现在,证明窗口如下所示:
1 subgoals
Case := "WHILE" : String.string
b : bexp
c : com
IHc : forall st' st : state,
optimize_0plus_com c / st || st' -> c / st || st'
st : state
st' : state
st'' : state
H0 : optimize_0plus_com c / st || st'
IHceval1 : optimize_0plus_com c = optimize_0plus_com (WHILE b DO c END) ->
(WHILE b DO c END) / st || st'
H : beval st (optimize_0plus_bexp b) = true
Heqloopdef : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
optimize_0plus_com (WHILE b DO c END)
H1 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) / st' || st''
IHceval2 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
optimize_0plus_com (WHILE b DO c END) ->
(WHILE b DO c END) / st' || st''
______________________________________(1/1)
(WHILE b DO c END) / st || st''
我觉得这应该是相当容易证明的,但我只是看不出怎么做。上下文中的IHceval假设接近我的需要,但它们并不完全匹配。有人可以帮助我吗?
答案 0 :(得分:2)
以下是我解决它的方法:
apply E_WhileLoop with st'.
rewrite <- optimize_0plus_bexp_sound in H.
assumption.
apply IHc.
assumption.
apply IHceval2.
(*Look at the definition below*) reflexivity.
rewrite <- optimize_0plus_bexp_sound in H.将H转为beval st b = true为什么反身性有效,这里是optimize_0plus_com的定义:
* match c with
| SKIP => SKIP
| i ::= a => i ::= optimize_0plus_aexp a
| c1;; c2 => optimize_0plus_com c1;; optimize_0plus_com c2
| IFB b THEN c1 ELSE c2 FI =>
IFB optimize_0plus_bexp b THEN optimize_0plus_com c1
ELSE optimize_0plus_com c2 FI
| ********WHILE b DO c0 END =>
WHILE optimize_0plus_bexp b DO optimize_0plus_com c0 END