At:
vc trace correctness
1
3
2
1
2
2
2
1
1
1
1
1
1
1
2
2
1
2
1
1
1.
A: ioa{i:l}()
2.
I: Fmla
3.
rho: Decl
4.
de: sig()
5.
e: {[[de]] rho}
6.
te: Label
Label
7.
tc_ioa(A;de)
8.
ioa_mentions_trace(A)
9.
trace_consistent_pred(rho;A.da;te;I)
10.
guarded_trace(A.da;te;I)
11.
tc_pred(I;A.ds; < > ;de)
12.
covers_pred(A;I)
13.
closed_pred(I)
14.
single_valued_decls(A.ds)
15.
s0: [[A]] rho de e.state
16.
x: [[A]] rho de e.state
17.
act: [[A]] rho de e.action
18.
x': [[A]] rho de e.state
19.
l: [[A]] rho de e.action List
20.
[[A]] rho de e.init(s0)
21.
trace_reachable([[A]] rho de e;s0;l;x)
22.
mk_trace_env(l, te) 
trace_env([[A.da]] rho)
23.
t: dec()
24.
t A.da
25.
t.lbl = kind(act)
26.
[[I]] rho A.ds < > de e x 
mk_trace_env(l, te)
27.
p:pre().
p A.pre
p.kind = kind(act) [[p.rel]] rho A.ds dec_lookup(A.da;kind(act)) de e x value(act) niltrace()
28.
ef:eff().
ef A.eff
ef.kind = kind(act)
x'.ef.smt.lbl = [[ef.smt.term]] 1of(e) x value(act) niltrace() [[ef.smt.typ]] rho
29.
fr:frame(). fr A.frame (kind(act) fr.acts) x'.fr.var = x.fr.var [[fr.typ]] rho
30.
l (
[[A.da]] rho) List
31.
v:vc{i:l}().
v < *vc_imp(mk_imp(A.init, I))* > 
(
a:dec(). a A.da & v = ioa_trans(A;a.lbl;I))
vc_mng(v;rho;A.ds;A.da;de;e;x;mk_trace_env(l, te))
32.
act ([[A.da]] rho)
33.
v:[[dec_lookup(A.da;kind(act))]] rho.
[[I 
action_pre(kind(act);A.pre)]] rho A.ds dec_lookup(A.da;kind(act)) de e x v mk_trace_env(l, te)
[[wp(A;kind(act);I)]] rho A.ds dec_lookup(A.da;kind(act)) de e x v tappend(mk_trace_env(l,
te); < kind(act),v > )
34.
r: rel()
35.
p: pre()
36.
p A.pre
37.
p.kind =
kind(act)
38.
r = p.rel
39.
p.kind = kind(act)
40.
[[p.rel]] rho A.ds dec_lookup(A.da;kind(act)) de e x value(act) niltrace()
rel_mentions_trace(p.rel)
By:
ParallelOp 8
THEN
Unfold `ioa_mentions_trace` 0
THEN
OrLeft
THEN
OrRight
THEN
InstConcl [p]
Generated subgoals:
None
About:
