src/HOL/Hoare_Parallel/OG_Tran.thy
author wenzelm
Thu May 24 17:25:53 2012 +0200 (2012-05-24)
changeset 47988 e4b69e10b990
parent 46362 b2878f059f91
child 52141 eff000cab70f
permissions -rw-r--r--
tuned proofs;
prensani@13020
     1
prensani@13020
     2
header {* \section{Operational Semantics} *}
prensani@13020
     3
haftmann@16417
     4
theory OG_Tran imports OG_Com begin
prensani@13020
     5
wenzelm@42174
     6
type_synonym 'a ann_com_op = "('a ann_com) option"
wenzelm@42174
     7
type_synonym 'a ann_triple_op = "('a ann_com_op \<times> 'a assn)"
prensani@13020
     8
  
haftmann@35416
     9
primrec com :: "'a ann_triple_op \<Rightarrow> 'a ann_com_op" where
haftmann@35416
    10
  "com (c, q) = c"
prensani@13020
    11
haftmann@35416
    12
primrec post :: "'a ann_triple_op \<Rightarrow> 'a assn" where
haftmann@35416
    13
  "post (c, q) = q"
prensani@13020
    14
haftmann@35416
    15
definition All_None :: "'a ann_triple_op list \<Rightarrow> bool" where
prensani@13020
    16
  "All_None Ts \<equiv> \<forall>(c, q) \<in> set Ts. c = None"
prensani@13020
    17
prensani@13020
    18
subsection {* The Transition Relation *}
prensani@13020
    19
berghofe@23746
    20
inductive_set
prensani@13020
    21
  ann_transition :: "(('a ann_com_op \<times> 'a) \<times> ('a ann_com_op \<times> 'a)) set"        
berghofe@23746
    22
  and transition :: "(('a com \<times> 'a) \<times> ('a com \<times> 'a)) set"
berghofe@23746
    23
  and ann_transition' :: "('a ann_com_op \<times> 'a) \<Rightarrow> ('a ann_com_op \<times> 'a) \<Rightarrow> bool"
berghofe@23746
    24
    ("_ -1\<rightarrow> _"[81,81] 100)
berghofe@23746
    25
  and transition' :: "('a com \<times> 'a) \<Rightarrow> ('a com \<times> 'a) \<Rightarrow> bool"
berghofe@23746
    26
    ("_ -P1\<rightarrow> _"[81,81] 100)
berghofe@23746
    27
  and transitions :: "('a com \<times> 'a) \<Rightarrow> ('a com \<times> 'a) \<Rightarrow> bool"
berghofe@23746
    28
    ("_ -P*\<rightarrow> _"[81,81] 100)
berghofe@23746
    29
where
berghofe@23746
    30
  "con_0 -1\<rightarrow> con_1 \<equiv> (con_0, con_1) \<in> ann_transition"
berghofe@23746
    31
| "con_0 -P1\<rightarrow> con_1 \<equiv> (con_0, con_1) \<in> transition"
berghofe@23746
    32
| "con_0 -P*\<rightarrow> con_1 \<equiv> (con_0, con_1) \<in> transition\<^sup>*"
berghofe@23746
    33
berghofe@23746
    34
| AnnBasic:  "(Some (AnnBasic r f), s) -1\<rightarrow> (None, f s)"
berghofe@23746
    35
berghofe@23746
    36
| AnnSeq1: "(Some c0, s) -1\<rightarrow> (None, t) \<Longrightarrow> 
berghofe@23746
    37
               (Some (AnnSeq c0 c1), s) -1\<rightarrow> (Some c1, t)"
berghofe@23746
    38
| AnnSeq2: "(Some c0, s) -1\<rightarrow> (Some c2, t) \<Longrightarrow> 
berghofe@23746
    39
               (Some (AnnSeq c0 c1), s) -1\<rightarrow> (Some (AnnSeq c2 c1), t)"
berghofe@23746
    40
berghofe@23746
    41
| AnnCond1T: "s \<in> b  \<Longrightarrow> (Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> (Some c1, s)"
berghofe@23746
    42
| AnnCond1F: "s \<notin> b \<Longrightarrow> (Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> (Some c2, s)"
