src/HOL/Hoare/hoare_tac.ML
author paulson <lp15@cam.ac.uk>
Sat, 04 Dec 2021 20:30:16 +0000
changeset 74878 0263787a06b4
parent 74506 d97c48dc87fa
child 80703 cc4ecaa8e96e
permissions -rw-r--r--
a slightly simpler proof
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
     1
(*  Title:      HOL/Hoare/hoare_tac.ML
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
     2
    Author:     Leonor Prensa Nieto & Tobias Nipkow
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
     3
    Author:     Walter Guttmann (extension to total-correctness proofs)
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
     4
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
     5
Derivation of the proof rules and, most importantly, the VCG tactic.
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
     6
*)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
     7
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
     8
signature HOARE_TAC =
55660
f0f895716a8b proper ML structure with signature;
wenzelm
parents: 55659
diff changeset
     9
sig
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    10
  val hoare_rule_tac: Proof.context -> term list * thm -> (int -> tactic) -> bool ->
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    11
    int -> tactic
55660
f0f895716a8b proper ML structure with signature;
wenzelm
parents: 55659
diff changeset
    12
  val hoare_tac: Proof.context -> (int -> tactic) -> int -> tactic
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
    13
  val hoare_tc_tac: Proof.context -> (int -> tactic) -> int -> tactic
55660
f0f895716a8b proper ML structure with signature;
wenzelm
parents: 55659
diff changeset
    14
end;
f0f895716a8b proper ML structure with signature;
wenzelm
parents: 55659
diff changeset
    15
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
    16
structure Hoare_Tac: HOARE_TAC =
55660
f0f895716a8b proper ML structure with signature;
wenzelm
parents: 55659
diff changeset
    17
struct
41449
7339f0e7c513 do not open ML structures;
wenzelm
parents: 38012
diff changeset
    18
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    19
(*** The tactics ***)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    20
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    21
(*****************************************************************************)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    22
(** The function Mset makes the theorem                                     **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    23
(** "?Mset <= {(x1,...,xn). ?P (x1,...,xn)} ==> ?Mset <= {s. ?P s}",        **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    24
(** where (x1,...,xn) are the variables of the particular program we are    **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    25
(** working on at the moment of the call                                    **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    26
(*****************************************************************************)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    27
41449
7339f0e7c513 do not open ML structures;
wenzelm
parents: 38012
diff changeset
    28
local
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    29
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    30
(** maps (%x1 ... xn. t) to [x1,...,xn] **)
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    31
fun abs2list \<^Const_>\<open>case_prod _ _ _ for \<open>Abs (x, T, t)\<close>\<close> = Free (x, T) :: abs2list t
55659
4089f6e98ab9 reduced ML warnings;
wenzelm
parents: 55414
diff changeset
    32
  | abs2list (Abs (x, T, _)) = [Free (x, T)]
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    33
  | abs2list _ = [];
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    34
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    35
(** maps {(x1,...,xn). t} to [x1,...,xn] **)
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    36
fun mk_vars \<^Const_>\<open>Collect _ for T\<close> = abs2list T
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    37
  | mk_vars _ = [];
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    38
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    39
(** abstraction of body over a tuple formed from a list of free variables.
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    40
Types are also built **)
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    41
fun mk_abstupleC [] body = absfree ("x", \<^Type>\<open>unit\<close>) body
44241
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    42
  | mk_abstupleC [v] body = absfree (dest_Free v) body
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    43
  | mk_abstupleC (v :: w) body =
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    44
      let
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    45
        val (x, T) = dest_Free v;
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    46
        val z = mk_abstupleC w body;
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    47
        val T2 =
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    48
          (case z of
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    49
            Abs (_, T, _) => T
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    50
          | Const (_, Type (_, [_, Type (_, [T, _])])) $ _ => T);
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    51
      in
74375
ba880f3a4e52 tuned antiquotations;
wenzelm
parents: 74304
diff changeset
    52
        \<^Const>\<open>case_prod T T2 \<^Type>\<open>bool\<close> for \<open>absfree (x, T) z\<close>\<close>
44241
7943b69f0188 modernized signature of Term.absfree/absdummy;
wenzelm
parents: 42793
diff changeset
    53
      end;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    54
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    55
(** maps [x1,...,xn] to (x1,...,xn) and types**)
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    56
fun mk_bodyC [] = \<^Const>\<open>Unity\<close>
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    57
  | mk_bodyC [x] = x
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    58
  | mk_bodyC (x :: xs) =
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    59
      let
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    60
        val (_, T) = dest_Free x;
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    61
        val z = mk_bodyC xs;
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    62
        val T2 =
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    63
          (case z of
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    64
            Free (_, T) => T
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    65
          | \<^Const_>\<open>Pair A B for _ _\<close> => \<^Type>\<open>prod A B\<close>);
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    66
     in \<^Const>\<open>Pair T T2 for x z\<close> end;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    67
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    68
(** maps a subgoal of the form:
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    69
    VARS x1 ... xn {._.} _ {._.} or to [x1,...,xn]
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    70
**)
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    71
fun get_vars c =
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    72
  let
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    73
    val d = Logic.strip_assums_concl c;
74506
