Unary VC Tactics #
User-facing unary VCGen tactics and finish passes.
Unary VC tactics #
vcstep applies one quantitative VCGen step to a Triple, raw wp, or probability goal.
For Triple goals: decomposes a bind via triple_bind and automatically tries to close
the spec subgoal using hypotheses in the local context, with backward WP fallback.
Also handles ite/dite splitting, match case analysis, loop invariant auto-detection
from context, and WP-rule unfolding, including simulateQ ... run'.
After the built-in leaf rules, it may also use user-authored @[vcspec] lemmas whose
registered head symbol matches the current computation.
For Pr[ ...] = 1 and lower-bound goals such as r ≤ Pr[ p | oa]: automatically lowers the
goal into a Triple form.
For Pr[ ...] = Pr[ ...] goals: tries bind-swap (probEvent_bind_bind_swap), bind
congruence (probOutput_bind_congr / probEvent_bind_congr), swap-then-congr,
or an exact-probOutput bridge into relational VCGen.
Handles up to 2 layers of tsum peeling for nested swaps.
For other general Pr[ ...] goals: rewrites to raw wp form and keeps stepping structurally
when a wp rule applies, rather than immediately exiting the VCGen pipeline.
Variants:
vcstep using cutfor an explicit intermediate postcondition.vcstep with thmto force a specific unary theorem/assumption step.vcstep inv Ito apply a loop invariantIto areplicate/foldlM/mapMgoal.vcstep rwto perform one explicit top-level probability-equality rewrite step.vcstep rw under nto rewrite one bind-swap undernshared bind prefixes.vcstep rw congrto expose one shared bind plus its support hypothesis.vcstep rw congr'to expose one shared bind without a support hypothesis.
Use @[vcspec] on unary Triple or raw wp theorems to opt them into bounded lookup.
Instances For
vcgen exhaustively decomposes a Triple, raw wp, or probability goal
with spec-aware stepping.
Accepts Triple goals, raw wp goals, lower-bound / exact probability goals, and
Pr[ ...] = Pr[ ...] equality goals. Probability goals are automatically lowered or
dispatched (swap/congr) before structural decomposition continues.
Enhancements over simple structural decomposition:
- Lowers
Pr[ ...]goals intoTripleor rawwpform before decomposition - Bridges exact
Pr[= x | oa] = Pr[= x | ob]goals into relational VCGen when helpful - After bind decomposition, tries to close spec subgoals from local context
- Falls back to backward WP (
triple_bind_wp) when no spec is available - Splits
ite/diteconditionals into branch goals with hypotheses - Case-splits
matchexpressions on their discriminants - Auto-detects loop invariants from context for
replicate/foldlM/mapM - Keeps decomposing across all open goals after branch splits
- Understands
simulateQandsimulateQ ... run'through the unary WP rules - Normalizes remaining
wpterms and indicator arithmetic via simp - Finishes with bounded local consequence search on closed goals
Typical usage: bring specs into context with have or as function parameters, then
call vcgen to automatically decompose and apply them.
Variants:
vcgen using cutperforms one explicit bind step with intermediate postconditioncut, then continues with exhaustive decomposition on all resulting goals.vcgen inv Iapplies an explicit loop invariantIto the firstreplicate/foldlM/mapMgoal, then continues with exhaustive decomposition.
Instances For
exp_norm normalizes expectation / indicator arithmetic in the current goal.
Rewrites using linearity of expectation (wp_add, wp_mul_const), indicator algebra
(propInd_true, propInd_false, propInd_and), and standard WP step rules.
Instances For
by_hoare transforms a probability goal into a quantitative WP goal.