(** * Imp: Simple Imperative Programs *) (** A _simple imperative programming language_ called Imp, embodying a tiny core fragment of languages such as C and Java. Here is a familiar mathematical function written in Imp. Z := X; Y := 1; while Z <> 0 do Y := Y * Z; Z := Z - 1 end *) Set Warnings "-notation-overridden,-parsing,-deprecated-hint-without-locality". From Coq Require Import Bool.Bool. From Coq Require Import Init.Nat. From Coq Require Import Arith.Arith. From Coq Require Import Arith.EqNat. Import Nat. From Coq Require Import Lia. From Coq Require Import Lists.List. Import ListNotations. From Coq Require Import Strings.String. From LF Require Import Maps. Set Default Goal Selector "!". Close Scope string_scope. (* ################################################################# *) (** * Arithmetic and Boolean Expressions *) (** Imp in three parts: 1. a core language of _arithmetic and boolean expressions_, 2. an extension of these with _variables_ 3. a language of _commands_ including assignment, conditionals, sequencing, and loops. *) (* ================================================================= *) (** ** Syntax *) Module AExp. (** These two definitions specify the _abstract syntax_ of arithmetic and boolean expressions. *) Inductive aexp : Type := | ANum (n : nat) | APlus (a1 a2 : aexp) | AMinus (a1 a2 : aexp) | AMult (a1 a2 : aexp). Check nat_ind. Check aexp_ind. Inductive bexp : Type := | BTrue | BFalse | BEq (a1 a2 : aexp) | BNeq (a1 a2 : aexp) | BLe (a1 a2 : aexp) | BGt (a1 a2 : aexp) | BNot (b : bexp) | BAnd (b1 b2 : bexp). Check true. Check Datatypes.true. Locate true. (** For comparison, here's a conventional BNF (Backus-Naur Form) grammar defining the same abstract syntax: a := nat | a + a | a - a | a * a b := true | false | a = a | a <> a | a <= a | a > a | ~ b | b && b *) (* ================================================================= *) (** ** Evaluation *) Fixpoint aeval (a : aexp) : nat := match a with | ANum n => n | APlus a1 a2 => (aeval a1) + (aeval a2) | AMinus a1 a2 => (aeval a1) - (aeval a2) | AMult a1 a2 => (aeval a1) * (aeval a2) end. Example test_aeval1: aeval (APlus (ANum 2) (ANum 2)) = 4. Proof. simpl. reflexivity. Qed. Fixpoint beval (b : bexp) : bool := match b with | BTrue => true | BFalse => false | BEq a1 a2 => (aeval a1) =? (aeval a2) | BNeq a1 a2 => negb ((aeval a1) =? (aeval a2)) | BLe a1 a2 => (aeval a1) <=? (aeval a2) | BGt a1 a2 => negb ((aeval a1) <=? (aeval a2)) | BNot b1 => negb (beval b1) | BAnd b1 b2 => andb (beval b1) (beval b2) end. (* ================================================================= *) (** ** Optimization *) Fixpoint optimize_0plus (a:aexp) : aexp := match a with | ANum n => ANum n | APlus (ANum 0) e2 => optimize_0plus e2 | APlus e1 e2 => APlus (optimize_0plus e1) (optimize_0plus e2) | AMinus e1 e2 => AMinus (optimize_0plus e1) (optimize_0plus e2) | AMult e1 e2 => AMult (optimize_0plus e1) (optimize_0plus e2) end. Example test_optimize_0plus: optimize_0plus (APlus (ANum 2) (APlus (ANum 0) (APlus (ANum 0) (ANum 1)))) = APlus (ANum 2) (ANum 1). Proof. simpl. reflexivity. Qed. Theorem aeval_APlus : forall a1 a2, aeval (APlus a1 a2) = aeval a1 + aeval a2. Proof. reflexivity. Qed. Theorem optimize_0plus_sound: forall a, aeval (optimize_0plus a) = aeval a. Proof. intros a. induction a. - (* ANum *) simpl. reflexivity. - (* APlus *) simpl. destruct a1 eqn:Ea1. + (* a1 = ANum n *) simpl. destruct n eqn:En. * (* n = 0 *) simpl. apply IHa2. * (* n <> 0 *) simpl. rewrite IHa2. reflexivity. + (* a1 = APlus a1_1 a1_2 *) try rewrite IHa1. rewrite aeval_APlus. rewrite IHa1. rewrite IHa2. reflexivity. + (* a1 = AMinus a1_1 a1_2 *) rewrite aeval_APlus. rewrite IHa1. rewrite IHa2. reflexivity. + (* a1 = AMult a1_1 a1_2 *) simpl. simpl in IHa1. rewrite IHa1. rewrite IHa2. reflexivity. - (* AMinus *) simpl. rewrite IHa1. rewrite IHa2. reflexivity. - (* AMult *) simpl. rewrite IHa1. rewrite IHa2. reflexivity. Qed. (* ################################################################# *) (** * Coq Automation *) (* ================================================================= *) (** ** Tacticals *) (* ----------------------------------------------------------------- *) (** *** The [try] Tactical *) Theorem silly1 : forall (P : Prop), P -> P. Proof. intros P HP. try reflexivity. (* Plain [reflexivity] would have failed. *) apply HP. (* We can still finish the proof in some other way. *) Qed. Theorem silly2 : forall ae, aeval ae = aeval ae. Proof. try reflexivity. (* This just does [reflexivity]. *) Qed. (* ----------------------------------------------------------------- *) (** *** The [;] Tactical (Simple Form) *) Lemma foo : forall n, 0 <=? n = true. Proof. intros. destruct n; simpl; try reflexivity. Qed. Theorem optimize_0plus_sound': forall a, aeval (optimize_0plus a) = aeval a. Proof. intros a. induction a; (* Most cases follow directly by the IH... *) try (simpl; rewrite IHa1; rewrite IHa2; reflexivity). (* ... but the remaining cases -- ANum and APlus -- are different: *) - (* ANum *) reflexivity. - (* APlus *) destruct a1 eqn:Ea1; (* Again, most cases follow directly by the IH: *) try (simpl; simpl in IHa1; rewrite IHa1; rewrite IHa2; reflexivity). + (* a1 = ANum n *) destruct n eqn:En; simpl; rewrite IHa2; reflexivity. Qed. Theorem optimize_0plus_sound'': forall a, aeval (optimize_0plus a) = aeval a. Proof. intros a. induction a; (* Most cases follow directly by the IH *) try (simpl; rewrite IHa1; rewrite IHa2; reflexivity); (* ... or are immediate by definition *) try reflexivity. (* The interesting case is when a = APlus a1 a2. *) - (* APlus *) destruct a1; try (simpl; simpl in IHa1; rewrite IHa1; rewrite IHa2; reflexivity). + (* a1 = ANum n *) destruct n; simpl; rewrite IHa2; reflexivity. Qed. (* ----------------------------------------------------------------- *) (** *** The [repeat] Tactical *) (** The [repeat] tactical takes another tactic and keeps applying this tactic until it fails or until it succeeds but doesn't make any progress. Here is an example proving that [10] is in a long list using [repeat]. *) Theorem In10 : In 10 [1;2;3;4;5;6;7;8;9;10]. Proof. repeat (try (left; reflexivity); right). Qed. Theorem In10' : In 10 [1;2;3;4;5;6;7;8;9;10]. Proof. repeat simpl. repeat (left; reflexivity). repeat (right; try (left; reflexivity)). Qed. Theorem repeat_loop : forall (m n : nat), m + n = n + m. Proof. intros m n. (* repeat rewrite Nat.add_comm. *) Admitted. (** **** Exercise: 3 stars, standard (optimize_0plus_b_sound) Since the [optimize_0plus] transformation doesn't change the value of [aexp]s, we should be able to apply it to all the [aexp]s that appear in a [bexp] without changing the [bexp]'s value. Write a function that performs this transformation on [bexp]s and prove it is sound. Use the tacticals we've just seen to make the proof as short and elegant as possible. *) Fixpoint optimize_0plus_b (b : bexp) : bexp (* REPLACE THIS LINE WITH ":= _your_definition_ ." *). Admitted. Theorem optimize_0plus_b_sound : forall b, beval (optimize_0plus_b b) = beval b. Proof. (* FILL IN HERE *) Admitted. (** [] *)