src/HOL/Hoare/hoare_tac.ML
 author haftmann Wed Feb 10 14:12:04 2010 +0100 (2010-02-10) changeset 35092 cfe605c54e50 parent 34974 18b41bba42b5 child 37135 636e6d8645d6 permissions -rw-r--r--
moved less_eq, less to Orderings.thy; moved abs, sgn to Groups.thy
```     1 (*  Title:      HOL/Hoare/hoare_tac.ML
```
```     2     ID:         \$Id\$
```
```     3     Author:     Leonor Prensa Nieto & Tobias Nipkow
```
```     4
```
```     5 Derivation of the proof rules and, most importantly, the VCG tactic.
```
```     6 *)
```
```     7
```
```     8 (*** The tactics ***)
```
```     9
```
```    10 (*****************************************************************************)
```
```    11 (** The function Mset makes the theorem                                     **)
```
```    12 (** "?Mset <= {(x1,...,xn). ?P (x1,...,xn)} ==> ?Mset <= {s. ?P s}",        **)
```
```    13 (** where (x1,...,xn) are the variables of the particular program we are    **)
```
```    14 (** working on at the moment of the call                                    **)
```
```    15 (*****************************************************************************)
```
```    16
```
```    17 local open HOLogic in
```
```    18
```
```    19 (** maps (%x1 ... xn. t) to [x1,...,xn] **)
```
```    20 fun abs2list (Const ("split",_) \$ (Abs(x,T,t))) = Free (x, T)::abs2list t
```
```    21   | abs2list (Abs(x,T,t)) = [Free (x, T)]
```
```    22   | abs2list _ = [];
```
```    23
```
```    24 (** maps {(x1,...,xn). t} to [x1,...,xn] **)
```
```    25 fun mk_vars (Const ("Collect",_) \$ T) = abs2list T
```
```    26   | mk_vars _ = [];
```
```    27
```
```    28 (** abstraction of body over a tuple formed from a list of free variables.
```
```    29 Types are also built **)
```
```    30 fun mk_abstupleC []     body = absfree ("x", unitT, body)
```
```    31   | mk_abstupleC (v::w) body = let val (n,T) = dest_Free v
```
```    32                                in if w=[] then absfree (n, T, body)
```
```    33         else let val z  = mk_abstupleC w body;
```
```    34                  val T2 = case z of Abs(_,T,_) => T
```
```    35                         | Const (_, Type (_,[_, Type (_,[T,_])])) \$ _ => T;
```
```    36        in Const ("split", (T --> T2 --> boolT) --> mk_prodT (T,T2) --> boolT)
```
```    37           \$ absfree (n, T, z) end end;
```
```    38
```
```    39 (** maps [x1,...,xn] to (x1,...,xn) and types**)
```
```    40 fun mk_bodyC []      = HOLogic.unit
```
```    41   | mk_bodyC (x::xs) = if xs=[] then x
```
```    42                else let val (n, T) = dest_Free x ;
```
```    43                         val z = mk_bodyC xs;
```
```    44                         val T2 = case z of Free(_, T) => T
```
```    45                                          | Const ("Pair", Type ("fun", [_, Type
```
```    46                                             ("fun", [_, T])])) \$ _ \$ _ => T;
```
```    47                  in Const ("Pair", [T, T2] ---> mk_prodT (T, T2)) \$ x \$ z end;
```
```    48
```
```    49 (** maps a subgoal of the form:
```
```    50         VARS x1 ... xn {._.} _ {._.} or to [x1,...,xn]**)
```
```    51 fun get_vars c =
```
```    52   let
```
```    53     val d = Logic.strip_assums_concl c;
```
```    54     val Const _ \$ pre \$ _ \$ _ = dest_Trueprop d;
```
```    55   in mk_vars pre end;
```
```    56
```
```    57 fun mk_CollectC trm =
```
```    58   let val T as Type ("fun",[t,_]) = fastype_of trm
```
```    59   in Collect_const t \$ trm end;
```
```    60
```
```    61 fun inclt ty = Const (@{const_name Orderings.less_eq}, [ty,ty] ---> boolT);
```
```    62
```
```    63
```
```    64 fun Mset ctxt prop =
```
```    65   let
```
```    66     val [(Mset, _), (P, _)] = Variable.variant_frees ctxt [] [("Mset", ()), ("P", ())];
```
```    67
```
```    68     val vars = get_vars prop;
```
```    69     val varsT = fastype_of (mk_bodyC vars);
```
```    70     val big_Collect = mk_CollectC (mk_abstupleC vars (Free (P, varsT --> boolT) \$ mk_bodyC vars));
```
```    71     val small_Collect = mk_CollectC (Abs ("x", varsT, Free (P, varsT --> boolT) \$ Bound 0));
```
```    72
```
```    73     val MsetT = fastype_of big_Collect;
```
```    74     fun Mset_incl t = mk_Trueprop (inclt MsetT \$ Free (Mset, MsetT) \$ t);
```
```    75     val impl = Logic.mk_implies (Mset_incl big_Collect, Mset_incl small_Collect);
```
```    76     val th = Goal.prove ctxt [Mset, P] [] impl (fn _ => blast_tac (claset_of ctxt) 1);
```
```    77  in (vars, th) end;
```
```    78
```
```    79 end;
```
```    80
```
```    81
```
```    82 (*****************************************************************************)
```
```    83 (** Simplifying:                                                            **)
```
```    84 (** Some useful lemmata, lists and simplification tactics to control which  **)
```
```    85 (** theorems are used to simplify at each moment, so that the original      **)
```
```    86 (** input does not suffer any unexpected transformation                     **)
```
```    87 (*****************************************************************************)
```
```    88
```
```    89 (**Simp_tacs**)
```
```    90
```
```    91 val before_set2pred_simp_tac =
```
```    92   (simp_tac (HOL_basic_ss addsimps [Collect_conj_eq RS sym, @{thm Compl_Collect}]));
```
```    93
```
```    94 val split_simp_tac = (simp_tac (HOL_basic_ss addsimps [split_conv]));
```
```    95
```
```    96 (*****************************************************************************)
```
```    97 (** set2pred_tac transforms sets inclusion into predicates implication,     **)
```
```    98 (** maintaining the original variable names.                                **)
```
```    99 (** Ex. "{x. x=0} <= {x. x <= 1}" -set2pred-> "x=0 --> x <= 1"              **)
```
```   100 (** Subgoals containing intersections (A Int B) or complement sets (-A)     **)
```
```   101 (** are first simplified by "before_set2pred_simp_tac", that returns only   **)
```
```   102 (** subgoals of the form "{x. P x} <= {x. Q x}", which are easily           **)
```
```   103 (** transformed.                                                            **)
```
```   104 (** This transformation may solve very easy subgoals due to a ligth         **)
```
```   105 (** simplification done by (split_all_tac)                                  **)
```
```   106 (*****************************************************************************)
```
```   107
```
```   108 fun set2pred_tac var_names = SUBGOAL (fn (goal, i) =>
```
```   109   before_set2pred_simp_tac i THEN_MAYBE
```
```   110   EVERY [
```
```   111     rtac subsetI i,
```
```   112     rtac CollectI i,
```
```   113     dtac CollectD i,
```
```   114     TRY (split_all_tac i) THEN_MAYBE
```
```   115      (rename_tac var_names i THEN full_simp_tac (HOL_basic_ss addsimps [split_conv]) i)]);
```
```   116
```
```   117 (*****************************************************************************)
```
```   118 (** BasicSimpTac is called to simplify all verification conditions. It does **)
```
```   119 (** a light simplification by applying "mem_Collect_eq", then it calls      **)
```
```   120 (** MaxSimpTac, which solves subgoals of the form "A <= A",                 **)
```
```   121 (** and transforms any other into predicates, applying then                 **)
```
```   122 (** the tactic chosen by the user, which may solve the subgoal completely.  **)
```
```   123 (*****************************************************************************)
```
```   124
```
```   125 fun MaxSimpTac var_names tac = FIRST'[rtac subset_refl, set2pred_tac var_names THEN_MAYBE' tac];
```
```   126
```
```   127 fun BasicSimpTac var_names tac =
```
```   128   simp_tac
```
```   129     (HOL_basic_ss addsimps [mem_Collect_eq, split_conv] addsimprocs [record_simproc])
```
```   130   THEN_MAYBE' MaxSimpTac var_names tac;
```
```   131
```
```   132
```
```   133 (** hoare_rule_tac **)
```
```   134
```
```   135 fun hoare_rule_tac (vars, Mlem) tac =
```
```   136   let
```
```   137     val var_names = map (fst o dest_Free) vars;
```
```   138     fun wlp_tac i =
```
```   139       rtac @{thm SeqRule} i THEN rule_tac false (i + 1)
```
```   140     and rule_tac pre_cond i st = st |> (*abstraction over st prevents looping*)
```
```   141       ((wlp_tac i THEN rule_tac pre_cond i)
```
```   142         ORELSE
```
```   143         (FIRST [
```
```   144           rtac @{thm SkipRule} i,
```
```   145           rtac @{thm AbortRule} i,
```
```   146           EVERY [
```
```   147             rtac @{thm BasicRule} i,
```
```   148             rtac Mlem i,
```
```   149             split_simp_tac i],
```
```   150           EVERY [
```
```   151             rtac @{thm CondRule} i,
```
```   152             rule_tac false (i + 2),
```
```   153             rule_tac false (i + 1)],
```
```   154           EVERY [
```
```   155             rtac @{thm WhileRule} i,
```
```   156             BasicSimpTac var_names tac (i + 2),
```
```   157             rule_tac true (i + 1)]]
```
```   158          THEN (if pre_cond then BasicSimpTac var_names tac i else rtac subset_refl i)));
```
```   159   in rule_tac end;
```
```   160
```
```   161
```
```   162 (** tac is the tactic the user chooses to solve or simplify **)
```
```   163 (** the final verification conditions                       **)
```
```   164
```
```   165 fun hoare_tac ctxt (tac: int -> tactic) = SUBGOAL (fn (goal, i) =>
```
```   166   SELECT_GOAL (hoare_rule_tac (Mset ctxt goal) tac true 1) i);
```
```   167
```