src/HOL/Hoare/hoare_tac.ML
author haftmann
Thu Jun 10 12:24:03 2010 +0200 (2010-06-10)
changeset 37391 476270a6c2dc
parent 37138 ee23611b6bf2
child 37591 d3daea901123
permissions -rw-r--r--
tuned quotes, antiquotations and whitespace
wenzelm@24475
     1
(*  Title:      HOL/Hoare/hoare_tac.ML
wenzelm@24475
     2
    Author:     Leonor Prensa Nieto & Tobias Nipkow
wenzelm@24475
     3
wenzelm@24475
     4
Derivation of the proof rules and, most importantly, the VCG tactic.
wenzelm@24475
     5
*)
wenzelm@24475
     6
wenzelm@24475
     7
(*** The tactics ***)
wenzelm@24475
     8
wenzelm@24475
     9
(*****************************************************************************)
wenzelm@24475
    10
(** The function Mset makes the theorem                                     **)
wenzelm@24475
    11
(** "?Mset <= {(x1,...,xn). ?P (x1,...,xn)} ==> ?Mset <= {s. ?P s}",        **)
wenzelm@24475
    12
(** where (x1,...,xn) are the variables of the particular program we are    **)
wenzelm@24475
    13
(** working on at the moment of the call                                    **)
wenzelm@24475
    14
(*****************************************************************************)
wenzelm@24475
    15
wenzelm@24475
    16
local open HOLogic in
wenzelm@24475
    17
wenzelm@24475
    18
(** maps (%x1 ... xn. t) to [x1,...,xn] **)
haftmann@37135
    19
fun abs2list (Const (@{const_name split}, _) $ Abs (x, T, t)) = Free (x, T) :: abs2list t
haftmann@37135
    20
  | abs2list (Abs (x, T, t)) = [Free (x, T)]
wenzelm@24475
    21
  | abs2list _ = [];
wenzelm@24475
    22
wenzelm@24475
    23
(** maps {(x1,...,xn). t} to [x1,...,xn] **)
wenzelm@24475
    24
fun mk_vars (Const ("Collect",_) $ T) = abs2list T
wenzelm@24475
    25
  | mk_vars _ = [];
wenzelm@24475
    26
wenzelm@28457
    27
(** abstraction of body over a tuple formed from a list of free variables.
wenzelm@24475
    28
Types are also built **)
wenzelm@24475
    29
fun mk_abstupleC []     body = absfree ("x", unitT, body)
wenzelm@24475
    30
  | mk_abstupleC (v::w) body = let val (n,T) = dest_Free v
wenzelm@24475
    31
                               in if w=[] then absfree (n, T, body)
wenzelm@24475
    32
        else let val z  = mk_abstupleC w body;
wenzelm@24475
    33
                 val T2 = case z of Abs(_,T,_) => T
wenzelm@24475
    34
                        | Const (_, Type (_,[_, Type (_,[T,_])])) $ _ => T;
haftmann@37135
    35
       in Const (@{const_name split}, (T --> T2 --> boolT) --> mk_prodT (T,T2) --> boolT)
wenzelm@24475
    36
          $ absfree (n, T, z) end end;
wenzelm@24475
    37
wenzelm@24475
    38
(** maps [x1,...,xn] to (x1,...,xn) and types**)
wenzelm@24475
    39
fun mk_bodyC []      = HOLogic.unit
wenzelm@28457
    40
  | mk_bodyC (x::xs) = if xs=[] then x
wenzelm@24475
    41
               else let val (n, T) = dest_Free x ;
wenzelm@24475
    42
                        val z = mk_bodyC xs;
wenzelm@24475
    43
                        val T2 = case z of Free(_, T) => T
haftmann@37391
    44
                                         | Const (@{const_name Pair}, Type ("fun", [_, Type
wenzelm@24475
    45
                                            ("fun", [_, T])])) $ _ $ _ => T;
haftmann@37391
    46
                 in Const (@{const_name Pair}, [T, T2] ---> mk_prodT (T, T2)) $ x $ z end;
wenzelm@24475
    47
wenzelm@28457
    48
(** maps a subgoal of the form:
wenzelm@28457
    49
        VARS x1 ... xn {._.} _ {._.} or to [x1,...,xn]**)
wenzelm@28457
    50
fun get_vars c =
wenzelm@28457
    51
  let
wenzelm@28457
    52
    val d = Logic.strip_assums_concl c;
wenzelm@28457
    53
    val Const _ $ pre $ _ $ _ = dest_Trueprop d;
wenzelm@28457
    54
  in mk_vars pre end;
wenzelm@24475
    55
wenzelm@28457
    56
fun mk_CollectC trm =
wenzelm@28457
    57
  let val T as Type ("fun",[t,_]) = fastype_of trm
wenzelm@28457
    58
  in Collect_const t $ trm end;
wenzelm@24475
    59
haftmann@35092
    60
fun inclt ty = Const (@{const_name Orderings.less_eq}, [ty,ty] ---> boolT);
wenzelm@24475
    61
wenzelm@24475
    62
wenzelm@28457
    63
fun Mset ctxt prop =
wenzelm@28457
    64
  let
wenzelm@28457
    65
    val [(Mset, _), (P, _)] = Variable.variant_frees ctxt [] [("Mset", ()), ("P", ())];
wenzelm@24475
    66
wenzelm@28457
    67
    val vars = get_vars prop;
wenzelm@28457
    68
    val varsT = fastype_of (mk_bodyC vars);
wenzelm@28457
    69
    val big_Collect = mk_CollectC (mk_abstupleC vars (Free (P, varsT --> boolT) $ mk_bodyC vars));
wenzelm@28457
    70
    val small_Collect = mk_CollectC (Abs ("x", varsT, Free (P, varsT --> boolT) $ Bound 0));
wenzelm@28457
    71
wenzelm@28457
    72
    val MsetT = fastype_of big_Collect;
wenzelm@28457
    73
    fun Mset_incl t = mk_Trueprop (inclt MsetT $ Free (Mset, MsetT) $ t);
wenzelm@28457
    74
    val impl = Logic.mk_implies (Mset_incl big_Collect, Mset_incl small_Collect);
wenzelm@32149
    75
    val th = Goal.prove ctxt [Mset, P] [] impl (fn _ => blast_tac (claset_of ctxt) 1);
wenzelm@28457
    76
 in (vars, th) end;
wenzelm@24475
    77
wenzelm@24475
    78
end;
wenzelm@24475
    79
wenzelm@24475
    80
wenzelm@24475
    81
(*****************************************************************************)
wenzelm@24475
    82
(** Simplifying:                                                            **)
wenzelm@24475
    83
(** Some useful lemmata, lists and simplification tactics to control which  **)
wenzelm@24475
    84
(** theorems are used to simplify at each moment, so that the original      **)
wenzelm@24475
    85
(** input does not suffer any unexpected transformation                     **)
wenzelm@24475
    86
(*****************************************************************************)
wenzelm@24475
    87
wenzelm@24475
    88
(**Simp_tacs**)
wenzelm@24475
    89
wenzelm@24475
    90
val before_set2pred_simp_tac =
wenzelm@26300
    91
  (simp_tac (HOL_basic_ss addsimps [Collect_conj_eq RS sym, @{thm Compl_Collect}]));
wenzelm@24475
    92
haftmann@37138
    93
val split_simp_tac = (simp_tac (HOL_basic_ss addsimps [@{thm split_conv}]));
wenzelm@24475
    94
wenzelm@24475
    95
(*****************************************************************************)
wenzelm@28457
    96
(** set2pred_tac transforms sets inclusion into predicates implication,     **)
wenzelm@24475
    97
(** maintaining the original variable names.                                **)
wenzelm@24475
    98
(** Ex. "{x. x=0} <= {x. x <= 1}" -set2pred-> "x=0 --> x <= 1"              **)
wenzelm@24475
    99
(** Subgoals containing intersections (A Int B) or complement sets (-A)     **)
wenzelm@24475
   100
(** are first simplified by "before_set2pred_simp_tac", that returns only   **)
wenzelm@24475
   101
(** subgoals of the form "{x. P x} <= {x. Q x}", which are easily           **)
wenzelm@24475
   102
(** transformed.                                                            **)
wenzelm@24475
   103
(** This transformation may solve very easy subgoals due to a ligth         **)
wenzelm@24475
   104
(** simplification done by (split_all_tac)                                  **)
wenzelm@24475
   105
(*****************************************************************************)
