y, f bot y = bot) (hbotr : ∀ x, f x bot = bot)
|
||||
(htopl : ∀ y, y ≠ bot → f top y = top)
|
||||
(htopr : ∀ x, x ≠ bot → f x top = top) : Monotone₂ f := by
|
||||
constructor <;> intro c a b hab <;>
|
||||
rcases eq_or_ne c bot with rfl | hc <;>
|
||||
rcases le_cases hab with rfl | rfl | rfl <;>
|
||||
simp [hbotl, hbotr, htopl, htopr, bot_le', le_top', *]
|
||||
|
||||
section Interp
|
||||
|
||||
variable {V : Type*} {P : AboveBelow α → V → Prop}
|
||||
|
||||
/-- As long as the interpretation of a the above-below lattice respects the
|
||||
fact that `bot` means "impossible", interpreting the above-below
|
||||
lattice agrees with its `⊔`. -/
|
||||
lemma interp_sup_of (hbot : ∀ v, ¬P bot v) (htop : ∀ v, P top v)
|
||||
{s₁ s₂ : AboveBelow α} (v : V) (h : P s₁ v ∨ P s₂ v) : P (s₁ ⊔ s₂) v := by aesop
|
||||
|
||||
/-- As long as two distinct values in the flat domain don't overlap,
|
||||
interpreting the above-below lattice agrees with its `⊔` -/
|
||||
lemma interp_inf_of
|
||||
(hdisj : ∀ {x y : α}, x ≠ y → ∀ v, ¬(P (mk x) v ∧ P (mk y) v))
|
||||
{s₁ s₂ : AboveBelow α} (v : V) (h : P s₁ v ∧ P s₂ v) : P (s₁ ⊓ s₂) v := by
|
||||
rcases s₁ with _ | _ | x <;> rcases s₂ with _ | _ | y <;> simp_all
|
||||
split
|
||||
· exact h.2
|
||||
· next hne => exact (hdisj hne v h.1 h.2).elim
|
||||
|
||||
end Interp
|
||||
|
||||
/-- synthetic rank of an element, used to prove chain bounds. -/
|
||||
private def rank : AboveBelow α → ℕ
|
||||
| bot => 0
|
||||
| mk _ => 1
|
||||
| top => 2
|
||||
|
||||
/-- It's not possible for any two lifted flat-domain elements to be less
|
||||
than one another. -/
|
||||
lemma not_mk_lt_mk (x y : α) : ¬(mk x : AboveBelow α) < mk y := by
|
||||
intro h
|
||||
obtain ⟨hle, hne⟩ := lt_iff_le_and_ne.mp h
|
||||
rcases le_cases hle with h | h | h <;> simp_all
|
||||
|
||||
/-- The rank of elements is strictly monotonic. -/
|
||||
lemma rank_strictMono : StrictMono (rank : AboveBelow α → ℕ) := by
|
||||
intro a b hab
|
||||
rcases a with _ | _ | x <;> rcases b with _ | _ | y <;>
|
||||
simp_all [rank, not_mk_lt_mk, (bot_le' _).not_lt, (le_top' _).not_lt]
|
||||
|
||||
/-- All chains in the above-below lattice have at most 2 comparisons. -/
|
||||
lemma boundedChains : BoundedChains (AboveBelow α) 2 := fun c => by
|
||||
have h := LTSeries.head_add_length_le_nat (c.map rank rank_strictMono)
|
||||
rw [LTSeries.head_map, LTSeries.last_map, LTSeries.map_length] at h
|
||||
have h2 : rank c.last ≤ 2 := by cases c.last <;> simp [rank]
|
||||
omega
|
||||
|
||||
instance [Inhabited α] : FiniteHeightLattice (AboveBelow α) where
|
||||
toLattice := inferInstance
|
||||
toOrderBot := inferInstance
|
||||
toOrderTop := inferInstance
|
||||
height := 2
|
||||
chains_bounded := boundedChains
|
||||
|
||||
end AboveBelow
|
||||
|
||||
end Spa
|
||||
39
lean/Spa/Lattice/Bool.lean
Normal file
39
lean/Spa/Lattice/Bool.lean
Normal file
@@ -0,0 +1,39 @@
|
||||
import Spa.Lattice
|
||||
import Mathlib.Order.BooleanAlgebra
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-! ### `Bool` as a finite-height lattice
|
||||
|
||||
`Bool` is the two-element lattice `false ≤ true` (with `⊥ = false`, `⊤ = true`).
