Require Import BenB.Require Import BenB2.(* ==============================

1. Require Import BenB.
2. Require Import BenB2.
3.  
4. (* ====================================================================== *)
5.  
6. (*
7. Title:
8. ======
9. Authors:
10. [
11. Daniel Anthes s...,
12. Sean Gies s...,
13. Eddie the Eagle s..,
14. Nick Stracke s4771192
15. ]
16. *)
17.  
18. (* ====================================================================== *)
19.  
20. (*
21. [
22. This file has to be a valid script, meaning that it
23. can be executed by Coq.
24. Therefore, explanations in natural language have to be between
25. comment markers.
26.  
27. In this project template, text within square brackets (within
28. comment markers) is intended to clarify what needs to be
29. written where.
30.  
31. In the final version, we expect that all these blocks have been
32. replaced by (your) proper content.
33. ]
34.  
35. *)
36.  
37. (*
38. Abstract:
39. =========
40. [
41. For the intermediate version of this project:
42. Explain briefly which perspective of which artifact will be
43. studied and why this topic has been chosen.
44. ]
45.  
46. [
47. And for the final version of this project:
48. Explain whether you managed to prove the correctness theorem.
49. And how did that go: did you have to change a lot compared to
50. the intermediate version, or could you use your formalization
51. without many modifications?
52. ]
53.  
54. *)
55.  
56. (*
57. Focus:
58.  
59. Modeling Goal:
60. ==============
61. [ Verification model / Demonstration model / Construction model ]
62.  
63.  
64. Fragment of reality:
65. ====================
66. [ ... ]
67.  
68.  
69. Perspective:
70. ============
71. [ ... ]
72.  
73. *)
74.  
75.  
76. (*
77. Abstractions or simplifications:
78. ================================
79. [
80. Depending on the chosen focus, you may simplify certain aspects of
81. your artifact.
82. If you are modeling some kind of home automation system, it is not
83. unreasonable to assume that the net power is constant, although this
84. is not exactly the case in reality. However, if you are modeling an
85. artifact that protects against high peaks of power, these fluctuations
86. should be part of the model.
87.  
88. Write down explicitly which assumptions you have made to simplify
89. the artifact.
90. ]
91.  
92. *)
93.  
94. (* ====================================================================== *)
95.  
96. (* Domain model *)
97.  
98. (* Domains (including their meaning) *)
99.  
100. Definition T := R.
101. (* Time *)
102.  
103. Variable B : Set.
104. (* Buttons of the equalizer *)
105.  
106. Definition D := R.
107. (* Durations of songs *)
108.  
109.  
110. (* Constants (including their meaning) *)
111.  
112.  
113. (* Functions (including their meaning) *)
114.  
115. (* Predicates (including their meaning and measurements) *)
116.  
117. Variable vinyl_on (* t *) : T -> Prop.
118. (* vinyl is on the platter at time t *)
119. (* look at the turn table *)
120.  
121. Variable move_arm_in_position (* t *) : T -> Prop.
122. (* move arm over the platter at time t *)
123. (* look if the arm starts moving at time t *)
124.  
125.  
126. Variable power_in : Prop.
127. (* A voltage of 230V is being supplied to the powerstrip *)
128. (* Use a multimeter to measure the voltage *)
129.  
130. Variable eq_button_pushed (* b *) : B -> T -> Prop.
131. (* button b of the equalizer is pushed in *)
132. (* look if button b is pushed in *)
133.  
134. Variable ls_out_eq (* t *) : T -> Prop.
135. (* There is an equalized audio signal coming out of the left speaker *)
136. (* Listen if there is an audio signal *)
137.  
138. Variable ls_out_uneq (* t *) : T -> Prop.
139. (* There is an unequalized audio signal coming out of the left speaker *)
140. (* Listen if there is an audio signal *)
141.  
142. Variable rs_out_eq (* t *) : T -> Prop.
143. (* There is an equalized audio signal coming out of the right speaker *)
144. (* Listen if there is an audio signal *)
145.  
146. Variable rs_out_uneq (* t *) : T -> Prop.
147. (* There is an unequalized audio signal coming out of the right speaker *)
148. (* Listen if there is an audio signal *)
149.  
150. Variable sub_out_eq (* t *) : T -> Prop.
151. (* There is an equalized audio signal coming out of the subwoofer *)
152. (* Listen if there is an audio signal *)
153.  
154. Variable sub_out_uneq (* t *) : T -> Prop.
155. (* There is an unequalized audio signal coming out of the subwoofer *)
156. (* Listen if there is an audio signal *)
157.  
158. Variable is_on (* t *) : T -> Prop.
159. (* The on button of the amplifier is pushed *)
160. (* Check if the button is pressed *)
161.  
162. Variable line_level (* t *) : T -> Prop.
163. (* Low level signal *)
164. (* Measure if there is an output *)
165.  
