|
blanchet@35076
|
1 |
(* Title: HOL/Nitpick_Examples/Hotel_Nits.thy
|
|
blanchet@35076
|
2 |
Author: Jasmin Blanchette, TU Muenchen
|
|
blanchet@45035
|
3 |
Copyright 2010-2011
|
|
blanchet@35076
|
4 |
|
|
blanchet@35076
|
5 |
Nitpick example based on Tobias Nipkow's hotel key card formalization.
|
|
blanchet@35076
|
6 |
*)
|
|
blanchet@35076
|
7 |
|
|
blanchet@35076
|
8 |
header {* Nitpick Example Based on Tobias Nipkow's Hotel Key Card
|
|
blanchet@35076
|
9 |
Formalization *}
|
|
blanchet@35076
|
10 |
|
|
blanchet@35076
|
11 |
theory Hotel_Nits
|
|
blanchet@35076
|
12 |
imports Main
|
|
blanchet@35076
|
13 |
begin
|
|
blanchet@35076
|
14 |
|
|
blanchet@41278
|
15 |
nitpick_params [verbose, max_potential = 0, sat_solver = MiniSat_JNI,
|
|
krauss@42208
|
16 |
max_threads = 1, timeout = 240]
|
|
blanchet@35076
|
17 |
|
|
blanchet@35076
|
18 |
typedecl guest
|
|
blanchet@35076
|
19 |
typedecl key
|
|
blanchet@35076
|
20 |
typedecl room
|
|
blanchet@35076
|
21 |
|
|
wenzelm@42463
|
22 |
type_synonym keycard = "key \<times> key"
|
|
blanchet@35076
|
23 |
|
|
blanchet@35076
|
24 |
record state =
|
|
blanchet@35076
|
25 |
owns :: "room \<Rightarrow> guest option"
|
|
blanchet@35076
|
26 |
currk :: "room \<Rightarrow> key"
|
|
blanchet@35076
|
27 |
issued :: "key set"
|
|
blanchet@35076
|
28 |
cards :: "guest \<Rightarrow> keycard set"
|
|
blanchet@35076
|
29 |
roomk :: "room \<Rightarrow> key"
|
|
blanchet@35076
|
30 |
isin :: "room \<Rightarrow> guest set"
|
|
blanchet@35076
|
31 |
safe :: "room \<Rightarrow> bool"
|
|
blanchet@35076
|
32 |
|
|
blanchet@35076
|
33 |
inductive_set reach :: "state set" where
|
|
blanchet@35076
|
34 |
init:
|
|
blanchet@35076
|
35 |
"inj initk \<Longrightarrow>
|
|
blanchet@35076
|
36 |
\<lparr>owns = (\<lambda>r. None), currk = initk, issued = range initk, cards = (\<lambda>g. {}),
|
|
blanchet@35076
|
37 |
roomk = initk, isin = (\<lambda>r. {}), safe = (\<lambda>r. True)\<rparr> \<in> reach" |
|
|
blanchet@35076
|
38 |
check_in:
|
|
blanchet@35076
|
39 |
"\<lbrakk>s \<in> reach; k \<notin> issued s\<rbrakk> \<Longrightarrow>
|
|
blanchet@35076
|
40 |
s\<lparr>currk := (currk s)(r := k), issued := issued s \<union> {k},
|
|
blanchet@35076
|
41 |
cards := (cards s)(g := cards s g \<union> {(currk s r, k)}),
|
|
blanchet@35076
|
42 |
owns := (owns s)(r := Some g), safe := (safe s)(r := False)\<rparr> \<in> reach" |
|
|
blanchet@35076
|
43 |
enter_room:
|
|
blanchet@35076
|
44 |
"\<lbrakk>s \<in> reach; (k,k') \<in> cards s g; roomk s r \<in> {k,k'}\<rbrakk> \<Longrightarrow>
|
|
blanchet@35076
|
45 |
s\<lparr>isin := (isin s)(r := isin s r \<union> {g}),
|
|
blanchet@35076
|
46 |
roomk := (roomk s)(r := k'),
|
|
blanchet@35076
|
47 |
safe := (safe s)(r := owns s r = Some g \<and> isin s r = {} (* \<and> k' = currk s r *)
|
|
blanchet@35076
|
48 |
\<or> safe s r)\<rparr> \<in> reach" |
|
|
blanchet@35076
|
49 |
exit_room:
|
|
blanchet@35076
|
50 |
"\<lbrakk>s \<in> reach; g \<in> isin s r\<rbrakk> \<Longrightarrow> s\<lparr>isin := (isin s)(r := isin s r - {g})\<rparr> \<in> reach"
|
|
blanchet@35076
|
51 |
|
|
blanchet@35076
|
52 |
theorem safe: "s \<in> reach \<Longrightarrow> safe s r \<Longrightarrow> g \<in> isin s r \<Longrightarrow> owns s r = Some g"
|
|
blanchet@35076
|
53 |
nitpick [card room = 1, card guest = 2, card "guest option" = 3,
|
|
blanchet@41360
|
54 |
card key = 4, card state = 6, show_consts, format = 2,
|
|
blanchet@41360
|
55 |
expect = genuine]
|
|
blanchet@46082
|
56 |
(* nitpick [card room = 1, card guest = 2, expect = genuine] *) (* slow *)
|
|
blanchet@35076
|
57 |
oops
|
|
blanchet@35076
|
58 |
|
|
blanchet@35076
|
59 |
end
|