d97c48dc87fa support HOL-Isar_Examples.Hoare as well (amending 403ce50e6a2a);
wenzelm
parents: 74503
diff changeset
    74
    val pre =
d97c48dc87fa support HOL-Isar_Examples.Hoare as well (amending 403ce50e6a2a);
wenzelm
parents: 74503
diff changeset
    75
      case HOLogic.dest_Trueprop d of
d97c48dc87fa support HOL-Isar_Examples.Hoare as well (amending 403ce50e6a2a);
wenzelm
parents: 74503
diff changeset
    76
        Const _ $ pre $ _ $ _ $ _ => pre
d97c48dc87fa support HOL-Isar_Examples.Hoare as well (amending 403ce50e6a2a);
wenzelm
parents: 74503
diff changeset
    77
      | Const _ $ pre $ _ $ _ => pre   \<comment> \<open>support for \<^file>\<open>~~/src/HOL/Isar_Examples/Hoare.thy\<close>\<close>
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    78
  in mk_vars pre end;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    79
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    80
fun mk_CollectC tm =
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    81
  let val \<^Type>\<open>fun t _\<close> = fastype_of tm;
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    82
  in \<^Const>\<open>Collect t for tm\<close> end;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    83
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    84
fun inclt ty = \<^Const>\<open>less_eq ty\<close>;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    85
41449
7339f0e7c513 do not open ML structures;
wenzelm
parents: 38012
diff changeset
    86
in
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    87
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    88
fun Mset ctxt prop =
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    89
  let
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    90
    val [(Mset, _), (P, _)] = Variable.variant_frees ctxt [] [("Mset", ()), ("P", ())];
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
    91
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    92
    val vars = get_vars prop;
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    93
    val varsT = fastype_of (mk_bodyC vars);
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    94
    val big_Collect =
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    95
      mk_CollectC (mk_abstupleC vars (Free (P, varsT --> \<^Type>\<open>bool\<close>) $ mk_bodyC vars));
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
    96
    val small_Collect =
74304
1466f8a2f6dd more antiquotations;
wenzelm
parents: 72985
diff changeset
    97
      mk_CollectC (Abs ("x", varsT, Free (P, varsT --> \<^Type>\<open>bool\<close>) $ Bound 0));
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    98
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
    99
    val MsetT = fastype_of big_Collect;
41449
7339f0e7c513 do not open ML structures;
wenzelm
parents: 38012
diff changeset
   100
    fun Mset_incl t = HOLogic.mk_Trueprop (inclt MsetT $ Free (Mset, MsetT) $ t);
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   101
    val impl = Logic.mk_implies (Mset_incl big_Collect, Mset_incl small_Collect);
42793
88bee9f6eec7 proper Proof.context for classical tactics;
wenzelm
parents: 41449
diff changeset
   102
    val th = Goal.prove ctxt [Mset, P] [] impl (fn _ => blast_tac ctxt 1);
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   103
 in (vars, th) end;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   104
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   105
end;
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   106
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   107
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   108
(*****************************************************************************)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   109
(** Simplifying:                                                            **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   110
(** Some useful lemmata, lists and simplification tactics to control which  **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   111
(** theorems are used to simplify at each moment, so that the original      **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   112
(** input does not suffer any unexpected transformation                     **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   113
(*****************************************************************************)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   114
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   115
(**Simp_tacs**)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   116
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   117
fun before_set2pred_simp_tac ctxt =
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   118
  simp_tac (put_simpset HOL_basic_ss ctxt addsimps [Collect_conj_eq RS sym, @{thm Compl_Collect}]);
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   119
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   120
fun split_simp_tac ctxt =
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   121
  simp_tac (put_simpset HOL_basic_ss ctxt addsimps [@{thm split_conv}]);
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   122
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   123
(*****************************************************************************)
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   124
(** set_to_pred_tac transforms sets inclusion into predicates implication,  **)
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   125
(** maintaining the original variable names.                                **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   126
(** Ex. "{x. x=0} <= {x. x <= 1}" -set2pred-> "x=0 --> x <= 1"              **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   127
(** Subgoals containing intersections (A Int B) or complement sets (-A)     **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   128
(** are first simplified by "before_set2pred_simp_tac", that returns only   **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   129
(** subgoals of the form "{x. P x} <= {x. Q x}", which are easily           **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   130
(** transformed.                                                            **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   131
(** This transformation may solve very easy subgoals due to a ligth         **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   132
(** simplification done by (split_all_tac)                                  **)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   133
(*****************************************************************************)
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   134
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   135
fun set_to_pred_tac ctxt var_names = SUBGOAL (fn (_, i) =>
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   136
  before_set2pred_simp_tac ctxt i THEN_MAYBE
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   137
  EVERY [
60754
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   138
    resolve_tac ctxt [subsetI] i,
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   139
    resolve_tac ctxt [CollectI] i,
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   140
    dresolve_tac ctxt [CollectD] i,
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   141
    TRY (split_all_tac ctxt i) THEN_MAYBE
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   142
     (rename_tac var_names i THEN
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   143
