concordium
smartcontractinteractions
Commits
65b99ce6
Commit
65b99ce6
authored
Oct 13, 2019
by
Jakob Botsch Nielsen
Browse files
Prove account balances are nonnegative
parent
71b1a654
Pipeline
#13808
passed with stage
in 7 minutes and 32 seconds
theories/Blockchain.v
View file @
65b99ce6
...
...
@@ 632,6 +632,14 @@ Proof.
cbn
in
*
.
destruct_address_eq
;
congruence
.
Qed
.
Lemma
eval_amount_nonnegative
:
eval_amount
eval
>=
0.
Proof
.
now
destruct
eval
.
Qed
.
Lemma
eval_amount_le_account_balance
:
eval_amount
eval
<=
account_balance
pre
(
eval_from
eval
).
Proof
.
now
destruct
eval
.
Qed
.
End
Theories
.
Section
Trace
.
...
...
@@ 993,6 +1001,29 @@ Proof.
contract_no_created_blocks
;
auto
.
Qed
.
Lemma
account_balance_nonnegative
state
addr
:
reachable
state
>
account_balance
state
addr
>=
0.
Proof
.
intros
[
trace
].
remember
empty_state
eqn
:
eq
.
induction
trace
;
subst
;
cbn
;
try
lia
.
specialize
(
IHtrace
eq_refl
).
destruct_chain_step
.

(
*
New
block
*
)
rewrite_environment_equiv
.
cbn
.
unfold
add_balance
.
inversion
valid_header
.
destruct_address_eq
;
lia
.

(
*
Action
evaluation
*
)
rewrite
(
account_balance_post
eval
addr
).
pose
proof
(
eval_amount_nonnegative
eval
).
pose
proof
(
eval_amount_le_account_balance
eval
).
destruct_address_eq
;
subst
;
cbn
in
*
;
lia
.

now
rewrite
<
prev_next
.
Qed
.
End
Theories
.
End
Trace
.
End
Semantics
.
...
...