166. Variable lost_heat (* t *) : T -> Prop.
167. (* Heat leaving the amplifier *)
168. (* Feel if there is hot air leaving the amplifier *)
169.  
170. Variable line_level_high_eq :T -> Prop.
171. (* equalized, boosted signal for the speaker *)
172. (* check output *)
173.  
174. Variable line_level_high_uneq :T -> Prop.
175. (* unequalized, boosted signal for the speaker *)
176. (* check output *)
177.  
178. Variable line_level_loq_eq :T -> Prop.
179. (* equalized, boosted signal for the subwoofer *)
180. (* check output *)
181.  
182. Variable line_level_hloq_uneq :T -> Prop.
183. (* unequalized, boosted signal for the subwoofer *)
184. (* check output *)
185.  
186. Variable amp_power
187.  
188. (* ====================================================================== *)
189.  
190. (* Auxiliary predicates (including their meaning) *)
191.  
192. (*
193. [
194. At this place within this template you may define as many
195. auxiliary predicates as you want, but do not forget to include
196. their meaning.
197. ]
198. *)
199.  
200. (* ====================================================================== *)
201.  
202. (* Components *)
203.  
204. (*
205. [
206. For each component you have to specify the following information:
207.  
208. OUTSIDE comment markers:
209. - The 'Definition' to be read by Coq, in a readable layout that
210. matches the mathematical structure of the formula.
211.  
212. WITHIN comment markers:
213. - The specification of the component in natural language. Obviously,
214. this specification should be consistent with the formula used
215. by Coq.
216. - If appropriate, a short explanation in natural language about
217. the choices that have been made.
218. ]
219. *)
220.  
221. Definition Record_Player :=
222.  
223. .
224.  
225. Definition Pre_Amp :=
226.  
227. .
228.  
229. Definition Amp :=
230.  
231. .
232.  
233. Definition Left_Speaker :=
234.  
235. .
236.  
237. Definition Right_Speaker :=
238.  
239. .
240.  
241. Definition Subwoofer :=
242.  
243. .
244.  
245.  
246.  
247. (* ====================================================================== *)
248.  
249. (* Specification of the overall system *)
250.  
251. (*
252. [
253. Here you have to specify:
254.  
255. OUTSIDE comment markers:
256. - The 'Definition' to be read by Coq, in a readable layout that
257. matches the mathematical structure of the formula.
258.  
259. WITHIN comment markers:
260. - The specification of the overall system in natural language.
261. Obviously, this specification should be consistent with the
262. formula used by Coq.
263. - If appropriate, a short explanation in natural language about
264. the choices that have been made.
265. ]
266. *)
267.  
268. Definition Hifi_soundsystem_with_record_player :=
269. forall t:T,
270. vinyl_on t
271. /\
272. move_arm_in_position (t+1)
273. /\
274. power_in
275. /\
276. is_on (t+2)
277. ->
278. (
279. (
280. exists b:B,
281. eq_button_pushed b (t+2)
282. )
283. ->
284. ls_out_eq (t+2) /\ rs_out_eq (t+2) /\ sub_out_eq (t+2)
285. )
286. /\
287. (
288. (
289. ~ exists b:B,
290. eq_button_pushed b (t+2)
291. )
292. ->
293. ls_out_uneq (t+2) /\ rs_out_uneq (t+2) /\ sub_out_uneq (t+2)
294. )
295. .
296. (* ====================================================================== *)
297.  
298. (* Extras *)
299.  
300. (*
301. [
302. It is very likely that you do not need any extras!
303.  
304. However, if it turns out during your proof that you have to prove
305. several times (almost) the same, then you may define a 'Lemma' at
306. this place, followed by its proof. And in the proof of the correctness
307. theorem, you may apply this lemma several times.
308. Note that it is always allowed to add lemmas to this script!
309.  
310. Sometimes it happens that Coq has troubles with 'trivial' properties
311. of numbers, that cannot be solve easily using 'lin_solve'.
312. In such situations, you may contact your supervisor and discuss
313. whether this may be solved by adding an 'Axiom', which can also be
314. applied later on within the proof of the correctness theorem.
315. ]
316. *)
317.  
318. (* Correctness theorem *)
319.  
320. (* ====================================================================== *)
321.  
322. (*
323. [
324. Write down your correctness theorem in the usual notation:
325. Theorem CorTheorem:
326. Component1 /\ Component2 /\ ... /\ ComponentN -> SpecOfTheOverallSystem.
327.  
328. Note that for the intermediate version, you should keep this
329. theorem within comment markers, otherwise you will get a red cross
330. for stating a theorem without a proof.
331.  
332. For the final version you obviously have to remove these comment
333. markers and probide a real proof!
334. ]
335. *)
336.  
337. (*
338. Theorem CorTheorem:
339. Record_Player /\ Pre_Amp /\ Amp /\ Left_Speaker /\ Right_Speaker /\ Subwoofer /\ Powerstrip
340. ->
341. Hifi_soundsystem_with_record_player
342. .
343. *)