prensani@13020
    43
berghofe@23746
    44
| AnnCond2T: "s \<in> b  \<Longrightarrow> (Some (AnnCond2 r b c), s) -1\<rightarrow> (Some c, s)"
berghofe@23746
    45
| AnnCond2F: "s \<notin> b \<Longrightarrow> (Some (AnnCond2 r b c), s) -1\<rightarrow> (None, s)"
berghofe@23746
    46
berghofe@23746
    47
| AnnWhileF: "s \<notin> b \<Longrightarrow> (Some (AnnWhile r b i c), s) -1\<rightarrow> (None, s)"
berghofe@23746
    48
| AnnWhileT: "s \<in> b  \<Longrightarrow> (Some (AnnWhile r b i c), s) -1\<rightarrow> 
berghofe@23746
    49
                         (Some (AnnSeq c (AnnWhile i b i c)), s)"
berghofe@23746
    50
berghofe@23746
    51
| AnnAwait: "\<lbrakk> s \<in> b; atom_com c; (c, s) -P*\<rightarrow> (Parallel [], t) \<rbrakk> \<Longrightarrow>
wenzelm@32960
    52
                   (Some (AnnAwait r b c), s) -1\<rightarrow> (None, t)" 
berghofe@23746
    53
berghofe@23746
    54
| Parallel: "\<lbrakk> i<length Ts; Ts!i = (Some c, q); (Some c, s) -1\<rightarrow> (r, t) \<rbrakk>
berghofe@23746
    55
              \<Longrightarrow> (Parallel Ts, s) -P1\<rightarrow> (Parallel (Ts [i:=(r, q)]), t)"
berghofe@23746
    56
berghofe@23746
    57
| Basic:  "(Basic f, s) -P1\<rightarrow> (Parallel [], f s)"
berghofe@23746
    58
berghofe@23746
    59
| Seq1:   "All_None Ts \<Longrightarrow> (Seq (Parallel Ts) c, s) -P1\<rightarrow> (c, s)"
berghofe@23746
    60
| Seq2:   "(c0, s) -P1\<rightarrow> (c2, t) \<Longrightarrow> (Seq c0 c1, s) -P1\<rightarrow> (Seq c2 c1, t)"
berghofe@23746
    61
berghofe@23746
    62
| CondT: "s \<in> b \<Longrightarrow> (Cond b c1 c2, s) -P1\<rightarrow> (c1, s)"
berghofe@23746
    63
| CondF: "s \<notin> b \<Longrightarrow> (Cond b c1 c2, s) -P1\<rightarrow> (c2, s)"
berghofe@23746
    64
berghofe@23746
    65
| WhileF: "s \<notin> b \<Longrightarrow> (While b i c, s) -P1\<rightarrow> (Parallel [], s)"
berghofe@23746
    66
| WhileT: "s \<in> b \<Longrightarrow> (While b i c, s) -P1\<rightarrow> (Seq c (While b i c), s)"
berghofe@23746
    67
berghofe@23746
    68
monos "rtrancl_mono"
prensani@13020
    69
wenzelm@35107
    70
text {* The corresponding abbreviations are: *}
prensani@13020
    71
berghofe@23746
    72
abbreviation
berghofe@23746
    73
  ann_transition_n :: "('a ann_com_op \<times> 'a) \<Rightarrow> nat \<Rightarrow> ('a ann_com_op \<times> 'a) 
berghofe@23746
    74
                           \<Rightarrow> bool"  ("_ -_\<rightarrow> _"[81,81] 100)  where
haftmann@30952
    75
  "con_0 -n\<rightarrow> con_1 \<equiv> (con_0, con_1) \<in> ann_transition ^^ n"
prensani@13020
    76
berghofe@23746
    77
abbreviation
berghofe@23746
    78
  ann_transitions :: "('a ann_com_op \<times> 'a) \<Rightarrow> ('a ann_com_op \<times> 'a) \<Rightarrow> bool"
berghofe@23746
    79
                           ("_ -*\<rightarrow> _"[81,81] 100)  where
berghofe@23746
    80
  "con_0 -*\<rightarrow> con_1 \<equiv> (con_0, con_1) \<in> ann_transition\<^sup>*"
prensani@13020
    81
berghofe@23746
    82
abbreviation
berghofe@23746
    83
  transition_n :: "('a com \<times> 'a) \<Rightarrow> nat \<Rightarrow> ('a com \<times> 'a) \<Rightarrow> bool"  
berghofe@23746
    84
                          ("_ -P_\<rightarrow> _"[81,81,81] 100)  where
haftmann@30952
    85
  "con_0 -Pn\<rightarrow> con_1 \<equiv> (con_0, con_1) \<in> transition ^^ n"
prensani@13020
    86
prensani@13020
    87
subsection {* Definition of Semantics *}
prensani@13020
    88
haftmann@35416
    89
definition ann_sem :: "'a ann_com \<Rightarrow> 'a \<Rightarrow> 'a set" where
prensani@13020
    90
  "ann_sem c \<equiv> \<lambda>s. {t. (Some c, s) -*\<rightarrow> (None, t)}"
prensani@13020
    91
haftmann@35416
    92
definition ann_SEM :: "'a ann_com \<Rightarrow> 'a set \<Rightarrow> 'a set" where
prensani@13020
    93
  "ann_SEM c S \<equiv> \<Union>ann_sem c ` S"  
prensani@13020
    94
haftmann@35416
    95
definition sem :: "'a com \<Rightarrow> 'a \<Rightarrow> 'a set" where
prensani@13020
    96
  "sem c \<equiv> \<lambda>s. {t. \<exists>Ts. (c, s) -P*\<rightarrow> (Parallel Ts, t) \<and> All_None Ts}"
prensani@13020
    97
haftmann@35416
    98
definition SEM :: "'a com \<Rightarrow> 'a set \<Rightarrow> 'a set" where
prensani@13020
    99
  "SEM c S \<equiv> \<Union>sem c ` S "
prensani@13020
   100
wenzelm@35107
   101
abbreviation Omega :: "'a com"    ("\<Omega>" 63)
wenzelm@35107
   102
  where "\<Omega> \<equiv> While UNIV UNIV (Basic id)"
prensani@13020
   103
haftmann@35416
   104
primrec fwhile :: "'a bexp \<Rightarrow> 'a com \<Rightarrow> nat \<Rightarrow> 'a com" where
haftmann@35416
   105
    "fwhile b c 0 = \<Omega>"
haftmann@35416
   106
  | "fwhile b c (Suc n) = Cond b (Seq c (fwhile b c n)) (Basic id)"
prensani@13020
   107
prensani@13020
   108
subsubsection {* Proofs *}
prensani@13020
   109
prensani@13020
   110
declare ann_transition_transition.intros [intro]
prensani@13020
   111
inductive_cases transition_cases: 
prensani@13020
   112
    "(Parallel T,s) -P1\<rightarrow> t"  
prensani@13020
   113
    "(Basic f, s) -P1\<rightarrow> t"
prensani@13020
   114
    "(Seq c1 c2, s) -P1\<rightarrow> t" 
prensani@13020
   115
    "(Cond b c1 c2, s) -P1\<rightarrow> t"
prensani@13020
   116
    "(While b i c, s) -P1\<rightarrow> t"
prensani@13020
   117
prensani@13020
   118
lemma Parallel_empty_lemma [rule_format (no_asm)]: 
prensani@13020
   119
  "(Parallel [],s) -Pn\<rightarrow> (Parallel Ts,t) \<longrightarrow> Ts=[] \<and> n=0 \<and> s=t"
prensani@13020
   120
apply(induct n)
prensani@13020
   121
 apply(simp (no_asm))
prensani@13020
   122
apply clarify
bulwahn@46362
   123
apply(drule relpow_Suc_D2)
prensani@13020
   124
apply(force elim:transition_cases)
prensani@13020
   125
done
prensani@13020
   126
prensani@13020
   127
lemma Parallel_AllNone_lemma [rule_format (no_asm)]: 
prensani@13020
   128
 "All_None Ss \<longrightarrow> (Parallel Ss,s) -Pn\<rightarrow> (Parallel Ts,t) \<longrightarrow> Ts=Ss \<and> n=0 \<and> s=t"
prensani@13020
   129
apply(induct "n")
prensani@13020
   130
 apply(simp (no_asm))
prensani@13020
   131
apply clarify
bulwahn@46362
   132
apply(drule relpow_Suc_D2)
prensani@13020