|
||||
It is the building block of the "power set" lattice `FiniteMap A Bool ks`, used by
|
||||
the reaching-definitions analysis to represent sets of definition sites. -/
|
||||
|
||||
namespace Bool
|
||||
|
||||
/-- Rank of a boolean: `false ↦ 0`, `true ↦ 1`. Used to bound chains, mirroring
|
||||
`AboveBelow.rank`. -/
|
||||
def rank : Bool → ℕ
|
||||
| false => 0
|
||||
| true => 1
|
||||
|
||||
lemma rank_strictMono : StrictMono rank := by
|
||||
intro a b hab
|
||||
cases a <;> cases b <;> revert hab <;> decide
|
||||
|
||||
lemma boundedChains : BoundedChains Bool 1 := fun c => by
|
||||
have h := LTSeries.head_add_length_le_nat (c.map rank rank_strictMono)
|
||||
rw [LTSeries.head_map, LTSeries.last_map, LTSeries.map_length] at h
|
||||
have h2 : rank c.last ≤ 1 := by cases c.last <;> simp [rank]
|
||||
omega
|
||||
|
||||
instance : FiniteHeightLattice Bool where
|
||||
toLattice := inferInstance
|
||||
toOrderBot := inferInstance
|
||||
toOrderTop := inferInstance
|
||||
height := 1
|
||||
chains_bounded := boundedChains
|
||||
|
||||
end Bool
|
||||
|
||||
end Spa
|
||||
214
lean/Spa/Lattice/FiniteMap.lean
Normal file
214
lean/Spa/Lattice/FiniteMap.lean
Normal file
@@ -0,0 +1,214 @@
|
||||
import Spa.Lattice.Tuple
|
||||
import Mathlib.Data.List.Nodup
|
||||
|
||||
/-!
|
||||
|
||||
# Finite Maps
|
||||
|
||||
This file defines _finite maps_, or key-value maps with a finite domain. This
|
||||
is encoded as a map from `Fin` into the value type. Finite maps form a
|
||||
lattice from pointwise composition: $(f \land g) k = f k \land g k$,
|
||||
and, provided the domain `\beta` is of finite height, so is the map
|
||||
lattice as a whole.
|
||||
|
||||
In fact, the isomorphism is described and proven in `Spa/Lattice/Tuple.lean`.
|
||||
|
||||
-/
|
||||
|
||||
namespace Spa
|
||||
|
||||
/-- Key-value map with domain `α` and codomain `β`, with possible keys $\textit{ks} \subseteq \alpha$. -/
|
||||
def FiniteMap (α β : Type*) (ks : List α) : Type _ := Fin ks.length → β
|
||||
|
||||
namespace FiniteMap
|
||||
|
||||
variable {α β : Type*} {ks : List α}
|
||||
|
||||
instance [Lattice β] : Lattice (FiniteMap α β ks) :=
|
||||
inferInstanceAs (Lattice (Fin ks.length → β))
|
||||
|
||||
instance [FiniteHeightLattice β] : FiniteHeightLattice (FiniteMap α β ks) :=
|
||||
inferInstanceAs (FiniteHeightLattice (Fin ks.length → β))
|
||||
|
||||
instance [DecidableEq β] : DecidableEq (FiniteMap α β ks) :=
|
||||
inferInstanceAs (DecidableEq (Fin ks.length → β))
|
||||
|
||||
instance : Membership (α × β) (FiniteMap α β ks) :=
|
||||
⟨fun fm p => ∃ i : Fin ks.length, ks.get i = p.1 ∧ fm i = p.2⟩
|
||||
|
||||
lemma mem_iff {fm : FiniteMap α β ks} {p : α × β} :
|
||||
p ∈ fm ↔ ∃ i : Fin ks.length, ks.get i = p.1 ∧ fm i = p.2 := Iff.rfl
|
||||
|
||||
def MemKey (k : α) (_fm : FiniteMap α β ks) : Prop := k ∈ ks
|
||||
|
||||
lemma MemKey_iff {k : α} {fm : FiniteMap α β ks} : MemKey k fm ↔ k ∈ ks := Iff.rfl
|
||||
|
||||
instance {k : α} {fm : FiniteMap α β ks} [DecidableEq α] : Decidable (MemKey k fm) :=
|
||||
decidable_of_iff _ MemKey_iff.symm
|
||||
|
||||
lemma mem_key_of_mem {k : α} {v : β} {fm : FiniteMap α β ks}
|
||||
(h : (k, v) ∈ fm) : MemKey k fm := by
|
||||
obtain ⟨i, hi, _⟩ := h
|
||||
have hik : ks.get i = k := hi
|
||||
exact hik ▸ ks.get_mem i
|
||||
|
||||
def toList (fm : FiniteMap α β ks) : List (α × β) :=
|
||||
(List.finRange ks.length).map fun i => (ks.get i, fm i)
