src/HOL/Hoare_Parallel/OG_Hoare.thy
author huffman
Wed Sep 08 16:10:49 2010 -0700 (2010-09-08)
changeset 44535 5e681762d538
parent 39246 9e58f0499f57
child 46008 c296c75f4cf4
permissions -rw-r--r--
use rename_tac to make proof script more robust (with separate set type, 'clarify' yields different variable names)
prensani@13020
     1
prensani@13020
     2
header {* \section{The Proof System} *}
prensani@13020
     3
haftmann@16417
     4
theory OG_Hoare imports OG_Tran begin
prensani@13020
     5
haftmann@39246
     6
primrec assertions :: "'a ann_com \<Rightarrow> ('a assn) set" where
prensani@13020
     7
  "assertions (AnnBasic r f) = {r}"
haftmann@39246
     8
| "assertions (AnnSeq c1 c2) = assertions c1 \<union> assertions c2"
haftmann@39246
     9
| "assertions (AnnCond1 r b c1 c2) = {r} \<union> assertions c1 \<union> assertions c2"
haftmann@39246
    10
| "assertions (AnnCond2 r b c) = {r} \<union> assertions c"
haftmann@39246
    11
| "assertions (AnnWhile r b i c) = {r, i} \<union> assertions c"
haftmann@39246
    12
| "assertions (AnnAwait r b c) = {r}" 
prensani@13020
    13
haftmann@39246
    14
primrec atomics :: "'a ann_com \<Rightarrow> ('a assn \<times> 'a com) set" where
prensani@13020
    15
  "atomics (AnnBasic r f) = {(r, Basic f)}"
haftmann@39246
    16
| "atomics (AnnSeq c1 c2) = atomics c1 \<union> atomics c2"
haftmann@39246
    17
| "atomics (AnnCond1 r b c1 c2) = atomics c1 \<union> atomics c2"
haftmann@39246
    18
| "atomics (AnnCond2 r b c) = atomics c"
haftmann@39246
    19
| "atomics (AnnWhile r b i c) = atomics c" 
haftmann@39246
    20
| "atomics (AnnAwait r b c) = {(r \<inter> b, c)}"
prensani@13020
    21
haftmann@39246
    22
primrec com :: "'a ann_triple_op \<Rightarrow> 'a ann_com_op" where
haftmann@39246
    23
  "com (c, q) = c"
prensani@13020
    24
haftmann@39246
    25
primrec post :: "'a ann_triple_op \<Rightarrow> 'a assn" where
haftmann@39246
    26
  "post (c, q) = q"
prensani@13020
    27
haftmann@35416
    28
definition interfree_aux :: "('a ann_com_op \<times> 'a assn \<times> 'a ann_com_op) \<Rightarrow> bool" where
prensani@13020
    29
  "interfree_aux \<equiv> \<lambda>(co, q, co'). co'= None \<or>  
prensani@13020
    30
                    (\<forall>(r,a) \<in> atomics (the co'). \<parallel>= (q \<inter> r) a q \<and>
prensani@13020
    31
                    (co = None \<or> (\<forall>p \<in> assertions (the co). \<parallel>= (p \<inter> r) a p)))"
prensani@13020
    32
haftmann@35416
    33
definition interfree :: "(('a ann_triple_op) list) \<Rightarrow> bool" where 
prensani@13020
    34
  "interfree Ts \<equiv> \<forall>i j. i < length Ts \<and> j < length Ts \<and> i \<noteq> j \<longrightarrow> 
prensani@13020
    35
                         interfree_aux (com (Ts!i), post (Ts!i), com (Ts!j)) "
prensani@13020
    36
berghofe@23746
    37
inductive
berghofe@23746
    38
  oghoare :: "'a assn \<Rightarrow> 'a com \<Rightarrow> 'a assn \<Rightarrow> bool"  ("(3\<parallel>- _//_//_)" [90,55,90] 50)
berghofe@23746
    39
  and ann_hoare :: "'a ann_com \<Rightarrow> 'a assn \<Rightarrow> bool"  ("(2\<turnstile> _// _)" [60,90] 45)
berghofe@23746
    40
where
prensani@13020
    41
  AnnBasic: "r \<subseteq> {s. f s \<in> q} \<Longrightarrow> \<turnstile> (AnnBasic r f) q"
prensani@13020
    42
berghofe@23746
    43
| AnnSeq:   "\<lbrakk> \<turnstile> c0 pre c1; \<turnstile> c1 q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnSeq c0 c1) q"
prensani@13020
    44
  
berghofe@23746
    45
| AnnCond1: "\<lbrakk> r \<inter> b \<subseteq> pre c1; \<turnstile> c1 q; r \<inter> -b \<subseteq> pre c2; \<turnstile> c2 q\<rbrakk> 
prensani@13020
    46
              \<Longrightarrow> \<turnstile> (AnnCond1 r b c1 c2) q"
berghofe@23746
    47
| AnnCond2: "\<lbrakk> r \<inter> b \<subseteq> pre c; \<turnstile> c q; r \<inter> -b \<subseteq> q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnCond2 r b c) q"
prensani@13020
    48
  
berghofe@23746
    49
| AnnWhile: "\<lbrakk> r \<subseteq> i; i \<inter> b \<subseteq> pre c; \<turnstile> c i; i \<inter> -b \<subseteq> q \<rbrakk> 
prensani@13020
    50
              \<Longrightarrow> \<turnstile> (AnnWhile r b i c) q"
prensani@13020
    51
  
berghofe@23746
    52
| AnnAwait:  "\<lbrakk> atom_com c; \<parallel>- (r \<inter> b) c q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnAwait r b c) q"
prensani@13020
    53
  
berghofe@23746
    54
| AnnConseq: "\<lbrakk>\<turnstile> c q; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<turnstile> c q'"
prensani@13020
    55
prensani@13020
    56
berghofe@23746
    57
| Parallel: "\<lbrakk> \<forall>i<length Ts. \<exists>c q. Ts!i = (Some c, q) \<and> \<turnstile> c q; interfree Ts \<rbrakk>
wenzelm@32960
    58
           \<Longrightarrow> \<parallel>- (\<Inter>i\<in>{i. i<length Ts}. pre(the(com(Ts!i)))) 
prensani@13020
    59
                     Parallel Ts 
prensani@13020
    60
                  (\<Inter>i\<in>{i. i<length Ts}. post(Ts!i))"
prensani@13020
    61
berghofe@23746
    62
| Basic:   "\<parallel>- {s. f s \<in>q} (Basic f) q"
prensani@13020
    63
  
berghofe@23746
    64
| Seq:    "\<lbrakk> \<parallel>- p c1 r; \<parallel>- r c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Seq c1 c2) q "
prensani@13020
    65
berghofe@23746
    66
| Cond:   "\<lbrakk> \<parallel>- (p \<inter> b) c1 q; \<parallel>- (p \<inter> -b) c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Cond b c1 c2) q"
prensani@13020
    67
berghofe@23746
    68
| While:  "\<lbrakk> \<parallel>- (p \<inter> b) c p \<rbrakk> \<Longrightarrow> \<parallel>- p (While b i c) (p \<inter> -b)"
prensani@13020
    69
berghofe@23746
    70
| Conseq: "\<lbrakk> p' \<subseteq> p; \<parallel>- p c q ; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<parallel>- p' c q'"
wenzelm@32960
    71
prensani@13020
    72
section {* Soundness *}
prensani@13020
    73
(* In the version Isabelle-10-Sep-1999: HOL: The THEN and ELSE
prensani@13020
    74
parts of conditional expressions (if P then x else y) are no longer
prensani@13020
    75
simplified.  (This allows the simplifier to unfold recursive
prensani@13020
    76
functional programs.)  To restore the old behaviour, we declare
prensani@13020
    77
@{text "lemmas [cong del] = if_weak_cong"}. *)
prensani@13020
    78
prensani@13020
    79
lemmas [cong del] = if_weak_cong
prensani@13020
    80
prensani@13020
    81
lemmas ann_hoare_induct = oghoare_ann_hoare.induct [THEN conjunct2]
prensani@13020
    82
lemmas oghoare_induct = oghoare_ann_hoare.induct [THEN conjunct1]
prensani@13020
    83
prensani@13020
    84
lemmas AnnBasic = oghoare_ann_hoare.AnnBasic
prensani@13020
    85
lemmas AnnSeq = oghoare_ann_hoare.AnnSeq
prensani@13020
    86
lemmas AnnCond1 = oghoare_ann_hoare.AnnCond1
prensani@13020
    87
lemmas AnnCond2 = oghoare_ann_hoare.AnnCond2
prensani@13020
    88
lemmas AnnWhile = oghoare_ann_hoare.AnnWhile
prensani@13020
    89
lemmas AnnAwait = oghoare_ann_hoare.AnnAwait
prensani@13020
    90
lemmas AnnConseq = oghoare_ann_hoare.AnnConseq
prensani@13020
