src/HOL/Hoare/hoare_tac.ML
author wenzelm
Thu Oct 02 14:22:36 2008 +0200 (2008-10-02)
changeset 28457 25669513fd4c
parent 27330 1af2598b5f7d
child 32149 ef59550a55d3
permissions -rw-r--r--
major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm@24475
     1
(*  Title:      HOL/Hoare/hoare_tac.ML
wenzelm@24475
     2
    ID:         $Id$
wenzelm@24475
     3
    Author:     Leonor Prensa Nieto & Tobias Nipkow
wenzelm@24475
     4
wenzelm@24475
     5
Derivation of the proof rules and, most importantly, the VCG tactic.
wenzelm@24475
     6
*)
wenzelm@24475
     7
wenzelm@24475
     8
(*** The tactics ***)
wenzelm@24475
     9
wenzelm@24475
    10
(*****************************************************************************)
wenzelm@24475
    11
(** The function Mset makes the theorem                                     **)
wenzelm@24475
    12
(** "?Mset <= {(x1,...,xn). ?P (x1,...,xn)} ==> ?Mset <= {s. ?P s}",        **)
wenzelm@24475
    13
(** where (x1,...,xn) are the variables of the particular program we are    **)
wenzelm@24475
    14
(** working on at the moment of the call                                    **)
wenzelm@24475
    15
(*****************************************************************************)
wenzelm@24475
    16
wenzelm@24475
    17
local open HOLogic in
wenzelm@24475
    18
wenzelm@24475
    19
(** maps (%x1 ... xn. t) to [x1,...,xn] **)
wenzelm@24475
    20
fun abs2list (Const ("split",_) $ (Abs(x,T,t))) = Free (x, T)::abs2list t
wenzelm@24475
    21
  | abs2list (Abs(x,T,t)) = [Free (x, T)]
wenzelm@24475
    22
  | abs2list _ = [];
wenzelm@24475
    23
wenzelm@24475
    24
(** maps {(x1,...,xn). t} to [x1,...,xn] **)
wenzelm@24475
    25
fun mk_vars (Const ("Collect",_) $ T) = abs2list T
wenzelm@24475
    26
  | mk_vars _ = [];
wenzelm@24475
    27
wenzelm@28457
    28
(** abstraction of body over a tuple formed from a list of free variables.
wenzelm@24475
    29
Types are also built **)
wenzelm@24475
    30
fun mk_abstupleC []     body = absfree ("x", unitT, body)
wenzelm@24475
    31
  | mk_abstupleC (v::w) body = let val (n,T) = dest_Free v
wenzelm@24475
    32
                               in if w=[] then absfree (n, T, body)
wenzelm@24475
    33
        else let val z  = mk_abstupleC w body;
wenzelm@24475
    34
                 val T2 = case z of Abs(_,T,_) => T
wenzelm@24475
    35
                        | Const (_, Type (_,[_, Type (_,[T,_])])) $ _ => T;
wenzelm@28457
    36
       in Const ("split", (T --> T2 --> boolT) --> mk_prodT (T,T2) --> boolT)
wenzelm@24475
    37
          $ absfree (n, T, z) end end;
wenzelm@24475
    38
wenzelm@24475
    39
(** maps [x1,...,xn] to (x1,...,xn) and types**)
wenzelm@24475
    40
fun mk_bodyC []      = HOLogic.unit
wenzelm@28457
    41
  | mk_bodyC (x::xs) = if xs=[] then x
wenzelm@24475
    42
               else let val (n, T) = dest_Free x ;
wenzelm@24475
    43
                        val z = mk_bodyC xs;
wenzelm@24475
    44
                        val T2 = case z of Free(_, T) => T
wenzelm@24475
    45
                                         | Const ("Pair", Type ("fun", [_, Type
wenzelm@24475
    46
                                            ("fun", [_, T])])) $ _ $ _ => T;
wenzelm@24475
    47
                 in Const ("Pair", [T, T2] ---> mk_prodT (T, T2)) $ x $ z end;
wenzelm@24475
    48
wenzelm@28457
    49
(** maps a subgoal of the form:
wenzelm@28457
    50
        VARS x1 ... xn {._.} _ {._.} or to [x1,...,xn]**)
wenzelm@28457
    51
fun get_vars c =
wenzelm@28457
    52
  let
wenzelm@28457
    53
    val d = Logic.strip_assums_concl c;