   133
apply clarify
prensani@13020
   134
apply(erule transition_cases,simp_all)
prensani@13020
   135
apply(force dest:nth_mem simp add:All_None_def)
prensani@13020
   136
done
prensani@13020
   137
prensani@13020
   138
lemma Parallel_AllNone: "All_None Ts \<Longrightarrow> (SEM (Parallel Ts) X) = X"
prensani@13020
   139
apply (unfold SEM_def sem_def)
prensani@13020
   140
apply auto
bulwahn@46362
   141
apply(drule rtrancl_imp_UN_relpow)
prensani@13020
   142
apply clarify
prensani@13020
   143
apply(drule Parallel_AllNone_lemma)
prensani@13020
   144
apply auto
prensani@13020
   145
done
prensani@13020
   146
prensani@13020
   147
lemma Parallel_empty: "Ts=[] \<Longrightarrow> (SEM (Parallel Ts) X) = X"
prensani@13020
   148
apply(rule Parallel_AllNone)
prensani@13020
   149
apply(simp add:All_None_def)
prensani@13020
   150
done
prensani@13020
   151
prensani@13020
   152
text {* Set of lemmas from Apt and Olderog "Verification of sequential
prensani@13020
   153
and concurrent programs", page 63. *}
prensani@13020
   154
prensani@13020
   155
lemma L3_5i: "X\<subseteq>Y \<Longrightarrow> SEM c X \<subseteq> SEM c Y" 
prensani@13020
   156
apply (unfold SEM_def)
prensani@13020
   157
apply force
prensani@13020
   158
done
prensani@13020
   159
prensani@13020
   160
lemma L3_5ii_lemma1: 
prensani@13020
   161
 "\<lbrakk> (c1, s1) -P*\<rightarrow> (Parallel Ts, s2); All_None Ts;  
prensani@13020
   162
  (c2, s2) -P*\<rightarrow> (Parallel Ss, s3); All_None Ss \<rbrakk> 
prensani@13020
   163
 \<Longrightarrow> (Seq c1 c2, s1) -P*\<rightarrow> (Parallel Ss, s3)"
prensani@13020
   164
apply(erule converse_rtrancl_induct2)
prensani@13020
   165
apply(force intro:converse_rtrancl_into_rtrancl)+
prensani@13020
   166
done
prensani@13020
   167
prensani@13020
   168
lemma L3_5ii_lemma2 [rule_format (no_asm)]: 
prensani@13020
   169
 "\<forall>c1 c2 s t. (Seq c1 c2, s) -Pn\<rightarrow> (Parallel Ts, t) \<longrightarrow>  
prensani@13020
   170
  (All_None Ts) \<longrightarrow> (\<exists>y m Rs. (c1,s) -P*\<rightarrow> (Parallel Rs, y) \<and> 
prensani@13020
   171
  (All_None Rs) \<and> (c2, y) -Pm\<rightarrow> (Parallel Ts, t) \<and>  m \<le> n)"
prensani@13020
   172
apply(induct "n")
prensani@13020
   173
 apply(force)
bulwahn@46362
   174
apply(safe dest!: relpow_Suc_D2)
prensani@13020
   175
apply(erule transition_cases,simp_all)
prensani@13020
   176
 apply (fast intro!: le_SucI)
bulwahn@46362
   177
apply (fast intro!: le_SucI elim!: relpow_imp_rtrancl converse_rtrancl_into_rtrancl)
prensani@13020
   178
done
prensani@13020
   179
prensani@13020
   180
lemma L3_5ii_lemma3: 
prensani@13020
   181
 "\<lbrakk>(Seq c1 c2,s) -P*\<rightarrow> (Parallel Ts,t); All_None Ts\<rbrakk> \<Longrightarrow> 
prensani@13020
   182
    (\<exists>y Rs. (c1,s) -P*\<rightarrow> (Parallel Rs,y) \<and> All_None Rs 
prensani@13020
   183
   \<and> (c2,y) -P*\<rightarrow> (Parallel Ts,t))"
bulwahn@46362
   184
apply(drule rtrancl_imp_UN_relpow)
bulwahn@46362
   185
apply(fast dest: L3_5ii_lemma2 relpow_imp_rtrancl)
prensani@13020
   186
done
prensani@13020