|
||||
|
||||
lemma le_def [Lattice β] {fm₁ fm₂ : FiniteMap α β ks} :
|
||||
fm₁ ≤ fm₂ ↔ ∀ i, fm₁ i ≤ fm₂ i := Iff.rfl
|
||||
|
||||
section Locate
|
||||
|
||||
variable [DecidableEq α]
|
||||
|
||||
/-- Recover the value stored under a present key. -/
|
||||
def locate {k : α} {fm : FiniteMap α β ks} (h : MemKey k fm) :
|
||||
{v : β // (k, v) ∈ fm} :=
|
||||
let i : Fin ks.length := ⟨ks.idxOf k, List.idxOf_lt_length_iff.mpr h⟩
|
||||
⟨fm i, i, List.idxOf_get _, rfl⟩
|
||||
|
||||
end Locate
|
||||
|
||||
variable [Lattice β]
|
||||
|
||||
lemma le_of_mem_mem (hks : ks.Nodup) {fm₁ fm₂ : FiniteMap α β ks}
|
||||
(hle : fm₁ ≤ fm₂) {k : α} {v₁ v₂ : β}
|
||||
(h₁ : (k, v₁) ∈ fm₁) (h₂ : (k, v₂) ∈ fm₂) : v₁ ≤ v₂ := by
|
||||
obtain ⟨i, hi, rfl⟩ := h₁
|
||||
obtain ⟨j, hj, rfl⟩ := h₂
|
||||
have hij : i = j := hks.get_inj_iff.mp (hi.trans hj.symm)
|
||||
subst hij
|
||||
exact le_def.mp hle i
|
||||
|
||||
lemma mem_sup {fm₁ fm₂ : FiniteMap α β ks} {k : α} {v : β}
|
||||
(h : (k, v) ∈ fm₁ ⊔ fm₂) :
|
||||
∃ v₁ v₂, v = v₁ ⊔ v₂ ∧ (k, v₁) ∈ fm₁ ∧ (k, v₂) ∈ fm₂ := by
|
||||
obtain ⟨i, hi, rfl⟩ := h
|
||||
exact ⟨fm₁ i, fm₂ i, rfl, ⟨i, hi, rfl⟩, ⟨i, hi, rfl⟩⟩
|
||||
|
||||
lemma mem_inf {fm₁ fm₂ : FiniteMap α β ks} {k : α} {v : β}
|
||||
(h : (k, v) ∈ fm₁ ⊓ fm₂) :
|
||||
∃ v₁ v₂, v = v₁ ⊓ v₂ ∧ (k, v₁) ∈ fm₁ ∧ (k, v₂) ∈ fm₂ := by
|
||||
obtain ⟨i, hi, rfl⟩ := h
|
||||
exact ⟨fm₁ i, fm₂ i, rfl, ⟨i, hi, rfl⟩, ⟨i, hi, rfl⟩⟩
|
||||
|
||||
section Updating
|
||||
|
||||
variable [DecidableEq α]
|
||||
|
||||
def updating (fm : FiniteMap α β ks) (ks' : List α) (g : α → β) : FiniteMap α β ks :=
|
||||
fun i => if ks.get i ∈ ks' then g (ks.get i) else fm i
|
||||
|
||||
omit [Lattice β] in
|
||||
lemma eq_of_mem_updating {k : α} {v : β} {fm : FiniteMap α β ks}
|
||||
{ks' : List α} {g : α → β} (hk : k ∈ ks')
|
||||
(h : (k, v) ∈ updating fm ks' g) : v = g k := by
|
||||
obtain ⟨i, hi, rfl⟩ := h
|
||||
show (if ks.get i ∈ ks' then g (ks.get i) else fm i) = g k
|
||||
rw [if_pos (by rw [hi]; exact hk), hi]
|
||||
|
||||
omit [Lattice β] in
|
||||
lemma mem_of_mem_updating {k : α} {v : β} {fm : FiniteMap α β ks}
|
||||
{ks' : List α} {g : α → β} (hk : k ∉ ks')
|
||||
(h : (k, v) ∈ updating fm ks' g) : (k, v) ∈ fm := by
|
||||
obtain ⟨i, hi, rfl⟩ := h
|
||||
refine ⟨i, hi, ?_⟩
|
||||
show fm i = (if ks.get i ∈ ks' then g (ks.get i) else fm i)
|
||||
rw [if_neg (by rw [hi]; exact hk)]
|
||||
|
||||
lemma updating_mono {fm₁ fm₂ : FiniteMap α β ks} {ks' : List α}
|
||||
{g₁ g₂ : α → β} (hfm : fm₁ ≤ fm₂) (hg : ∀ k, g₁ k ≤ g₂ k) :
|
||||
updating fm₁ ks' g₁ ≤ updating fm₂ ks' g₂ := by
|
||||
rw [le_def]
|
||||
intro i
|
||||
show (if ks.get i ∈ ks' then g₁ (ks.get i) else fm₁ i)
|
||||
≤ (if ks.get i ∈ ks' then g₂ (ks.get i) else fm₂ i)
|
||||
split
|
||||
· exact hg (ks.get i)
|
||||
· exact le_def.mp hfm i
|
||||
|
||||
end Updating
|
||||
|
||||
section GeneralizedUpdate
|
||||
|
||||
variable [DecidableEq α] {L : Type*} [Lattice L]
|
||||
|
||||
def generalizedUpdate (f : L → FiniteMap α β ks) (g : α → L → β)
|
||||
(ks' : List α) : L → FiniteMap α β ks := fun l =>
|
||||
(f l).updating ks' (fun k => g k l)
|
||||
|
||||
variable {f : L → FiniteMap α β ks} {g : α → L → β} {ks' : List α}
|
||||
|
||||
lemma generalizedUpdate_monotone (hf : Monotone f)
|
||||
(hg : ∀ k, Monotone (g k)) : Monotone (generalizedUpdate f g ks') :=
|
||||
fun _ _ hl => updating_mono (hf hl) (fun k => hg k hl)