wenzelm@24475
   106
wenzelm@28457
   107
fun set2pred_tac var_names = SUBGOAL (fn (goal, i) =>
wenzelm@28457
   108
  before_set2pred_simp_tac i THEN_MAYBE
wenzelm@28457
   109
  EVERY [
wenzelm@28457
   110
    rtac subsetI i,
wenzelm@28457
   111
    rtac CollectI i,
wenzelm@28457
   112
    dtac CollectD i,
wenzelm@28457
   113
    TRY (split_all_tac i) THEN_MAYBE
haftmann@37138
   114
     (rename_tac var_names i THEN full_simp_tac (HOL_basic_ss addsimps [@{thm split_conv}]) i)]);
wenzelm@24475
   115
wenzelm@24475
   116
(*****************************************************************************)
wenzelm@24475
   117
(** BasicSimpTac is called to simplify all verification conditions. It does **)
wenzelm@24475
   118
(** a light simplification by applying "mem_Collect_eq", then it calls      **)
wenzelm@24475
   119
(** MaxSimpTac, which solves subgoals of the form "A <= A",                 **)
wenzelm@24475
   120
(** and transforms any other into predicates, applying then                 **)
wenzelm@24475
   121
(** the tactic chosen by the user, which may solve the subgoal completely.  **)
wenzelm@24475
   122
(*****************************************************************************)
wenzelm@24475
   123
wenzelm@28457
   124
fun MaxSimpTac var_names tac = FIRST'[rtac subset_refl, set2pred_tac var_names THEN_MAYBE' tac];
wenzelm@24475
   125
wenzelm@28457
   126
fun BasicSimpTac var_names tac =
wenzelm@28457
   127
  simp_tac
haftmann@37138
   128
    (HOL_basic_ss addsimps [mem_Collect_eq, @{thm split_conv}] addsimprocs [record_simproc])
wenzelm@28457
   129
  THEN_MAYBE' MaxSimpTac var_names tac;
wenzelm@24475
   130
wenzelm@24475
   131
wenzelm@28457
   132
(** hoare_rule_tac **)
wenzelm@28457
   133
wenzelm@28457
   134
fun hoare_rule_tac (vars, Mlem) tac =
wenzelm@28457
   135
  let
wenzelm@28457
   136
    val var_names = map (fst o dest_Free) vars;
wenzelm@28457
   137
    fun wlp_tac i =
wenzelm@28457
   138
      rtac @{thm SeqRule} i THEN rule_tac false (i + 1)
wenzelm@28457
   139
    and rule_tac pre_cond i st = st |> (*abstraction over st prevents looping*)
wenzelm@28457
   140
      ((wlp_tac i THEN rule_tac pre_cond i)
wenzelm@28457
   141
        ORELSE
wenzelm@28457
   142
        (FIRST [
wenzelm@28457
   143
          rtac @{thm SkipRule} i,
wenzelm@28457
   144
          rtac @{thm AbortRule} i,
wenzelm@28457
   145
          EVERY [
wenzelm@28457
   146
            rtac @{thm BasicRule} i,
wenzelm@28457
   147
            rtac Mlem i,
wenzelm@28457
   148
            split_simp_tac i],
wenzelm@28457
   149
          EVERY [
wenzelm@28457
   150
            rtac @{thm CondRule} i,
wenzelm@28457
   151
            rule_tac false (i + 2),
wenzelm@28457
   152
            rule_tac false (i + 1)],
wenzelm@28457
   153
          EVERY [
wenzelm@28457
   154
            rtac @{thm WhileRule} i,
wenzelm@28457
   155
            BasicSimpTac var_names tac (i + 2),
wenzelm@28457
   156
            rule_tac true (i + 1)]]
wenzelm@28457
   157
         THEN (if pre_cond then BasicSimpTac var_names tac i else rtac subset_refl i)));
wenzelm@28457
   158
  in rule_tac end;
wenzelm@28457
   159
wenzelm@28457
   160
wenzelm@28457
   161
(** tac is the tactic the user chooses to solve or simplify **)
wenzelm@28457
   162
(** the final verification conditions                       **)
wenzelm@28457
   163
wenzelm@28457
   164
fun hoare_tac ctxt (tac: int -> tactic) = SUBGOAL (fn (goal, i) =>
wenzelm@28457
   165
  SELECT_GOAL (hoare_rule_tac (Mset ctxt goal) tac true 1) i);
wenzelm@28457
   166