wenzelm@28457
    54
    val Const _ $ pre $ _ $ _ = dest_Trueprop d;
wenzelm@28457
    55
  in mk_vars pre end;
wenzelm@24475
    56
wenzelm@28457
    57
fun mk_CollectC trm =
wenzelm@28457
    58
  let val T as Type ("fun",[t,_]) = fastype_of trm
wenzelm@28457
    59
  in Collect_const t $ trm end;
wenzelm@24475
    60
wenzelm@24475
    61
fun inclt ty = Const (@{const_name HOL.less_eq}, [ty,ty] ---> boolT);
wenzelm@24475
    62
wenzelm@24475
    63
wenzelm@28457
    64
fun Mset ctxt prop =
wenzelm@28457
    65
  let
wenzelm@28457
    66
    val [(Mset, _), (P, _)] = Variable.variant_frees ctxt [] [("Mset", ()), ("P", ())];
wenzelm@24475
    67
wenzelm@28457
    68
    val vars = get_vars prop;
wenzelm@28457
    69
    val varsT = fastype_of (mk_bodyC vars);
wenzelm@28457
    70
    val big_Collect = mk_CollectC (mk_abstupleC vars (Free (P, varsT --> boolT) $ mk_bodyC vars));
wenzelm@28457
    71
    val small_Collect = mk_CollectC (Abs ("x", varsT, Free (P, varsT --> boolT) $ Bound 0));
wenzelm@28457
    72
wenzelm@28457
    73
    val MsetT = fastype_of big_Collect;
wenzelm@28457
    74
    fun Mset_incl t = mk_Trueprop (inclt MsetT $ Free (Mset, MsetT) $ t);
wenzelm@28457
    75
    val impl = Logic.mk_implies (Mset_incl big_Collect, Mset_incl small_Collect);
wenzelm@28457
    76
    val th = Goal.prove ctxt [Mset, P] [] impl (fn _ => blast_tac (local_claset_of ctxt) 1);
wenzelm@28457
    77
 in (vars, th) end;
wenzelm@24475
    78
wenzelm@24475
    79
end;
wenzelm@24475
    80
wenzelm@24475
    81
wenzelm@24475
    82
(*****************************************************************************)
wenzelm@24475
    83
(** Simplifying:                                                            **)
wenzelm@24475
    84
(** Some useful lemmata, lists and simplification tactics to control which  **)
wenzelm@24475
    85
(** theorems are used to simplify at each moment, so that the original      **)
wenzelm@24475
    86
(** input does not suffer any unexpected transformation                     **)
wenzelm@24475
    87
(*****************************************************************************)
wenzelm@24475
    88
wenzelm@24475
    89
(**Simp_tacs**)
wenzelm@24475
    90
wenzelm@24475
    91
val before_set2pred_simp_tac =
wenzelm@26300
    92
  (simp_tac (HOL_basic_ss addsimps [Collect_conj_eq RS sym, @{thm Compl_Collect}]));
wenzelm@24475
    93
wenzelm@24475
    94
val split_simp_tac = (simp_tac (HOL_basic_ss addsimps [split_conv]));
wenzelm@24475
    95
wenzelm@24475
    96
(*****************************************************************************)
wenzelm@28457
    97
(** set2pred_tac transforms sets inclusion into predicates implication,     **)
wenzelm@24475
    98
(** maintaining the original variable names.                                **)
wenzelm@24475
    99
(** Ex. "{x. x=0} <= {x. x <= 1}" -set2pred-> "x=0 --> x <= 1"              **)
wenzelm@24475
   100
(** Subgoals containing intersections (A Int B) or complement sets (-A)     **)
wenzelm@24475
   101
(** are first simplified by "before_set2pred_simp_tac", that returns only   **)
wenzelm@24475
   102
(** subgoals of the form "{x. P x} <= {x. Q x}", which are easily           **)
wenzelm@24475
   103
(** transformed.                                                            **)
wenzelm@24475
   104
(** This transformation may solve very easy subgoals due to a ligth         **)
wenzelm@24475
   105
(** simplification done by (split_all_tac)                                  **)
wenzelm@24475
   106
(*****************************************************************************)
wenzelm@24475
   107
wenzelm@28457
   108
fun set2pred_tac var_names = SUBGOAL (fn (goal, i) =>
wenzelm@28457
   109
  before_set2pred_simp_tac i THEN_MAYBE
wenzelm@28457
   110
  EVERY [
wenzelm@28457
   111
    rtac subsetI i,
wenzelm@28457
   112
    rtac CollectI i,
wenzelm@28457
   113
    dtac CollectD i,
wenzelm@28457
   114
    TRY (split_all_tac i) THEN_MAYBE
wenzelm@28457
   115
     (rename_tac var_names i THEN full_simp_tac (HOL_basic_ss addsimps [split_conv]) i)]);
wenzelm@24475
   116
wenzelm@24475
   117
(*****************************************************************************)
wenzelm@24475
   118
(** BasicSimpTac is called to simplify all verification conditions. It does **)
wenzelm@24475
   119
(** a light simplification by applying "mem_Collect_eq", then it calls      **)
wenzelm@24475
   120
(** MaxSimpTac, which solves subgoals of the form "A <= A",                 **)
wenzelm@24475
   121
(** and transforms any other into predicates, applying then                 **)
wenzelm@24475
   122
(** the tactic chosen by the user, which may solve the subgoal completely.  **)
wenzelm@24475
   123
(*****************************************************************************)
wenzelm@24475
   124
wenzelm@28457
   125
fun MaxSimpTac var_names tac = FIRST'[rtac subset_refl, set2pred_tac var_names THEN_MAYBE' tac];
wenzelm@24475
   126
wenzelm@28457
   127
fun BasicSimpTac var_names tac =
wenzelm@28457
   128
  simp_tac
wenzelm@28457
   129
    (HOL_basic_ss addsimps [mem_Collect_eq, split_conv] addsimprocs [record_simproc])
wenzelm@28457
   130
  THEN_MAYBE' MaxSimpTac var_names tac;
wenzelm@24475
   131
wenzelm@24475
   132
wenzelm@28457
   133
(** hoare_rule_tac **)
wenzelm@28457
   134
wenzelm@28457
   135
fun hoare_rule_tac (vars, Mlem) tac =
wenzelm@28457
   136
  let
wenzelm@28457
   137
    val var_names = map (fst o dest_Free) vars;
wenzelm@28457
   138
    fun wlp_tac i =
wenzelm@28457
   139
      rtac @{thm SeqRule} i THEN rule_tac false (i + 1)
wenzelm@28457
   140
    and rule_tac pre_cond i st = st |> (*abstraction over st prevents looping*)
wenzelm@28457
   141
      ((wlp_tac i THEN rule_tac pre_cond i)
wenzelm@28457
   142
        ORELSE
wenzelm@28457
   143
        (FIRST [
wenzelm@28457
   144
          rtac @{thm SkipRule} i,
wenzelm@28457
   145
          rtac @{thm AbortRule} i,
wenzelm@28457
   146
          EVERY [
wenzelm@28457
   147
            rtac @{thm BasicRule} i,
wenzelm@28457
   148
            rtac Mlem i,
wenzelm@28457
   149
            split_simp_tac i],
wenzelm@28457
   150
          EVERY [
wenzelm@28457
   151
            rtac @{thm CondRule} i,
wenzelm@28457
   152
            rule_tac false (i + 2),
wenzelm@28457
   153
            rule_tac false (i + 1)],
wenzelm@28457
   154
          EVERY [
wenzelm@28457
   155
            rtac @{thm WhileRule} i,
wenzelm@28457
   156
            BasicSimpTac var_names tac (i + 2),
wenzelm@28457
   157
            rule_tac true (i + 1)]]
wenzelm@28457
   158
         THEN (if pre_cond then BasicSimpTac var_names tac i else rtac subset_refl i)));
wenzelm@28457
   159
  in rule_tac end;
wenzelm@28457
   160
wenzelm@28457
   161
wenzelm@28457
   162
(** tac is the tactic the user chooses to solve or simplify **)
wenzelm@28457
   163
(** the final verification conditions                       **)
wenzelm@28457
   164
wenzelm@28457
   165
fun hoare_tac ctxt (tac: int -> tactic) = SUBGOAL (fn (goal, i) =>
wenzelm@28457
   166
  SELECT_GOAL (hoare_rule_tac (Mset ctxt goal) tac true 1) i);
wenzelm@28457
   167