{-# OPTIONS --rewriting #-}
module UTxOErr.Example where

open import Agda.Builtin.Equality.Rewrite

open import Prelude.Init
open import Prelude.General
open import Prelude.DecEq
open import Prelude.Decidable
open import Prelude.Lists hiding (_↦_)
open import Prelude.Lists.Dec
open import Prelude.Apartness

-- open import UTxOErr.Maps
open import Prelude.Maps
open import UTxOErr.UTxO
open import UTxOErr.Ledger
open import UTxOErr.HoareLogic
open import UTxOErr.HoareProperties
open import UTxOErr.SL
open import UTxOErr.CSL

A B C D : Address
A = ; B = ; C = ; D = 

postulate t₀ : Tx
t₀₀ = (t₀ ♯) indexed-at 
t₀₁ = (t₀ ♯) indexed-at 

postulate
  mkValidator : TxOutputRef → (TxInfo → DATA → Bool)
  in₁ : (mkValidator t₀₀) ♯ ≡ A
  in₂ : (mkValidator t₀₁) ♯ ≡ D
{-# REWRITE in₁ #-}
{-# REWRITE in₂ #-}

_—→⟨_∣_⟩_ : Address → Value → TxOutputRef → Address → Tx
A —→⟨ v ∣ or ⟩ B = record
  { inputs  = [ record { outputRef = or ; validator = mkValidator or; redeemer =  } ]
  ; outputs = [  at B ]
  ; forge   = 
  }

t₁ t₂ t₃ t₄ : Tx
-- t₀ = record {inputs = []; outputs = 1 at A ∷ 1 at D ∷ []; forge = 2}
t₁ = A —→⟨  ∣ t₀₀ ⟩ B
t₂ = D —→⟨  ∣ t₀₁ ⟩ C
postulate
  vt₁ : Resolved t₁; val₁ : T $ mkValidator t₀₀ (mkTxInfo t₁ vt₁) 
  vt₂ : Resolved t₂; val₂ : T $ mkValidator t₀₁ (mkTxInfo t₂ vt₂) 
t₁₀ = (t₁ ♯) indexed-at 
t₂₀ = (t₂ ♯) indexed-at 
postulate
  in₃ : (mkValidator t₁₀) ♯ ≡ B
  in₄ : (mkValidator t₂₀) ♯ ≡ C
{-# REWRITE in₃ #-}
{-# REWRITE in₄ #-}

t₃ = B —→⟨  ∣ t₁₀ ⟩ A
t₄ = C —→⟨  ∣ t₂₀ ⟩ D
postulate
  vt₃ : Resolved t₃; val₃ : T $ mkValidator t₁₀ (mkTxInfo t₃ vt₃) 
  vt₄ : Resolved t₄; val₄ : T $ mkValidator t₂₀ (mkTxInfo t₄ vt₄) 
t₃₀ = (t₃ ♯) indexed-at 
t₄₀ = (t₄ ♯) indexed-at 

t₁-₄ : L
t₁-₄ = t₁ ∷ t₂ ∷ t₃ ∷ t₄ ∷ []
{-
 t₀         t₁        t₃
┌──┐  t₀₀  ┌──┐ t₁₀  ┌──┐ t₃₀
│  ∙───∘───│  ∙──∘───│  ∙──∘──⋯
│  │   A   └──┘  B   └──┘  A
│  │
│  │        t₂         t₄
│  │  t₀₁  ┌──┐ t₂₀  ┌──┐ t₄₀
│  ∙───∘───│  ∙──∘───│  ∙──∘──⋯
│  │   D   └──┘  C   └──┘  D
│  ⋮
│  ⋮
└──┘
-}

open HoareReasoning

-- 1a) proof using only SL.[FRAME]
_ : ⟨ t₀₀ ↦  at A ∗ t₀₁ ↦  at D ⟩
    t₁-₄
    ⟨ t₃₀ ↦  at A ∗ t₄₀ ↦  at D ⟩
_ = begin
  t₀₀ ↦  at A ∗ t₀₁ ↦  at D ~⟨ t₁ ∶- ℝ[FRAME] (t₀₁ ↦  at D) t₁♯ (transferℝ {vtx = vt₁} val₁ refl) ⟩
  t₁₀ ↦  at B ∗ t₀₁ ↦  at D ~⟪ ∗↔ ⟩
  t₀₁ ↦  at D ∗ t₁₀ ↦  at B ~⟨ t₂ ∶- ℝ[FRAME] (t₁₀ ↦  at B) t₂♯ (transferℝ {vtx = vt₂} val₂ refl) ⟩
  t₂₀ ↦  at C ∗ t₁₀ ↦  at B ~⟪ ∗↔ ⟩
  t₁₀ ↦  at B ∗ t₂₀ ↦  at C ~⟨ t₃ ∶- ℝ[FRAME] (t₂₀ ↦  at C) t₃♯ (transferℝ {vtx = vt₃} val₃ refl) ⟩
  t₃₀ ↦  at A ∗ t₂₀ ↦  at C ~⟪ ∗↔ ⟩
  t₂₀ ↦  at C ∗ t₃₀ ↦  at A ~⟨ t₄ ∶- ℝ[FRAME] (t₃₀ ↦  at A) t₄♯ (transferℝ {vtx = vt₄} val₄ refl) ⟩
  t₄₀ ↦  at D ∗ t₃₀ ↦  at A ~⟪ ∗↔ ⟩
  t₃₀ ↦  at A ∗ t₄₀ ↦  at D ∎
  where postulate
    t₁♯ : [ t₁ ] ♯ (t₀₁ ↦  at D)
    t₂♯ : [ t₂ ] ♯ (t₁₀ ↦  at B)
    t₃♯ : [ t₃ ] ♯ (t₂₀ ↦  at C)
    t₄♯ : [ t₄ ] ♯ (t₃₀ ↦  at A)

-- 1b) proof using CSL.[INTERLEAVE]
_ : ⟨ t₀₀ ↦  at A ∗ t₀₁ ↦  at D ⟩
    t₁-₄
    ⟨ t₃₀ ↦  at A ∗ t₄₀ ↦  at D ⟩
_ = begin t₀₀ ↦  at A ∗ t₀₁ ↦  at D ~⟨ t₁-₄ ∶- ℝ[PAR] (keepˡ keepʳ keepˡ keepʳ []) H₁ H₂ ⟩++
          t₃₀ ↦  at A ∗ t₄₀ ↦  at D ∎
  where
    H₁ : ℝ⟨ t₀₀ ↦  at A ⟩ t₁ ∷ t₃ ∷ [] ⟨ t₃₀ ↦  at A ⟩
    H₁ = t₀₀ ↦  at A ~⟨ t₁ ∶- transferℝ {vtx = vt₁} val₁ refl ⟩
         t₁₀ ↦  at B ~⟨ t₃ ∶- transferℝ {vtx = vt₃} val₃ refl ⟩
         t₃₀ ↦  at A ∎

    H₂ : ℝ⟨ t₀₁ ↦  at D ⟩ t₂ ∷ t₄ ∷ [] ⟨ t₄₀ ↦  at D ⟩
    H₂ = t₀₁ ↦  at D ~⟨ t₂ ∶- transferℝ {vtx = vt₂} val₂ refl ⟩
         t₂₀ ↦  at C ~⟨ t₄ ∶- transferℝ {vtx = vt₄} val₄ refl ⟩
         t₄₀ ↦  at D ∎

{-
-- 2) overlapping proof
t₁′ = A —→⟨ 1 ⟩ B; t₂′ = C —→⟨ 1 ⟩ A
t₁₂ = L ∋ t₁′ ∷ t₂′ ∷ []

_ : ⟨ A ↦ 1 ∗ B ↦ 0 ∗ C ↦ 1 ∗ A ↦ 0 ⟩
     t₁₂
     ⟨ A ↦ 0 ∗ B ↦ 1 ∗ C ↦ 0 ∗ A ↦ 1 ⟩
_ = begin A ↦ 1 ∗ B ↦ 0 ∗ C ↦ 1 ∗ A ↦ 0     ~⟪ ∗↝ {A ↦ 1} {B ↦ 0} {C ↦ 1 ∗ A ↦ 0} ⟩
          (A ↦ 1 ∗ B ↦ 0) ∗ (C ↦ 1 ∗ A ↦ 0) ~⟨ t₁₂ ∶- ℝ[PAR] auto H₁ H₂ ⟩++
          (A ↦ 0 ∗ B ↦ 1) ∗ (C ↦ 0 ∗ A ↦ 1) ~⟪ ↜∗ {A ↦ 0} {B ↦ 1} {C ↦ 0 ∗ A ↦ 1} ⟩
          A ↦ 0 ∗ B ↦ 1 ∗ C ↦ 0 ∗ A ↦ 1     ∎
  where
    H₁ : ℝ⟨ A ↦ 1 ∗ B ↦ 0 ⟩ [ t₁′ ] ⟨ A ↦ 0 ∗ B ↦ 1 ⟩
    H₁ = mkℝ A ↝⁰ B

    H₂ : ℝ⟨ C ↦ 1 ∗ A ↦ 0 ⟩ [ t₂′ ] ⟨ C ↦ 0 ∗ A ↦ 1 ⟩
    H₂ = mkℝ C ↝⁰ A
-}