-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add simple bisimulation prover #1933
Conversation
This change adds command `prove_bisim` that proves that two terms simulate eachother. Given a relation `rel`, term `lhs`, and term `rhs`, the prover considers `lhs` and `rhs` bisimilar when: ``` forall s1 s2 in out. rel (s1, out) (s2, out) -> rel (lhs (s1, in)) (rhs (s2, in)) ```
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does what it advertises, so I'm happy with this. I've left a number of suggestions inline, but some of these suggestions may not be applicable, as I'm not completely sure how the bisimulation prover is intended to be used in future work.
As a high-level suggestion: my understanding is that it took a fair bit of discussion and thought to arrive at the current design for the bisimulation prover. I think it would be helpful to capture some of that discussion in a Note somewhere in the comments, including some examples of other design possibilities that were rejected (and with reasons why they were rejected).
Co-authored-by: Ryan Scott <[email protected]>
This change adds command
prove_bisim
that proves that two terms simulate eachother. Given a relationrel
, termlhs
, and termrhs
, the prover considerslhs
andrhs
bisimilar when: