Commit 13f33068 authored by Michael Sammler's avatar Michael Sammler
Browse files

add more complicated array example for lithium

parent 1ebaee7b
Pipeline #54784 passed with stage
in 31 minutes and 27 seconds
...@@ -330,6 +330,61 @@ Section lithium. ...@@ -330,6 +330,61 @@ Section lithium.
(** Success! Lithium can automatically solve this goal now. *) (** Success! Lithium can automatically solve this goal now. *)
Qed. Qed.
(** Let's look at a more complicated version of the example that
uses the typing rule from above. In particular, let us replace the
True continuation with some code that reads from [l +ₗ i]. This is
modelled by the basic goal [typed_val_expr] that represents a typing
judgment of RefinedC. The crucial thing to notice here is that the
ownership that is not necessary to prove [l ◁ₗ myarray tys] is
automatically available to the continuation that contains the
typed_val_expr. *)
Lemma my_array_example_2 l (i : nat) tys n:
tys !! i = Some (place (l + i)) -
l ◁ₗ myarray (<[i := (n @ int i32)]> tys) -
l ◁ₗ myarray tys
typed_val_expr (use{IntOp i32} (l + i)) (λ v ty,
subsume (v ◁ᵥ ty) (v ◁ᵥ n @ int i32) (True)).
Proof.
iStartProof.
(** The goal can be solved automatically:*)
(* repeat liRStep; liShow. *)
(** But let's step through this more carefully: First, we skip to
the subsume: *)
do 7 liRStep; liShow.
(** Now we can step through how the rule from above is handled: *)
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
liRStep; liShow.
(** We end up in a state where we need to prove the continuation
and still have access to the left-over ownership from the
subsumption rule. RefinedC can automatically solve the rest. *)
repeat liRStep; liShow.
Qed.
(** Note that the example from above could come from the following C
code (the code below does not work directly with RefinedC since it e.g.
assumes that l, i and tys are globally known, but the point hopefully
still comes across):
[[rc::requires("own l : myarray tys")]]
void require_array();
[[rc::requires("{tys !! i = Some (place (l +ₗ i))}")]]
[[rc::requires("own l : myarray (<[i := (n @ int i32)]> tys)")]]
[[rc::ensures("n @ int i32")]]
int example() {
require_array();
return *(l + i);
}
*)
(*** Exercises *) (*** Exercises *)
(** 1. Write some other goals that fall in the grammar of goals and run (** 1. Write some other goals that fall in the grammar of goals and run
the Lithium interpreter on it until you have an intuition how the Lithium interpreter on it until you have an intuition how
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment