1 (* Title: HOL/IMP/VC.thy
6 acom: annotated commands
7 vc: verification-conditions
8 wp: weakest (liberal) precondition
17 | Awhile bexp assn acom
20 vc,wp :: acom => assn => assn
21 vcwp :: "acom => assn => assn * assn"
25 wp_Askip "wp Askip Q = Q"
26 wp_Aass "wp (Aass x a) Q = (%s.Q(s[A a s/x]))"
27 wp_Asemi "wp (Asemi c d) Q = wp c (wp d Q)"
28 wp_Aif "wp (Aif b c d) Q = (%s. (B b s-->wp c Q s)&(~B b s-->wp d Q s))"
29 wp_Awhile "wp (Awhile b I c) Q = I"
32 vc_Askip "vc Askip Q = (%s.True)"
33 vc_Aass "vc (Aass x a) Q = (%s.True)"
34 vc_Asemi "vc (Asemi c d) Q = (%s. vc c (wp d Q) s & vc d Q s)"
35 vc_Aif "vc (Aif b c d) Q = (%s. vc c Q s & vc d Q s)"
36 vc_Awhile "vc (Awhile b I c) Q = (%s. (I s & ~B b s --> Q s) &
37 (I s & B b s --> wp c I s) & vc c I s)"
40 astrip_Askip "astrip Askip = skip"
41 astrip_Aass "astrip (Aass x a) = (x:=a)"
42 astrip_Asemi "astrip (Asemi c d) = (astrip c;astrip d)"
43 astrip_Aif "astrip (Aif b c d) = ifC b (astrip c) (astrip d)"
44 astrip_Awhile "astrip (Awhile b I c) = whileC b (astrip c)"
46 (* simultaneous computation of vc and wp: *)
49 "vcwp Askip Q = (%s.True, Q)"
51 "vcwp (Aass x a) Q = (%s.True, %s.Q(s[A a s/x]))"
53 "vcwp (Asemi c d) Q = (let (vcd,wpd) = vcwp d Q;
54 (vcc,wpc) = vcwp c wpd
55 in (%s. vcc s & vcd s, wpc))"
57 "vcwp (Aif b c d) Q = (let (vcd,wpd) = vcwp d Q;
59 in (%s. vcc s & vcd s,
60 %s.(B b s-->wpc s) & (~B b s-->wpd s)))"
62 "vcwp (Awhile b I c) Q = (let (vcc,wpc) = vcwp c I
63 in (%s. (I s & ~B b s --> Q s) &
64 (I s & B b s --> wpc s) & vcc s, I))"