copilot/copilot-theorem/examples/Grey.hs at 06c4beff67fd2c8d58d66f4d0cf8e90aa4eac2fe · Copilot-Language/copilot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{-# LANGUAGE RebindableSyntax #-}

module Grey where

import Copilot.Language
import Copilot.Theorem
import Copilot.Theorem.Prover.SMT (def, Options (..), z3, kInduction, induction)

import Prelude ()
import Data.String (fromString)

intCounter :: Stream Bool -> Stream Word64
intCounter reset = time
  where
    time = if reset then 0
           else [0] ++ if time == 3 then 0 else time + 1

greyTick :: Stream Bool -> Stream Bool
greyTick reset = a && b
  where
    a = (not reset) && ([False] ++ not b)
    b = (not reset) && ([False] ++ a)

spec = do
  theorem "iResetOk"   (forAll $ r ==> (ic == 0)) induct
  theorem "eqCounters" (forAll $ it == gt) $ kinduct 3

  where
    ic = intCounter r
    it = ic == 2
    gt = greyTick r
    r  = extern "reset" Nothing

induct :: Proof Universal
induct = induction def { debug = False } z3

kinduct :: Word32 -> Proof Universal
kinduct k = kInduction def { startK = k, maxK = k, debug = False } z3