|
||||
|
||||
omit [Lattice β] [Lattice L] in
|
||||
lemma generalizedUpdate_mem_eq {k : α} {v : β} {l : L} (hk : k ∈ ks')
|
||||
(h : (k, v) ∈ generalizedUpdate f g ks' l) : v = g k l :=
|
||||
eq_of_mem_updating (g := fun k => g k l) hk h
|
||||
|
||||
omit [Lattice β] [Lattice L] in
|
||||
lemma generalizedUpdate_not_mem_backward {k : α} {v : β} {l : L} (hk : k ∉ ks')
|
||||
(h : (k, v) ∈ generalizedUpdate f g ks' l) : (k, v) ∈ f l :=
|
||||
mem_of_mem_updating hk h
|
||||
|
||||
end GeneralizedUpdate
|
||||
|
||||
section ValuesAt
|
||||
|
||||
variable [DecidableEq α]
|
||||
|
||||
/-- The value stored under `k`, if `k` is a key. -/
|
||||
private def lookup (fm : FiniteMap α β ks) (k : α) : Option β :=
|
||||
if h : k ∈ ks then some (fm ⟨ks.idxOf k, List.idxOf_lt_length_iff.mpr h⟩) else none
|
||||
|
||||
/-- The values stored under the keys `ks'` (skipping any that are not keys). -/
|
||||
def valuesAt (fm : FiniteMap α β ks) (ks' : List α) : List β :=
|
||||
ks'.filterMap fm.lookup
|
||||
|
||||
omit [Lattice β] in
|
||||
lemma mem_valuesAt (hks : ks.Nodup) {fm : FiniteMap α β ks} {k : α} {v : β}
|
||||
{ks' : List α} (hk : k ∈ ks') (h : (k, v) ∈ fm) : v ∈ valuesAt fm ks' := by
|
||||
refine List.mem_filterMap.mpr ⟨k, hk, ?_⟩
|
||||
obtain ⟨i, hi, rfl⟩ := h
|
||||
have hik : ks.get i = k := hi
|
||||
have hmem : k ∈ ks := hik ▸ ks.get_mem i
|
||||
show (if h : k ∈ ks then
|
||||
some (fm ⟨ks.idxOf k, List.idxOf_lt_length_iff.mpr h⟩) else none) = some (fm i)
|
||||
rw [dif_pos hmem]
|
||||
have : (⟨ks.idxOf k, List.idxOf_lt_length_iff.mpr hmem⟩ : Fin ks.length) = i :=
|
||||
hks.get_inj_iff.mp (by rw [List.idxOf_get, hi])
|
||||
rw [this]
|
||||
|
||||
private lemma lookup_rel {fm₁ fm₂ : FiniteMap α β ks} (hle : fm₁ ≤ fm₂) (k : α) :
|
||||
Option.Rel (· ≤ ·) (fm₁.lookup k) (fm₂.lookup k) := by
|
||||
show Option.Rel _
|
||||
(if h : k ∈ ks then some (fm₁ ⟨ks.idxOf k, List.idxOf_lt_length_iff.mpr h⟩) else none)
|
||||
(if h : k ∈ ks then some (fm₂ ⟨ks.idxOf k, List.idxOf_lt_length_iff.mpr h⟩) else none)
|
||||
by_cases hk : k ∈ ks
|
||||
· rw [dif_pos hk, dif_pos hk]; exact Option.Rel.some (le_def.mp hle _)
|
||||
· rw [dif_neg hk, dif_neg hk]; exact Option.Rel.none
|
||||
|
||||
lemma valuesAt_le {fm₁ fm₂ : FiniteMap α β ks} (hle : fm₁ ≤ fm₂)
|
||||
(ks' : List α) :
|
||||
List.Forall₂ (· ≤ ·) (valuesAt fm₁ ks') (valuesAt fm₂ ks') := by
|
||||
induction ks' with
|
||||
| nil => exact List.Forall₂.nil
|
||||
| cons k ks'' ih =>
|
||||
have hrel := lookup_rel hle k
|
||||
rw [valuesAt, valuesAt, List.filterMap_cons, List.filterMap_cons]
|
||||
revert hrel
|
||||
generalize fm₁.lookup k = o₁
|
||||
generalize fm₂.lookup k = o₂
|
||||
intro hrel
|
||||
cases hrel with
|
||||
| none => simpa [valuesAt] using ih
|
||||
| some hv => exact List.Forall₂.cons hv (by simpa [valuesAt] using ih)
|
||||
|
||||
end ValuesAt
|
||||
|
||||
end FiniteMap
|
||||
|
||||
end Spa
|
||||
38
lean/Spa/Lattice/Finset.lean
Normal file
38
lean/Spa/Lattice/Finset.lean
Normal file
@@ -0,0 +1,38 @@
|
||||
import Spa.Lattice
|
||||
import Mathlib.Data.Finset.Lattice.Basic
|
||||
import Mathlib.Data.Fintype.Lattice
|
||||
import Mathlib.Data.Fintype.Card
|
||||
|
||||
/-! # Power Sets of Finite Type
|
||||
|
||||
For a `Fintype α`, `Finset α` is the power-set lattice: `⊔` is union, `⊓` is
|
||||
intersection, `⊥ = ∅`, `⊤ = univ`. This lattice also has a finite height.
