Skip to content
This repository was archived by the owner on Mar 29, 2021. It is now read-only.

[WIP] queue: add more functions#12

Draft
pascutto wants to merge 4 commits intovocal-project:masterfrom
pascutto:queue
Draft

[WIP] queue: add more functions#12
pascutto wants to merge 4 commits intovocal-project:masterfrom
pascutto:queue

Conversation

@pascutto
Copy link
Collaborator

@pascutto pascutto commented Mar 5, 2020

No description provided.

@mariojppereira
Copy link
Collaborator

mariojppereira commented Mar 5, 2020

Thanks @pascutto , this is really nice :)

However, we will not be able to complete the refinement proof because of the transfer function.

I reported this in Issue #10.

@mariojppereira mariojppereira self-requested a review March 5, 2020 17:32
@mariojppereira
Generation of [disjoint] separation predicates (wip)
83afca3
@mariojppereira
Generation of [disjoint] separation predicates (wip)
62b505d 
For the moment, we only generate a precondition with [disjoint]
if a function has two represented arguments of the same type.

TODO:
  1. Extend the generation of the [disjoint] predication for an
     arbitrary number of represented arguments
  2. Check the [modifies] clause in order to generate the correct
     set of [disjoint] preconditions. Example: consider the following
     GOSPEL specification:
       val f : 'a t -> 'a t -> 'a t -> unit
       (*@ f x y z
             modifies x
             requires P
             ensures  Q *)
     where ['a t] is some represented type. For this case, we should
     generate the following WhyML declaration:
       val f (x y z: t 'a) : unit
         requires { disjoint_t x y }
         requires { disjoint_t x z }
         writes   { x }
         requires { P }
         ensures  { Q }
     Let me explain: since argument [x] is listed in [modifies],
     it must be disjoint of any other argument of type ['a t].
     Otherwise, if [x] was not disjoint of [y] or [z], either [y]
     or [z] could be aliased with [x], hence modified by [f]. On
     the other hand, since [y] and [z] are read-only arguments,
     they do not need to be disjoint from each other.
@mariojppereira
Cosmetic
88fc434
@mariojppereira
Copy link
Collaborator

mariojppereira commented Apr 5, 2020

Commit 62b505d is a first draft on the generation of the disjoint predicates (#10).

@pascutto I believe you can use this to complete the proof of refinement of the Queue implementation. This is still work in progress, but it covers the necessary use case of the transfer operation.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mariojppereira mariojppereira Awaiting requested review from mariojppereira

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pascutto @mariojppereira