    91
prensani@13020
    92
lemmas Parallel = oghoare_ann_hoare.Parallel
prensani@13020
    93
lemmas Basic = oghoare_ann_hoare.Basic
prensani@13020
    94
lemmas Seq = oghoare_ann_hoare.Seq
prensani@13020
    95
lemmas Cond = oghoare_ann_hoare.Cond
prensani@13020
    96
lemmas While = oghoare_ann_hoare.While
prensani@13020
    97
lemmas Conseq = oghoare_ann_hoare.Conseq
prensani@13020
    98
prensani@13020
    99
subsection {* Soundness of the System for Atomic Programs *}
prensani@13020
   100
prensani@13020
   101
lemma Basic_ntran [rule_format]: 
prensani@13020
   102
 "(Basic f, s) -Pn\<rightarrow> (Parallel Ts, t) \<longrightarrow> All_None Ts \<longrightarrow> t = f s"
prensani@13020
   103
apply(induct "n")
prensani@13020
   104
 apply(simp (no_asm))
prensani@13020
   105
apply(fast dest: rel_pow_Suc_D2 Parallel_empty_lemma elim: transition_cases)
prensani@13020
   106
done
prensani@13020
   107
prensani@13020
   108
lemma SEM_fwhile: "SEM S (p \<inter> b) \<subseteq> p \<Longrightarrow> SEM (fwhile b S k) p \<subseteq> (p \<inter> -b)"
prensani@13020
   109
apply (induct "k")
prensani@13020
   110
 apply(simp (no_asm) add: L3_5v_lemma3)
prensani@13020
   111
apply(simp (no_asm) add: L3_5iv L3_5ii Parallel_empty)
paulson@15102
   112
apply(rule conjI)
paulson@15102
   113
 apply (blast dest: L3_5i) 
prensani@13020
   114
apply(simp add: SEM_def sem_def id_def)
paulson@15102
   115
apply (blast dest: Basic_ntran rtrancl_imp_UN_rel_pow) 
prensani@13020
   116
done
prensani@13020
   117
paulson@15102
   118
lemma atom_hoare_sound [rule_format]: 
prensani@13020
   119
 " \<parallel>- p c q \<longrightarrow> atom_com(c) \<longrightarrow> \<parallel>= p c q"
prensani@13020
   120
apply (unfold com_validity_def)
prensani@13020
   121
apply(rule oghoare_induct)
prensani@13020
   122
apply simp_all
prensani@13020
   123
--{*Basic*}
prensani@13020
   124
    apply(simp add: SEM_def sem_def)
prensani@13020
   125
    apply(fast dest: rtrancl_imp_UN_rel_pow Basic_ntran)
prensani@13020
   126
--{* Seq *}
prensani@13020
   127
   apply(rule impI)
prensani@13020
   128
   apply(rule subset_trans)
prensani@13020
   129
    prefer 2 apply simp
prensani@13020
   130
   apply(simp add: L3_5ii L3_5i)
prensani@13020
   131
--{* Cond *}
prensani@13020
   132
  apply(simp add: L3_5iv)
prensani@13020
   133
--{* While *}
paulson@15102
   134
 apply (force simp add: L3_5v dest: SEM_fwhile) 
prensani@13020
   135
--{* Conseq *}
paulson@15102
   136
apply(force simp add: SEM_def sem_def)
prensani@13020
   137
done
prensani@13020
   138
    
prensani@13020
   139
subsection {* Soundness of the System for Component Programs *}
prensani@13020
   140
prensani@13020
   141
inductive_cases ann_transition_cases:
berghofe@23746
   142
    "(None,s) -1\<rightarrow> (c', s')"
berghofe@23746
   143
    "(Some (AnnBasic r f),s) -1\<rightarrow> (c', s')"
berghofe@23746
   144
    "(Some (AnnSeq c1 c2), s) -1\<rightarrow> (c', s')"
berghofe@23746
   145
    "(Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> (c', s')"
berghofe@23746
   146
    "(Some (AnnCond2 r b c), s) -1\<rightarrow> (c', s')"
berghofe@23746
   147
    "(Some (AnnWhile r b I c), s) -1\<rightarrow> (c', s')"
berghofe@23746
   148
    "(Some (AnnAwait r b c),s) -1\<rightarrow> (c', s')"
prensani@13020
   149
prensani@13020
   150
text {* Strong Soundness for Component Programs:*}
prensani@13020
   151
berghofe@26811
   152
lemma ann_hoare_case_analysis [rule_format]: 
berghofe@26811
   153
  defines I: "I \<equiv> \<lambda>C q'.
prensani@13020
   154
  ((\<forall>r f. C = AnnBasic r f \<longrightarrow> (\<exists>q. r \<subseteq> {s. f s \<in> q} \<and> q \<subseteq> q')) \<and>  
prensani@13020
   155
  (\<forall>c0 c1. C = AnnSeq c0 c1 \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and> \<turnstile> c0 pre c1 \<and> \<turnstile> c1 q)) \<and>  
prensani@13020
   156
  (\<forall>r b c1 c2. C = AnnCond1 r b c1 c2 \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and>  
prensani@13020
   157
  r \<inter> b \<subseteq> pre c1 \<and> \<turnstile> c1 q \<and> r \<inter> -b \<subseteq> pre c2 \<and> \<turnstile> c2 q)) \<and>  
prensani@13020
   158
  (\<forall>r b c. C = AnnCond2 r b c \<longrightarrow> 
prensani@13020
   159
  (\<exists>q. q \<subseteq> q' \<and> r \<inter> b \<subseteq> pre c  \<and> \<turnstile> c q \<and> r \<inter> -b \<subseteq> q)) \<and>  
prensani@13020
   160
  (\<forall>r i b c. C = AnnWhile r b i c \<longrightarrow>  
prensani@13020
   161
  (\<exists>q. q \<subseteq> q' \<and> r \<subseteq> i \<and> i \<inter> b \<subseteq> pre c \<and> \<turnstile> c i \<and> i \<inter> -b \<subseteq> q)) \<and>  
prensani@13020
   162
  (\<forall>r b c. C = AnnAwait r b c \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and> \<parallel>- (r \<inter> b) c q)))"
berghofe@26811
   163
  shows "\<turnstile> C q' \<longrightarrow> I C q'"
prensani@13020
   164
apply(rule ann_hoare_induct)
berghofe@26811
   165
apply (simp_all add: I)
prensani@13020
   166
 apply(rule_tac x=q in exI,simp)+
prensani@13020
   167
apply(rule conjI,clarify,simp,clarify,rule_tac x=qa in exI,fast)+
prensani@13020
   168
apply(clarify,simp,clarify,rule_tac x=qa in exI,fast)
prensani@13020
   169
done
prensani@13020
   170
berghofe@23746
   171
lemma Help: "(transition \<inter> {(x,y). True}) = (transition)"
prensani@13020
   172
apply force
prensani@13020
   173
done
prensani@13020
   174
prensani@13020
   175
lemma Strong_Soundness_aux_aux [rule_format]: 
prensani@13020
   176
 "(co, s) -1\<rightarrow> (co', t) \<longrightarrow> (\<forall>c. co = Some c \<longrightarrow> s\<in> pre c \<longrightarrow> 
prensani@13020
   177
 (\<forall>q. \<turnstile> c q \<longrightarrow> (if co' = None then t\<in>q else t \<in> pre(the co') \<and> \<turnstile> (the co') q )))"
prensani@13020
   178
apply(rule ann_transition_transition.induct [THEN conjunct1])
prensani@13020
   179
apply simp_all 
prensani@13020
   180
--{* Basic *}
prensani@13020
   181
         apply clarify
prensani@13020
   182
         apply(frule ann_hoare_case_analysis)
prensani@13020
   183
         apply force
prensani@13020
   184
--{* Seq *}
prensani@13020
   185
        apply clarify
prensani@13020
   186
        apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   187
        apply(fast intro: AnnConseq)
prensani@13020
   188
       apply clarify
prensani@13020
   189
       apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   190
       apply clarify
prensani@13020
   191
       apply(rule conjI)
prensani@13020
   192
        apply force
prensani@13020
   193
       apply(rule AnnSeq,simp)
prensani@13020
   194
       apply(fast intro: AnnConseq)
prensani@13020
   195
--{* Cond1 *}
prensani@13020
   196
      apply clarify
prensani@13020
   197
      apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   198
      apply(fast intro: AnnConseq)
prensani@13020
   199
     apply clarify
prensani@13020
   200
     apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   201
     apply(fast intro: AnnConseq)
prensani@13020
   202
--{* Cond2 *}
prensani@13020
   203
    apply clarify
prensani@13020
   204
    apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   205
    apply(fast intro: AnnConseq)
prensani@13020
   206
   apply clarify
prensani@13020
   207
   apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   208
   apply(fast intro: AnnConseq)
prensani@13020
   209
--{* While *}
prensani@13020
   210
  apply clarify
prensani@13020
   211
  apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   212
  apply force
prensani@13020
   213
 apply clarify
prensani@13020
   214
 apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   215
 apply auto
prensani@13020
   216
 apply(rule AnnSeq)
prensani@13020
   217
  apply simp
prensani@13020
   218
 apply(rule AnnWhile)
prensani@13020
   219
  apply simp_all
prensani@13020
   220
--{* Await *}
prensani@13020
   221
apply(frule ann_hoare_case_analysis,simp)
prensani@13020
   222
apply clarify
prensani@13020
   223
apply(drule atom_hoare_sound)
prensani@13020
   224
 apply simp 
prensani@13020
   225
apply(simp add: com_validity_def SEM_def sem_def)
prensani@13020
   226
apply(simp add: Help All_None_def)
prensani@13020
   227
apply force
prensani@13020
   228
done
prensani@13020
   229
prensani@13020
   230
lemma Strong_Soundness_aux: "\<lbrakk> (Some c, s) -*\<rightarrow> (co, t); s \<in> pre c; \<turnstile> c q \<rbrakk>  
prensani@13020
   231
  \<Longrightarrow> if co = None then t \<in> q else t \<in> pre (the co) \<and> \<turnstile> (the co) q"
prensani@13020
   232
apply(erule rtrancl_induct2)
prensani@13020
   233
 apply simp
prensani@13020
   234
apply(case_tac "a")
prensani@13020
   235
 apply(fast elim: ann_transition_cases)
prensani@13020
   236
apply(erule Strong_Soundness_aux_aux)
prensani@13020
   237
 apply simp
prensani@13020
   238
apply simp_all
prensani@13020
   239
done
prensani@13020
   240
prensani@13020
   241
lemma Strong_Soundness: "\<lbrakk> (Some c, s)-*\<rightarrow>(co, t); s \<in> pre c; \<turnstile> c q \<rbrakk>  
prensani@13020
   242
  \<Longrightarrow> if co = None then t\<in>q else t \<in> pre (the co)"
prensani@13020
   243
apply(force dest:Strong_Soundness_aux)
prensani@13020
   244
done
prensani@13020
   245
prensani@13020
   246
lemma ann_hoare_sound: "\<turnstile> c q  \<Longrightarrow> \<Turnstile> c q"
prensani@13020
   247
apply (unfold ann_com_validity_def ann_SEM_def ann_sem_def)
prensani@13020
   248
apply clarify
prensani@13020
   249
apply(drule Strong_Soundness)
prensani@13020
   250
apply simp_all
prensani@13020
   251
done
prensani@13020
   252
prensani@13020
   253
subsection {* Soundness of the System for Parallel Programs *}
prensani@13020
   254
prensani@13020
   255
lemma Parallel_length_post_P1: "(Parallel Ts,s) -P1\<rightarrow> (R', t) \<Longrightarrow>  
prensani@13020
   256
  (\<exists>Rs. R' = (Parallel Rs) \<and> (length Rs) = (length Ts) \<and>
prensani@13020
   257
  (\<forall>i. i<length Ts \<longrightarrow> post(Rs ! i) = post(Ts ! i)))"
prensani@13020
   258
apply(erule transition_cases)
prensani@13020
   259
apply simp
prensani@13020
   260
apply clarify
prensani@13020
   261
apply(case_tac "i=ia")
prensani@13020
   262
apply simp+
prensani@13020
   263
done
prensani@13020
   264
prensani@13020
   265
lemma Parallel_length_post_PStar: "(Parallel Ts,s) -P*\<rightarrow> (R',t) \<Longrightarrow>   
prensani@13020
   266
  (\<exists>Rs. R' = (Parallel Rs) \<and> (length Rs) = (length Ts) \<and>  
prensani@13020
   267
  (\<forall>i. i<length Ts \<longrightarrow> post(Ts ! i) = post(Rs ! i)))"
prensani@13020
   268
apply(erule rtrancl_induct2)
prensani@13020
   269
 apply(simp_all)
prensani@13020
   270
apply clarify
prensani@13020
   271
apply simp
prensani@13020
   272
apply(drule Parallel_length_post_P1)
prensani@13020
   273
apply auto
prensani@13020
   274
done
prensani@13020
   275
prensani@13020
   276
lemma assertions_lemma: "pre c \<in> assertions c"
prensani@13020
   277
apply(rule ann_com_com.induct [THEN conjunct1])
prensani@13020
   278
apply auto
prensani@13020
   279
done
prensani@13020
   280
prensani@13020
   281
lemma interfree_aux1 [rule_format]: 
prensani@13020
   282
  "(c,s) -1\<rightarrow> (r,t)  \<longrightarrow> (interfree_aux(c1, q1, c) \<longrightarrow> interfree_aux(c1, q1, r))"
prensani@13020
   283
apply (rule ann_transition_transition.induct [THEN conjunct1])
prensani@13020
   284
apply(safe)
prensani@13020
   285
prefer 13
prensani@13020
   286
apply (rule TrueI)
prensani@13020
   287
apply (simp_all add:interfree_aux_def)
prensani@13020
   288
apply force+
prensani@13020
   289
done
prensani@13020
   290
prensani@13020
   291
lemma interfree_aux2 [rule_format]: 
prensani@13020
   292
  "(c,s) -1\<rightarrow> (r,t) \<longrightarrow> (interfree_aux(c, q, a)  \<longrightarrow> interfree_aux(r, q, a) )"
prensani@13020
   293
apply (rule ann_transition_transition.induct [THEN conjunct1])
prensani@13020
   294
apply(force simp add:interfree_aux_def)+
prensani@13020
   295
done
prensani@13020
   296
prensani@13020
   297
lemma interfree_lemma: "\<lbrakk> (Some c, s) -1\<rightarrow> (r, t);interfree Ts ; i<length Ts;  
prensani@13020
   298
           Ts!i = (Some c, q) \<rbrakk> \<Longrightarrow> interfree (Ts[i:= (r, q)])"
prensani@13020
   299
apply(simp add: interfree_def)
prensani@13020
   300
apply clarify
prensani@13020
   301
apply(case_tac "i=j")
prensani@13020
   302
 apply(drule_tac t = "ia" in not_sym)
prensani@13020
   303
 apply simp_all
prensani@13020
   304
apply(force elim: interfree_aux1)
prensani@13020
   305
apply(force elim: interfree_aux2 simp add:nth_list_update)
prensani@13020
   306
done
prensani@13020
   307
prensani@13020
   308
text {* Strong Soundness Theorem for Parallel Programs:*}
prensani@13020
   309
prensani@13020
   310
lemma Parallel_Strong_Soundness_Seq_aux: 
prensani@13020
   311
  "\<lbrakk>interfree Ts; i<length Ts; com(Ts ! i) = Some(AnnSeq c0 c1) \<rbrakk> 
prensani@13020
   312
  \<Longrightarrow>  interfree (Ts[i:=(Some c0, pre c1)])"
prensani@13020
   313
apply(simp add: interfree_def)
prensani@13020
   314
apply clarify
prensani@13020
   315
apply(case_tac "i=j")
prensani@13020
   316
 apply(force simp add: nth_list_update interfree_aux_def)
prensani@13020
   317
apply(case_tac "i=ia")
prensani@13020
   318
 apply(erule_tac x=ia in allE)
prensani@13020
   319
 apply(force simp add:interfree_aux_def assertions_lemma)
prensani@13020
   320
apply simp
prensani@13020
   321
done
prensani@13020
   322
prensani@13020
   323
lemma Parallel_Strong_Soundness_Seq [rule_format (no_asm)]: 
prensani@13020
   324
 "\<lbrakk> \<forall>i<length Ts. (if com(Ts!i) = None then b \<in> post(Ts!i) 
prensani@13020
   325
  else b \<in> pre(the(com(Ts!i))) \<and> \<turnstile> the(com(Ts!i)) post(Ts!i));  
prensani@13020
   326
  com(Ts ! i) = Some(AnnSeq c0 c1); i<length Ts; interfree Ts \<rbrakk> \<Longrightarrow> 
prensani@13020
   327
 (\<forall>ia<length Ts. (if com(Ts[i:=(Some c0, pre c1)]! ia) = None  
prensani@13020
   328
  then b \<in> post(Ts[i:=(Some c0, pre c1)]! ia) 
prensani@13020
   329
 else b \<in> pre(the(com(Ts[i:=(Some c0, pre c1)]! ia))) \<and>  
prensani@13020
   330
 \<turnstile> the(com(Ts[i:=(Some c0, pre c1)]! ia)) post(Ts[i:=(Some c0, pre c1)]! ia))) 
prensani@13020
   331
  \<and> interfree (Ts[i:= (Some c0, pre c1)])"
prensani@13020
   332
apply(rule conjI)
prensani@13020
   333
 apply safe
prensani@13020
   334
 apply(case_tac "i=ia")
prensani@13020
   335
  apply simp
prensani@13020
   336
  apply(force dest: ann_hoare_case_analysis)
prensani@13020
   337
 apply simp
prensani@13020
   338
apply(fast elim: Parallel_Strong_Soundness_Seq_aux)
prensani@13020
   339
done
prensani@13020
   340
prensani@13020
   341
lemma Parallel_Strong_Soundness_aux_aux [rule_format]: 
prensani@13020
   342
 "(Some c, b) -1\<rightarrow> (co, t) \<longrightarrow>  
prensani@13020
   343