|
||||
|
||||
The `Finset α` representation s isomorphic to `Fin α → Bool`, but far more
|
||||
efficient because it avoids building up stacks of layered closures. -/
|
||||
|
||||
namespace Spa
|
||||
|
||||
variable {α : Type*} [Fintype α] [DecidableEq α]
|
||||
|
||||
omit [Fintype α] [DecidableEq α] in
|
||||
private lemma finset_card_strictMono : StrictMono (Finset.card : Finset α → ℕ) :=
|
||||
fun _ _ h => Finset.card_lt_card h
|
||||
|
||||
omit [DecidableEq α] in
|
||||
/-- A strictly increasing chain of finsets grows its cardinality by at least one
|
||||
each step, and cardinality is capped by `Fintype.card α`. -/
|
||||
lemma finset_boundedChains : BoundedChains (Finset α) (Fintype.card α) := fun c => by
|
||||
have h := LTSeries.head_add_length_le_nat (c.map Finset.card finset_card_strictMono)
|
||||
rw [LTSeries.head_map, LTSeries.last_map, LTSeries.map_length] at h
|
||||
have h2 : c.last.card ≤ Fintype.card α := Finset.card_le_univ _
|
||||
omega
|
||||
|
||||
instance instFiniteHeightFinset : FiniteHeightLattice (Finset α) where
|
||||
toLattice := inferInstance
|
||||
toOrderBot := inferInstance
|
||||
toOrderTop := inferInstance
|
||||
height := Fintype.card α
|
||||
chains_bounded := finset_boundedChains
|
||||
|
||||
end Spa
|
||||
128
lean/Spa/Lattice/Tuple.lean
Normal file
128
lean/Spa/Lattice/Tuple.lean
Normal file
@@ -0,0 +1,128 @@
|
||||
import Spa.Lattice
|
||||
import Mathlib.Data.Fin.Tuple.Basic
|
||||
import Mathlib.Algebra.Order.BigOperators.Group.Finset
|
||||
|
||||
/-!
|
||||
|
||||
# Finite Tuple Lattices
|
||||
|
||||
This file provides a proof that, in addition to being a lattice, the function
|
||||
space `Fin n → β` is itself a `Spa.FiniteHeightLattice` if the element type
|
||||
`β` is a lattice.
|
||||
|
||||
Finite tuple lattices are the workhorse behind `FiniteMap`, whose carrier is
|
||||
`Fin ks.length → β`.
|
||||
|
||||
The proof proceeds by "unzipping" a chain (`LTSeries`):
|
||||
|
||||
$$
|
||||
(a_1, b_1, c_1) < \ldots < (a_1, b_1, c_o) < \ldots < (a_1, b_m, c_o) <
|
||||
\ldots < (a_n, b_m, c_o)
|
||||
$$
|
||||
|
||||
In which, at each step, at least one of the components must have increased
|
||||
(otherwise, the chain is not striclty increasing), into `n` chains
|
||||
(`LTSeries`).
|
||||
|
||||
$$
|
||||
\begin{aligned}
|
||||
a_1 < \ldots < a_n \\
|
||||
b_1 < \ldots < b_m \
|
||||
c_1 < \ldots < c_o \
|
||||
\end{aligned}
|
||||
$$
|
||||
|
||||
Because at least one of the two "unzipped" chains grows with each element of
|
||||
the product chain, the full chain length can't exceed the sum of the
|
||||
components. By the definition of finite height, these two chains are bounded,
|
||||
and therefore, the product chain is bounded too. -/
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace Tuple
|
||||
|
||||
variable {β : Type*}
|
||||
|
||||
section Unzip
|
||||
|
||||
variable [PartialOrder β]
|
||||
|
||||
open Classical in -- chain bounds are in Prop, so classical helps here.
|
||||
/-- The generalized unzip: any chain in `Fin n → β` decomposes into a family of
|
||||
per-tuple-coordinate chains in `β`, agreeing with the original at each end, whose
|
||||
lengths sum to an upper bound on the original chain's length. -/
|
||||
lemma exists_unzip {n : ℕ} (c : LTSeries (Fin n → β)) :
|
||||
∃ cs : Fin n → LTSeries β,
|
||||
(∀ i, (cs i).head = c.head i) ∧ (∀ i, (cs i).last = c.last i) ∧
|
||||
c.length ≤ ∑ i, (cs i).length := by
|
||||
suffices H : ∀ (m : ℕ) (c : LTSeries (Fin n → β)), c.length = m →
|
||||
∃ cs : Fin n → LTSeries β,
|
||||
(∀ i, (cs i).head = c.head i) ∧ (∀ i, (cs i).last = c.last i) ∧
|
||||
c.length ≤ ∑ i, (cs i).length from H c.length c rfl
|
||||
intro m
|
||||
induction m with
|
||||
| zero =>
|
||||
intro c hn
|
||||
have hlast : (Fin.last c.length) = 0 := by ext; simp [hn]
|
||||
have hhl : c.last = c.head := by rw [RelSeries.last, RelSeries.head, hlast]
|
||||
refine ⟨fun i => RelSeries.singleton _ (c.head i), fun i => ?_, fun i => ?_, ?_⟩
|
||||
· exact RelSeries.head_singleton _
|
||||
· rw [RelSeries.last_singleton, hhl]
|
||||
· simp [hn, RelSeries.singleton]
|
||||
| succ m ih =>
|
||||
intro c hn
|
||||
have h0 : c.length ≠ 0 := by omega
