76403367ba
This PR removes superfluous `Monad` instances from the spec lemmas of the `MonadExceptOf` lifting framework. It also adds a bit of documentation and more tracing to `mvcgen`. Fixes #10564.
32 lines
1 KiB
Text
32 lines
1 KiB
Text
import Std.Tactic.Do
|
|
open Std.Do
|
|
|
|
set_option mvcgen.warning false
|
|
|
|
structure Supply where
|
|
counter : Nat
|
|
limit : Nat
|
|
property : counter ≤ limit
|
|
|
|
def mkFreshN2 (n : Nat) : ExceptT Char (EStateM String Supply) (List Nat) := do
|
|
let mut acc := #[]
|
|
for _ in [:n] do
|
|
let supply ← get
|
|
if h : supply.counter = supply.limit then
|
|
throwThe String s!"Supply exhausted: {supply.counter} = {supply.limit}"
|
|
else
|
|
let n := supply.counter
|
|
have := supply.property
|
|
set {supply with counter := n + 1, property := by omega}
|
|
acc := acc.push n
|
|
pure acc.toList
|
|
|
|
theorem mkFreshN2_spec2 (n : Nat) :
|
|
⦃⌜True⌝⦄
|
|
mkFreshN2 n
|
|
⦃post⟨fun r => ⌜r.Nodup⌝, fun _ => ⌜False⌝, fun _msg state => ⌜state.counter = state.limit⌝⟩⦄ := by
|
|
mvcgen [mkFreshN2] invariants
|
|
· post⟨fun ⟨xs, acc⟩ state => ⌜(∀ n ∈ acc, n < state.counter) ∧ acc.toList.Nodup⌝,
|
|
fun _ => ⌜False⌝,
|
|
fun _msg state => ⌜state.counter = state.limit⌝⟩
|
|
with grind
|