  (\<forall>Ts. i<length Ts \<longrightarrow> com(Ts ! i) = Some c \<longrightarrow>  
prensani@13020
   344
  (\<forall>i<length Ts. (if com(Ts ! i) = None then b\<in>post(Ts!i)  
prensani@13020
   345
  else b\<in>pre(the(com(Ts!i))) \<and> \<turnstile> the(com(Ts!i)) post(Ts!i))) \<longrightarrow>  
prensani@13020
   346
 interfree Ts \<longrightarrow>  
prensani@13020
   347
  (\<forall>j. j<length Ts \<and> i\<noteq>j \<longrightarrow> (if com(Ts!j) = None then t\<in>post(Ts!j)  
prensani@13020
   348
  else t\<in>pre(the(com(Ts!j))) \<and> \<turnstile> the(com(Ts!j)) post(Ts!j))) )"
prensani@13020
   349
apply(rule ann_transition_transition.induct [THEN conjunct1])
prensani@13020
   350
apply safe
prensani@13020
   351
prefer 11
prensani@13020
   352
apply(rule TrueI)
prensani@13020
   353
apply simp_all
prensani@13020
   354
--{* Basic *}
prensani@13020
   355
   apply(erule_tac x = "i" in all_dupE, erule (1) notE impE)
prensani@13020
   356
   apply(erule_tac x = "j" in allE , erule (1) notE impE)
prensani@13020
   357
   apply(simp add: interfree_def)
prensani@13020
   358
   apply(erule_tac x = "j" in allE,simp)
prensani@13020
   359
   apply(erule_tac x = "i" in allE,simp)
prensani@13020
   360
   apply(drule_tac t = "i" in not_sym)
prensani@13020
   361
   apply(case_tac "com(Ts ! j)=None")
prensani@13020
   362
    apply(force intro: converse_rtrancl_into_rtrancl
prensani@13020
   363
          simp add: interfree_aux_def com_validity_def SEM_def sem_def All_None_def)
prensani@13020
   364
   apply(simp add:interfree_aux_def)
prensani@13020
   365
   apply clarify
prensani@13020
   366
   apply simp
prensani@13020
   367
   apply(erule_tac x="pre y" in ballE)
prensani@13020
   368
    apply(force intro: converse_rtrancl_into_rtrancl 
prensani@13020
   369
          simp add: com_validity_def SEM_def sem_def All_None_def)
prensani@13020
   370
   apply(simp add:assertions_lemma)
prensani@13020
   371
--{* Seqs *}
prensani@13020
   372
  apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
prensani@13020
   373
  apply(drule  Parallel_Strong_Soundness_Seq,simp+)
prensani@13020
   374
 apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
prensani@13020
   375
 apply(drule  Parallel_Strong_Soundness_Seq,simp+)
prensani@13020
   376
--{* Await *}
prensani@13020
   377
apply(rule_tac x = "i" in allE , assumption , erule (1) notE impE)
prensani@13020
   378
apply(erule_tac x = "j" in allE , erule (1) notE impE)
prensani@13020
   379
apply(simp add: interfree_def)
prensani@13020
   380
apply(erule_tac x = "j" in allE,simp)
prensani@13020
   381
apply(erule_tac x = "i" in allE,simp)
prensani@13020
   382
apply(drule_tac t = "i" in not_sym)
prensani@13020
   383
apply(case_tac "com(Ts ! j)=None")
prensani@13020
   384
 apply(force intro: converse_rtrancl_into_rtrancl simp add: interfree_aux_def 
prensani@13020
   385
        com_validity_def SEM_def sem_def All_None_def Help)
prensani@13020
   386
apply(simp add:interfree_aux_def)
prensani@13020
   387
apply clarify
prensani@13020
   388
apply simp
prensani@13020
   389
apply(erule_tac x="pre y" in ballE)
prensani@13020
   390
 apply(force intro: converse_rtrancl_into_rtrancl 
prensani@13020
   391
       simp add: com_validity_def SEM_def sem_def All_None_def Help)
prensani@13020
   392
apply(simp add:assertions_lemma)
prensani@13020
   393
done
prensani@13020
   394
prensani@13020
   395
lemma Parallel_Strong_Soundness_aux [rule_format]: 
prensani@13020
   396
 "\<lbrakk>(Ts',s) -P*\<rightarrow> (Rs',t);  Ts' = (Parallel Ts); interfree Ts;
prensani@13020
   397
 \<forall>i. i<length Ts \<longrightarrow> (\<exists>c q. (Ts ! i) = (Some c, q) \<and> s\<in>(pre c) \<and> \<turnstile> c q ) \<rbrakk> \<Longrightarrow>  
prensani@13020
   398