|
||||
haveI : NeZero c.length := ⟨h0⟩
|
||||
obtain ⟨cs', hh', hl', hlen'⟩ := ih (c.tail h0) (by rw [RelSeries.tail_length]; omega)
|
||||
have hstep : c.head < c 1 := c.strictMono Fin.one_pos'
|
||||
obtain ⟨hle, j, hjlt⟩ := Pi.lt_def.mp hstep
|
||||
have hh'1 : ∀ i, (cs' i).head = c 1 i := fun i => by rw [hh' i, RelSeries.head_tail]
|
||||
refine ⟨fun i =>
|
||||
if hlt : c.head i < c 1 i then
|
||||
(cs' i).cons (c.head i) (by rw [hh'1 i]; exact hlt)
|
||||
else cs' i,
|
||||
fun i => ?_, fun i => ?_, ?_⟩
|
||||
· by_cases hlt : c.head i < c 1 i
|
||||
· simp only [dif_pos hlt, RelSeries.head_cons]
|
||||
· simp only [dif_neg hlt]
|
||||
rw [hh'1 i]
|
||||
exact ((lt_or_eq_of_le (hle i)).resolve_left hlt).symm
|
||||
· by_cases hlt : c.head i < c 1 i
|
||||
· simp only [dif_pos hlt, RelSeries.last_cons, hl' i, RelSeries.last_tail]
|
||||
· simp only [dif_neg hlt, hl' i, RelSeries.last_tail]
|
||||
· calc c.length
|
||||
= (c.tail h0).length + 1 := by rw [RelSeries.tail_length]; omega
|
||||
_ ≤ (∑ i, (cs' i).length) + 1 := Nat.add_le_add_right hlen' 1
|
||||
_ ≤ ∑ i, (if hlt : c.head i < c 1 i then
|
||||
(cs' i).cons (c.head i) (by rw [hh'1 i]; exact hlt) else cs' i).length :=
|
||||
Nat.succ_le_of_lt (Finset.sum_lt_sum (fun i _ => by
|
||||
split
|
||||
· rw [RelSeries.cons_length]; omega
|
||||
· exact le_rfl)
|
||||
⟨j, Finset.mem_univ j, by rw [dif_pos hjlt, RelSeries.cons_length]; omega⟩)
|
||||
|
||||
end Unzip
|
||||
|
||||
section FiniteHeight
|
||||
|
||||
variable [FiniteHeightLattice β]
|
||||
|
||||
instance instFiniteHeight {n : ℕ} : FiniteHeightLattice (Fin n → β) where
|
||||
toLattice := inferInstance
|
||||
toOrderBot := inferInstance
|
||||
toOrderTop := inferInstance
|
||||
height := n * FiniteHeightLattice.height (α := β)
|
||||
chains_bounded := fun c => by
|
||||
obtain ⟨cs, _, _, hbound⟩ := exists_unzip c
|
||||
refine hbound.trans ?_
|
||||
calc ∑ i, (cs i).length
|
||||
≤ ∑ _i : Fin n, FiniteHeightLattice.height (α := β) :=
|
||||
Finset.sum_le_sum (fun i _ => FiniteHeightLattice.chains_bounded (cs i))
|
||||
_ = n * FiniteHeightLattice.height (α := β) := by
|
||||
simp [Finset.sum_const, Finset.card_univ, Fintype.card_fin]
|
||||
|
||||
end FiniteHeight
|
||||
|
||||
end Tuple
|
||||
|
||||
end Spa
|
||||
14
lean/Spa/Lattice/Unit.lean
Normal file
14
lean/Spa/Lattice/Unit.lean
Normal file
@@ -0,0 +1,14 @@
|
||||
import Spa.Lattice
|
||||
|
||||
/-!
|
||||
|
||||
# Unit Lattice
|
||||
|
||||
This file provides a proof that in addition to being a lattice,
|
||||
`PUnit` is a `Spa.FiniteHeightLattice`. This is a fairly trivial result. -/
|
||||
|
||||
namespace Spa
|
||||
|
||||
instance : FiniteHeightLattice PUnit := FiniteHeightLattice.ofUnique PUnit
|
||||
|
||||
end Spa
|
||||
37
lean/Spa/Showable.lean
Normal file
37
lean/Spa/Showable.lean
Normal file
@@ -0,0 +1,37 @@
|
||||
import Spa.Lattice.FiniteMap
|
||||
import Spa.Lattice.AboveBelow
|
||||
|
||||
namespace Spa
|
||||
|
||||
class Showable (α : Type*) where
|
||||
show' : α → String
|
||||
|
||||
export Showable (show')
|
||||
|
||||
instance : Showable String := ⟨fun s => "\"" ++ s ++ "\""⟩
|
||||
|
||||
instance : Showable ℕ := ⟨toString⟩
|
||||
|
||||
instance : Showable ℤ := ⟨toString⟩
|
||||
|
||||
instance {n : ℕ} : Showable (Fin n) := ⟨fun i => toString i.val⟩
|
||||
|
||||
instance {α β : Type*} [Showable α] [Showable β] : Showable (α × β) :=
|
||||
⟨fun p => "(" ++ show' p.1 ++ ", " ++ show' p.2 ++ ")"⟩
|
||||
|
||||
instance : Showable PUnit := ⟨fun _ => "()"⟩
|
||||
|
||||
instance {α : Type*} [Showable α] : Showable (AboveBelow α) :=
|
||||
⟨fun
|
||||
| .bot => "⊥"
|
||||
| .top => "⊤"
|
||||
| .mk x => show' x⟩
|
||||
|
||||
instance {α β : Type*} {ks : List α} [Showable α] [Showable β] :
|
||||
Showable (FiniteMap α β ks) :=
|
||||
⟨fun fm =>
|
||||
"{" ++ (FiniteMap.toList fm).foldr
|
||||
(fun p rest => show' p.1 ++ " ↦ " ++ show' p.2 ++ ", " ++ rest) ""
|
||||
++ "}"⟩
|
||||
|
||||
end Spa
|
||||
102
lean/Spa/Transformation/Licm.lean
Normal file
102
lean/Spa/Transformation/Licm.lean
Normal file
@@ -0,0 +1,102 @@
|
||||
import Spa.Analysis.Reaching
|
||||
import Spa.Language.Tagged.Graphs
|
||||
|
||||
/-!
