import TsmLean.Core.Semantics

namespace TsmLean.Core

/-! # Fuel-bounded executable multi-step.

`run n s₀` executes up to `n` steps from `s₀`. Returns the final state
when execution halts (step returns `none`) within fuel, or `none` when
fuel is exhausted before halting.

Soundness: any successful run corresponds to a `MultiStep` derivation
ending at a halted state — same shape as TGC/TOC's eval_sound, but
phrased over the small-step closure rather than big-step. -/

def run : Nat → State → Option State
  | 0,     _ => none
  | n + 1, s =>
      match step s with
      | none    => some s          -- halted
      | some s' => run n s'

theorem run_sound :
    ∀ (n : Nat) (s s' : State),
      run n s = some s' → MultiStep s s' ∧ step s' = none := by
  intro n
  induction n with
  | zero =>
    intros s s' heq
    simp [run] at heq
  | succ n ih =>
    intros s s' heq
    simp only [run] at heq
    cases hstep : step s with
    | none =>
      rw [hstep] at heq
      simp at heq
      subst heq
      exact ⟨.refl s, hstep⟩
    | some s_next =>
      rw [hstep] at heq
      have ⟨hMS, hHalt⟩ := ih s_next s' heq
      exact ⟨.cons hstep hMS, hHalt⟩

end TsmLean.Core