1- Proving Total Corectness All-Path Reachability Claims
1+ Proving Total Correctness All-Path Reachability Claims
22=====================================================
33
4- This document details Total Corectness All-Path Reachability.
4+ This document details Total Correctness All-Path Reachability.
55
6- _ Prepared by Traian Șerbănuță, based on [ proving All-Path Reachability
7- claims] ( 2019-03-28-All-Path-Reachability-Proofs.md ) _
6+ _ Prepared by Traian Șerbănuță and Virgil Șerbănuță,
7+ based on [ proving All-Path Reachability claims] ( 2019-03-28-All-Path-Reachability-Proofs.md ) _
88
99Definitions
1010-----------
@@ -188,7 +188,7 @@ Nevertheless, before continuing, let
188188us give an example of a system and property for which the above construction is
189189not a fixpoint.
190190
191- #### Counterexample for `⟦AF ϕ⟧ = ⋁ₙGⁿ(∅)`
191+ ### Counterexample for `⟦AF ϕ⟧ = ⋁ₙGⁿ(∅)`
192192
193193Consider the following K theory
194194
@@ -205,10 +205,10 @@ It is easy to see that any trace originating in `x` will reach `0` in a finite
205205number of steps. However, there is no bound on the number of steps needed for `x`
206206to reach `0`.
207207
208- ### Total corectness all-path reachability claims
208+ ### Total correctness all-path reachability claims
209209
210- Given this definition of all-path finally, a total correctness all-path
211- reachability claim is of the form
210+ Given the definition of all-path finally discussed in the section above,
211+ a total correctness all-path reachability claim is of the form
212212```
213213∀x.φ(x) → AF ∃z.ψ(x,z)
214214```
@@ -230,19 +230,19 @@ Given a set of reachability claims, of the form `∀x.φ(x) → AF ∃z.ψ(x,z)`
230230we are trying to prove all of them together, by well-founded induction on a
231231given `measure` defined on the quantified variables `x`.
232232
233- The well-founded induction argument requiring the `measure` to decrease before
234- applying a claim as an induction hypothesis replaces the coinductive argument
235- requiring that progress is made before applying a circularity.
233+ The well-founded induction argument, which requires the `measure` to decrease before
234+ applying a claim as an induction hypothesis, will replace the coinductive argument,
235+ which requires that progress is made before applying a circularity.
236236
237237## Proposal of syntax changes
238238
239239- claims need to mention the other claims (including themselves) which are
240240 needed to complete their proof; this induces a dependency relation
241241- claims which are part of a dependency cycle (including self-dependencies)
242242 would need to be specified together as a "claim group"
243- - a claim group would need to provide a metric on their input variables, which
244- would be used as part of the decreasingness guard whenever one tries to apply
245- a claim from the group during the proof of one the claims in the group
243+ - a claim group would need to provide a metric on their input variables;
244+ this metric must decrease whenever one tries to apply a claim from the group
245+ while proving a claim from the same group
246246
247247A claim group would be something like
248248```
@@ -267,12 +267,13 @@ variables would need to be implemented.
267267
268268## Approach
269269
270- For the algorithms derived by the present approach, please see next section.
270+ For the algorithms derived from the present approach, please check the next section.
271271
272272Assume we want to prove a group of claims defined over the same set of variables
273- `x`. Further assume that all claims not in group on which these claims depend
274- have already been proven. Assume also a given integer pattern `measure(x)`,
275- over the same variables as the claims in the group.
273+ `x`. Further assume that all other claims (which are not in the current group)
274+ on which these claims depend have already been proven.
275+ Assume also a given integer pattern `measure(x)`, over the same variables as
276+ the claims in the group.
276277
277278Since we're proving all claims together, we can gather them in a single goal,
278279`P(x) ::= (φ₁(x) → AF ∃z.ψ₁(x,z)) ∧ ... ∧ (φₙ(x) → AF ∃z.ψₙ(x,z))`.
@@ -322,7 +323,8 @@ allows their term part `t` to be undefined.
322323
323324_Extended constructor patterns_ will be those extended function-like patterns
324325for which `t` is a functional term, composed out of constructor-like symbols
325- and variables.
326+ and variables. This definition can be extended to include AC constructors, e.g.
327+ map concatenation
326328
327329
328330__Note:__
0 commit comments