|
||||
# Finding loop-invariant assignments (LICM groundwork)
|
||||
|
||||
This wires the **reaching-definitions** analysis (`Spa/Analysis/Reaching.lean`)
|
||||
to the **tagged AST** to *find* — not yet move — assignments inside a `while`
|
||||
loop whose right-hand side depends only on definitions made *outside* the loop.
|
||||
These are the candidates a later LICM pass could hoist.
|
||||
|
||||
The pipeline, for each assignment immediately enclosed by a loop:
|
||||
|
||||
1. locate its CFG state via the tagged-graph bridge (`Program.stateOfNodeId`);
|
||||
2. read the reaching definitions at the assignment's *entry*
|
||||
(`joinForKey s result` — the join over predecessors, i.e. before the
|
||||
assignment itself runs);
|
||||
3. union the definition sets of the RHS variables;
|
||||
4. map each definition site back to its `RawId` (`Program.nodeIdOf`) and check
|
||||
it is **not** inside the loop body (structural `subtreeIds` membership).
|
||||
|
||||
If every reaching definition of every RHS variable lies outside the loop, the
|
||||
assignment is reported as loop-invariant. This is the first-order check ("all
|
||||
reaching definitions outside the loop"); transitive/iterated invariance and the
|
||||
actual hoisting are out of scope here.
|
||||
-/
|
||||
|
||||
namespace Spa
|
||||
|
||||
namespace LicmTransformation
|
||||
|
||||
open Forward
|
||||
|
||||
/-- An assignment found inside a loop, paired with the data needed to test its
|
||||
invariance against that (immediately enclosing) loop. -/
|
||||
structure Candidate (prog : Program) where
|
||||
/-- The enclosing `whileLoop`'s tag (for reporting). -/
|
||||
loopId : prog.NodeId
|
||||
/-- Every node id inside the loop body (the "is-child-of-loop" set). -/
|
||||
bodyIds : List prog.NodeId
|
||||
/-- The assignment `BasicStmt`'s tag — what labels its CFG node. -/
|
||||
assignId : prog.NodeId
|
||||
/-- The variables read by the assignment's RHS. -/
|
||||
rhsVars : List String
|
||||
|
||||
/-- Collect every assignment together with its *immediately enclosing* loop.
|
||||
`enclosing` carries the current loop's tag and body id-set, or `none` outside any
|
||||
loop (in which case assignments are skipped — only in-loop assignments are
|
||||
candidates). -/
|
||||
def collectCandidates (prog : Program) (enc : Option (prog.NodeId × List prog.NodeId)) :
|
||||
Stmt.Tagged prog.NodeId → List (Candidate prog)
|
||||
| .basic _ bs =>
|
||||
match bs, enc with
|
||||
| .assign t _ e, some (loopId, bodyIds) =>
|
||||
[{ loopId := loopId, bodyIds := bodyIds, assignId := t,
|
||||
rhsVars := e.erase.vars.sort (· ≤ ·) }]
|
||||
| _, _ => []
|
||||
| .andThen _ a b => collectCandidates prog enc a ++ collectCandidates prog enc b
|
||||
| .ifElse _ _ a b => collectCandidates prog enc a ++ collectCandidates prog enc b
|
||||
| .whileLoop loopT _ body =>
|
||||
collectCandidates prog (some (loopT, body.subtreeIds)) body
|
||||
|
||||
/-- Read the definition set assigned to variable `k`, or `⊥` if absent. -/
|
||||
def lookupDef (prog : Program) (vs : VariableValues (DefSet prog) prog)
|
||||
(k : String) : DefSet prog :=
|
||||
if h : FiniteMap.MemKey k vs then (FiniteMap.locate h).1 else ⊥
|
||||
|
||||
/-- The AST node ids marked as definition sites in a `DefSet`. With the
|
||||
`Finset`-of-AST-ids lattice these are just the elements of the set. -/
|
||||
def defSites (prog : Program) (d : DefSet prog) : List prog.NodeId :=
|
||||
(List.finRange prog.size).filter (fun i => decide (i ∈ d))
|
||||
|
||||
/-- Is the candidate assignment loop-invariant: do all reaching definitions of
|
||||
its RHS variables lie outside the loop body? Reaching sets are now keyed by AST
|
||||
node id, so we compare against the loop-body ids directly (embedding the raw
|
||||
body ids into `p.NodeId`). -/
|
||||
def isInvariant (prog : Program) (c : Candidate prog) : Bool :=
|
||||
match prog.stateOfNodeId c.assignId with
|
||||
| none => false
|
||||
| some s =>
|
||||
let entry := joinForKey s (result (DefSet prog) prog)
|
||||
let combined : DefSet prog :=
|
||||
c.rhsVars.foldl (fun acc k => acc ⊔ lookupDef prog entry k) ⊥
|
||||
(defSites prog combined).all (fun nid => ! decide (nid ∈ c.bodyIds))
|
||||
|
||||
/-- The loop-invariant assignments of `prog`, as `(loopId, assignId)` pairs. -/
|
||||