   187
prensani@13020
   188
lemma L3_5ii: "SEM (Seq c1 c2) X = SEM c2 (SEM c1 X)"
prensani@13020
   189
apply (unfold SEM_def sem_def)
prensani@13020
   190
apply auto
prensani@13020
   191
 apply(fast dest: L3_5ii_lemma3)
prensani@13020
   192
apply(fast elim: L3_5ii_lemma1)
prensani@13020
   193
done
prensani@13020
   194
prensani@13020
   195
lemma L3_5iii: "SEM (Seq (Seq c1 c2) c3) X = SEM (Seq c1 (Seq c2 c3)) X"
prensani@13020
   196
apply (simp (no_asm) add: L3_5ii)
prensani@13020
   197
done
prensani@13020
   198
prensani@13020
   199
lemma L3_5iv:
prensani@13020
   200
 "SEM (Cond b c1 c2) X = (SEM c1 (X \<inter> b)) Un (SEM c2 (X \<inter> (-b)))"
prensani@13020
   201
apply (unfold SEM_def sem_def)
prensani@13020
   202
apply auto
prensani@13020
   203
apply(erule converse_rtranclE)
prensani@13020
   204
 prefer 2
prensani@13020
   205
 apply (erule transition_cases,simp_all)
prensani@13020
   206
  apply(fast intro: converse_rtrancl_into_rtrancl elim: transition_cases)+
prensani@13020
   207
done
prensani@13020
   208
prensani@13020
   209
prensani@13020
   210
lemma  L3_5v_lemma1[rule_format]: 
prensani@13020
   211
 "(S,s) -Pn\<rightarrow> (T,t) \<longrightarrow> S=\<Omega> \<longrightarrow> (\<not>(\<exists>Rs. T=(Parallel Rs) \<and> All_None Rs))"
prensani@13020
   212
apply (unfold UNIV_def)
prensani@13020
   213
apply(rule nat_less_induct)
prensani@13020
   214
apply safe
bulwahn@46362
   215
apply(erule relpow_E2)
prensani@13020
   216
 apply simp_all
prensani@13020
   217
apply(erule transition_cases)
prensani@13020
   218
 apply simp_all
bulwahn@46362
   219
apply(erule relpow_E2)
prensani@13020
   220
 apply(simp add: Id_def)
prensani@13020
   221
apply(erule transition_cases,simp_all)
prensani@13020
   222
apply clarify
prensani@13020
   223
apply(erule transition_cases,simp_all)
bulwahn@46362
   224
apply(erule relpow_E2,simp)
prensani@13020
   225
apply clarify
prensani@13020
   226
apply(erule transition_cases)
prensani@13020
   227
 apply simp+
prensani@13020
   228
    apply clarify
prensani@13020
   229
    apply(erule transition_cases)
prensani@13020
   230
apply simp_all
prensani@13020
   231
done
prensani@13020
   232
prensani@13020
   233
lemma L3_5v_lemma2: "\<lbrakk>(\<Omega>, s) -P*\<rightarrow> (Parallel Ts, t); All_None Ts \<rbrakk> \<Longrightarrow> False"
bulwahn@46362
   234
apply(fast dest: rtrancl_imp_UN_relpow L3_5v_lemma1)
prensani@13020
   235
done
prensani@13020
   236
prensani@13020
   237
lemma L3_5v_lemma3: "SEM (\<Omega>) S = {}"
prensani@13020
   238
apply (unfold SEM_def sem_def)
prensani@13020
   239
apply(fast dest: L3_5v_lemma2)
prensani@13020
   240
done
prensani@13020
   241
prensani@13020
   242
lemma L3_5v_lemma4 [rule_format]: 
prensani@13020
   243
 "\<forall>s. (While b i c, s) -Pn\<rightarrow> (Parallel Ts, t) \<longrightarrow> All_None Ts \<longrightarrow>  
prensani@13020
   244
  (\<exists>k. (fwhile b c k, s) -P*\<rightarrow> (Parallel Ts, t))"
prensani@13020
   245
apply(rule nat_less_induct)
prensani@13020
   246
apply safe
bulwahn@46362
   247
apply(erule relpow_E2)
