header {* \isaheader{Safety Logic} *} theory SafetyLogic = Main: text {* The Safety Logic defines how to formulate and prove safety properties of programs. In order to use this framework one needs to come up with a formula language and judgements for provability and validity of formulas. *} locale SafetyLogic = fixes TrueF:: "'form" ("\") fixes FalseF:: "'form" ("\") fixes Conj:: "'form list \ 'form" ("\_" [70]) fixes Impl:: "'form \ 'form \ 'form" ("_ \ _" [61,60] 60) fixes valid:: "'prog \ ('pos \ 'mem) \ 'form \ bool" ("(_,_ \ _)" [61,61,60] 60) fixes provable :: "'prog \ 'form \ bool" ("(_ \ _)" [61,60] 60) assumes semConj: " \,s \ \ L = (\f\set L. \,s \ f)" assumes semImpE: " \,s \ (f1 \ f2) \ (\,s \ f1 \ \,s \ f2)" assumes semTrue: "\,s \ \" assumes semFalse: "\ (\,s \ \)" (*<*) lemma (in SafetyLogic) semConjE: "\ \,s \ Conj L; f\set L \ \ \ ,s \ f" by (simp add: semConj) lemma (in SafetyLogic) semConjI: "\ \ ,s \ A; \ ,s \ B \ \ \ ,s \ Conj [A,B]" by (simp add: semConj) lemma (in SafetyLogic) semConjIM: "\ \ f\ set l. \ ,s \ f \ \ \,s \ Conj l" by (simp add: semConj) lemma (in SafetyLogic) semMP: "\ \ ,s \ Impl A B; \ ,s \ A\ \ \ ,s \ B" by (drule_tac ?f2.0="B" in semImpE,simp) lemma (in SafetyLogic) ImplEq: "\ A = A'; B = B' \ \ (Impl A B) = (Impl A' B')" by auto lemma (in SafetyLogic) ConjEq: "\ l1 = l2 \ \ (Conj l1 = Conj l2)" by auto (*>*) end