  \<forall>Rs. Rs' = (Parallel Rs) \<longrightarrow> (\<forall>j. j<length Rs \<longrightarrow> 
prensani@13020
   399
  (if com(Rs ! j) = None then t\<in>post(Ts ! j) 
prensani@13020
   400
  else t\<in>pre(the(com(Rs ! j))) \<and> \<turnstile> the(com(Rs ! j)) post(Ts ! j))) \<and> interfree Rs"
prensani@13020
   401
apply(erule rtrancl_induct2)
prensani@13020
   402
 apply clarify
prensani@13020
   403
--{* Base *}
prensani@13020
   404
 apply force
prensani@13020
   405
--{* Induction step *}
prensani@13020
   406
apply clarify
prensani@13020
   407
apply(drule Parallel_length_post_PStar)
prensani@13020
   408
apply clarify
berghofe@23746
   409
apply (ind_cases "(Parallel Ts, s) -P1\<rightarrow> (Parallel Rs, t)" for Ts s Rs t)
prensani@13020
   410
apply(rule conjI)
prensani@13020
   411
 apply clarify
prensani@13020
   412
 apply(case_tac "i=j")
prensani@13020
   413
  apply(simp split del:split_if)
prensani@13020
   414
  apply(erule Strong_Soundness_aux_aux,simp+)
prensani@13020
   415
   apply force
prensani@13020
   416
  apply force
prensani@13020
   417
 apply(simp split del: split_if)
prensani@13020
   418
 apply(erule Parallel_Strong_Soundness_aux_aux)
prensani@13020
   419
 apply(simp_all add: split del:split_if)
prensani@13020
   420
 apply force
prensani@13020
   421
apply(rule interfree_lemma)
prensani@13020
   422
apply simp_all
prensani@13020
   423
done
prensani@13020
   424
prensani@13020
   425
lemma Parallel_Strong_Soundness: 
prensani@13020
   426
 "\<lbrakk>(Parallel Ts, s) -P*\<rightarrow> (Parallel Rs, t); interfree Ts; j<length Rs; 
prensani@13020
   427
  \<forall>i. i<length Ts \<longrightarrow> (\<exists>c q. Ts ! i = (Some c, q) \<and> s\<in>pre c \<and> \<turnstile> c q) \<rbrakk> \<Longrightarrow>  
prensani@13020
   428
  if com(Rs ! j) = None then t\<in>post(Ts ! j) else t\<in>pre (the(com(Rs ! j)))"
prensani@13020
   429
apply(drule  Parallel_Strong_Soundness_aux)
prensani@13020
   430
apply simp+
prensani@13020
   431
done
prensani@13020
   432
paulson@15102
   433
lemma oghoare_sound [rule_format]: "\<parallel>- p c q \<longrightarrow> \<parallel>= p c q"
prensani@13020
   434
apply (unfold com_validity_def)
prensani@13020
   435
apply(rule oghoare_induct)
prensani@13020
   436
apply(rule TrueI)+
prensani@13020
   437
--{* Parallel *}     
prensani@13020
   438
      apply(simp add: SEM_def sem_def)
huffman@44535
   439
      apply(clarify, rename_tac x y i Ts')
prensani@13020
   440
      apply(frule Parallel_length_post_PStar)
prensani@13020
   441
      apply clarify
huffman@44535
   442
      apply(drule_tac j=i in Parallel_Strong_Soundness)
prensani@13020
   443
         apply clarify
prensani@13020
   444
        apply simp
prensani@13020
   445
       apply force
prensani@13020
   446
      apply simp
prensani@13020
   447
      apply(erule_tac V = "\<forall>i. ?P i" in thin_rl)
prensani@13020
   448
      apply(drule_tac s = "length Rs" in sym)
prensani@13020
   449
      apply(erule allE, erule impE, assumption)
prensani@13020
   450
      apply(force dest: nth_mem simp add: All_None_def)
prensani@13020
   451
--{* Basic *}
prensani@13020
   452
    apply(simp add: SEM_def sem_def)
prensani@13020
   453
    apply(force dest: rtrancl_imp_UN_rel_pow Basic_ntran)
prensani@13020
   454
--{* Seq *}
prensani@13020
   455
   apply(rule subset_trans)
prensani@13020
   456
    prefer 2 apply assumption
prensani@13020
   457
   apply(simp add: L3_5ii L3_5i)
prensani@13020
   458
--{* Cond *}
prensani@13020
   459
  apply(simp add: L3_5iv)
prensani@13020
   460
--{* While *}
prensani@13020
   461
 apply(simp add: L3_5v)
paulson@15102
   462
 apply (blast dest: SEM_fwhile) 
prensani@13020
   463
--{* Conseq *}
paulson@15102
   464
apply(auto simp add: SEM_def sem_def)
prensani@13020
   465
done
prensani@13020
   466
haftmann@39246
   467
end