prensani@13020
   248
 apply safe
prensani@13020
   249
apply(erule transition_cases,simp_all)
prensani@13020
   250
 apply (rule_tac x = "1" in exI)
prensani@13020
   251
 apply(force dest: Parallel_empty_lemma intro: converse_rtrancl_into_rtrancl simp add: Id_def)
prensani@13020
   252
apply safe
prensani@13020
   253
apply(drule L3_5ii_lemma2)
prensani@13020
   254
 apply safe
prensani@13020
   255
apply(drule le_imp_less_Suc)
prensani@13020
   256
apply (erule allE , erule impE,assumption)
prensani@13020
   257
apply (erule allE , erule impE, assumption)
prensani@13020
   258
apply safe
prensani@13020
   259
apply (rule_tac x = "k+1" in exI)
prensani@13020
   260
apply(simp (no_asm))
prensani@13020
   261
apply(rule converse_rtrancl_into_rtrancl)
prensani@13020
   262
 apply fast
prensani@13020
   263
apply(fast elim: L3_5ii_lemma1)
prensani@13020
   264
done
prensani@13020
   265
prensani@13020
   266
lemma L3_5v_lemma5 [rule_format]: 
prensani@13020
   267
 "\<forall>s. (fwhile b c k, s) -P*\<rightarrow> (Parallel Ts, t) \<longrightarrow> All_None Ts \<longrightarrow>  
prensani@13020
   268
  (While b i c, s) -P*\<rightarrow> (Parallel Ts,t)"
prensani@13020
   269
apply(induct "k")
prensani@13020
   270
 apply(force dest: L3_5v_lemma2)
prensani@13020
   271
apply safe
prensani@13020
   272
apply(erule converse_rtranclE)
prensani@13020
   273
 apply simp_all
prensani@13020
   274
apply(erule transition_cases,simp_all)
prensani@13020
   275
 apply(rule converse_rtrancl_into_rtrancl)
prensani@13020
   276
  apply(fast)
prensani@13020
   277
 apply(fast elim!: L3_5ii_lemma1 dest: L3_5ii_lemma3)
bulwahn@46362
   278
apply(drule rtrancl_imp_UN_relpow)
prensani@13020
   279
apply clarify
bulwahn@46362
   280
apply(erule relpow_E2)
prensani@13020
   281
 apply simp_all
prensani@13020
   282
apply(erule transition_cases,simp_all)
prensani@13020
   283
apply(fast dest: Parallel_empty_lemma)
prensani@13020
   284
done
prensani@13020
   285
prensani@13020
   286
lemma L3_5v: "SEM (While b i c) = (\<lambda>x. (\<Union>k. SEM (fwhile b c k) x))"
prensani@13020
   287
apply(rule ext)
prensani@13020
   288
apply (simp add: SEM_def sem_def)
prensani@13020
   289
apply safe
bulwahn@46362
   290
 apply(drule rtrancl_imp_UN_relpow,simp)
prensani@13020
   291
 apply clarify
prensani@13020
   292
 apply(fast dest:L3_5v_lemma4)
prensani@13020
   293
apply(fast intro: L3_5v_lemma5)
prensani@13020
   294
done
prensani@13020
   295
prensani@13020
   296
section {* Validity of Correctness Formulas *}
prensani@13020
   297
haftmann@35416
   298
definition com_validity :: "'a assn \<Rightarrow> 'a com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(3\<parallel>= _// _//_)" [90,55,90] 50) where
prensani@13020
   299
  "\<parallel>= p c q \<equiv> SEM c p \<subseteq> q"
prensani@13020
   300
haftmann@35416
   301
definition ann_com_validity :: "'a ann_com \<Rightarrow> 'a assn \<Rightarrow> bool" ("\<Turnstile> _ _" [60,90] 45) where
prensani@13020
   302
  "\<Turnstile> c q \<equiv> ann_SEM c (pre c) \<subseteq> q"
prensani@13020
   303
prensani@13020
   304
end