def licmCandidates (prog : Program) : List (prog.NodeId × prog.NodeId) :=
|
||||
(collectCandidates prog none prog.taggedFin).filterMap (fun c =>
|
||||
if isInvariant prog c then some (c.loopId, c.assignId) else none)
|
||||
|
||||
/-- A human-readable report of the loop-invariant assignments. -/
|
||||
def output (prog : Program) : String :=
|
||||
match licmCandidates prog with
|
||||
| [] => "no loop-invariant assignments found"
|
||||
| cands =>
|
||||
"loop-invariant assignments (loop ↦ assignment):\n" ++
|
||||
String.intercalate "\n"
|
||||
(cands.map (fun p => s!" loop #{p.1.val}: assignment #{p.2.val}"))
|
||||
|
||||
end LicmTransformation
|
||||
|
||||
end Spa
|
||||
95
lean/lake-manifest.json
Normal file
95
lean/lake-manifest.json
Normal file
@@ -0,0 +1,95 @@
|
||||
{"version": "1.1.0",
|
||||
"packagesDir": ".lake/packages",
|
||||
"packages":
|
||||
[{"url": "https://github.com/leanprover-community/mathlib4",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "",
|
||||
"rev": "5269898d6a51d047931107c8d72d934d8d5d3753",
|
||||
"name": "mathlib",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "v4.17.0",
|
||||
"inherited": false,
|
||||
"configFile": "lakefile.lean"},
|
||||
{"url": "https://github.com/leanprover-community/plausible",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "c708be04267e3e995a14ac0d08b1530579c1525a",
|
||||
"name": "plausible",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "main",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"},
|
||||
{"url": "https://github.com/leanprover-community/LeanSearchClient",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "0c169a0d55fef3763cfb3099eafd7b884ec7e41d",
|
||||
"name": "LeanSearchClient",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "main",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"},
|
||||
{"url": "https://github.com/leanprover-community/import-graph",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "0447b0a7b7f41f0a1749010db3f222e4a96f9d30",
|
||||
"name": "importGraph",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "main",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"},
|
||||
{"url": "https://github.com/leanprover-community/ProofWidgets4",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "799f6986de9f61b784ff7be8f6a8b101045b8ffd",
|
||||
"name": "proofwidgets",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "v0.0.52",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.lean"},
|
||||
{"url": "https://github.com/leanprover-community/aesop",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "56a2c80b209c253e0281ac4562a92122b457dcc0",
|
||||
"name": "aesop",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "master",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"},
|
||||
{"url": "https://github.com/leanprover-community/quote4",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "95561f7a5811fae6a309e4a1bbe22a0a4a98bf03",
|
||||
"name": "Qq",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "master",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"},
|
||||
{"url": "https://github.com/leanprover-community/batteries",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover-community",
|
||||
"rev": "efcc7d9bd9936ecdc625baf0d033b60866565cd5",
|
||||
"name": "batteries",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "main",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"},
|
||||
{"url": "https://github.com/leanprover/lean4-cli",
|
||||
"type": "git",
|
||||
"subDir": null,
|
||||
"scope": "leanprover",
|
||||
"rev": "e7fd1a415c80985ade02a021172834ca2139b0ca",
|
||||
"name": "Cli",
|
||||
"manifestFile": "lake-manifest.json",
|
||||
"inputRev": "main",
|
||||
"inherited": true,
|
||||
"configFile": "lakefile.toml"}],
|
||||
"name": "spa",
|
||||
"lakeDir": ".lake"}
|
||||
14
lean/lakefile.toml
Normal file
14
lean/lakefile.toml
Normal file
@@ -0,0 +1,14 @@
|
||||
name = "spa"
|
||||
defaultTargets = ["Spa"]
|
||||
|
||||
[[require]]
|
||||
name = "mathlib"
|
||||
git = "https://github.com/leanprover-community/mathlib4"
|
||||
rev = "v4.17.0"
|
||||
|
||||
[[lean_lib]]
|
||||
name = "Spa"
|
||||
|
||||
[[lean_exe]]
|
||||
name = "spa"
|
||||
root = "Main"
|
||||
1
lean/lean-toolchain
Normal file
1
lean/lean-toolchain
Normal file
@@ -0,0 +1 @@
|
||||
leanprover/lean4:v4.17.0
|
||||
Reference in New Issue
Block a user