      full_simp_tac (put_simpset HOL_basic_ss ctxt addsimps [@{thm split_conv}]) i)]);
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   144
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   145
(*******************************************************************************)
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   146
(** basic_simp_tac is called to simplify all verification conditions. It does **)
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   147
(** a light simplification by applying "mem_Collect_eq", then it calls        **)
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   148
(** max_simp_tac, which solves subgoals of the form "A <= A",                 **)
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   149
(** and transforms any other into predicates, applying then                   **)
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   150
(** the tactic chosen by the user, which may solve the subgoal completely.    **)
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   151
(*******************************************************************************)
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   152
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   153
fun max_simp_tac ctxt var_names tac =
60754
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   154
  FIRST' [resolve_tac ctxt [subset_refl],
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   155
    set_to_pred_tac ctxt var_names THEN_MAYBE' tac];
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   156
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   157
fun basic_simp_tac ctxt var_names tac =
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   158
  simp_tac
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   159
    (put_simpset HOL_basic_ss ctxt
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   160
      addsimps [mem_Collect_eq, @{thm split_conv}] addsimprocs [Record.simproc])
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   161
  THEN_MAYBE' max_simp_tac ctxt var_names tac;
24475
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   162
a297ae4ff188 added Hoare/hoare_tac.ML (code from Hoare/Hoare.thy, also required in Isar_examples/Hoare.thy);
wenzelm
parents:
diff changeset
   163
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   164
(** hoare_rule_tac **)
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   165
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   166
fun hoare_rule_tac ctxt (vars, Mlem) tac =
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   167
  let
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   168
    val get_thms = Proof_Context.get_thms ctxt;
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   169
    val var_names = map (fst o dest_Free) vars;
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   170
    fun wlp_tac i =
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   171
      resolve_tac ctxt (get_thms \<^named_theorems>\<open>SeqRule\<close>) i THEN rule_tac false (i + 1)
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   172
    and rule_tac pre_cond i st = st |> (*abstraction over st prevents looping*)
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   173
      ((wlp_tac i THEN rule_tac pre_cond i)
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   174
        ORELSE
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   175
        (FIRST [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   176
          resolve_tac ctxt (get_thms \<^named_theorems>\<open>SkipRule\<close>) i,
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   177
          resolve_tac ctxt (get_thms \<^named_theorems>\<open>AbortRule\<close>) i,
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   178
          EVERY [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   179
            resolve_tac ctxt (get_thms \<^named_theorems>\<open>BasicRule\<close>) i,
60754
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   180
            resolve_tac ctxt [Mlem] i,
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   181
            split_simp_tac ctxt i],
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   182
          EVERY [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   183
            resolve_tac ctxt (get_thms \<^named_theorems>\<open>CondRule\<close>) i,
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   184
            rule_tac false (i + 2),
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   185
            rule_tac false (i + 1)],
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   186
          EVERY [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   187
            resolve_tac ctxt (get_thms \<^named_theorems>\<open>WhileRule\<close>) i,
55661
ec14796cd140 tuned whitespace;
wenzelm
parents: 55660
diff changeset
   188
            basic_simp_tac ctxt var_names tac (i + 2),
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   189
            rule_tac true (i + 1)]]
60754
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   190
         THEN (
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   191
           if pre_cond then basic_simp_tac ctxt var_names tac i
02924903a6fd prefer tactics with explicit context;
wenzelm
parents: 55661
diff changeset
   192
           else resolve_tac ctxt [subset_refl] i)));
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   193
  in rule_tac end;
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   194
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   195
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   196
(** tac is the tactic the user chooses to solve or simplify **)
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   197
(** the final verification conditions                       **)
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   198
55659
4089f6e98ab9 reduced ML warnings;
wenzelm
parents: 55414
diff changeset
   199
fun hoare_tac ctxt tac = SUBGOAL (fn (goal, i) =>
51717
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents: 44241
diff changeset
   200
  SELECT_GOAL (hoare_rule_tac ctxt (Mset ctxt goal) tac true 1) i);
28457
25669513fd4c major cleanup of hoare_tac.ML: just one copy for Hoare.thy and HoareAbort.thy (only 1 line different), refrain from inspecting the main goal, proper context;
wenzelm
parents: 27330
diff changeset
   201
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   202
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   203
(* total correctness rules *)
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   204
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   205
fun hoare_tc_rule_tac ctxt (vars, Mlem) tac =
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   206
  let
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   207
    val get_thms = Proof_Context.get_thms ctxt;
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   208
    val var_names = map (fst o dest_Free) vars;
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   209
    fun wlp_tac i =
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   210
      resolve_tac ctxt (get_thms \<^named_theorems>\<open>SeqRuleTC\<close>) i THEN rule_tac false (i + 1)
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   211
    and rule_tac pre_cond i st = st |> (*abstraction over st prevents looping*)
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   212
      ((wlp_tac i THEN rule_tac pre_cond i)
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   213
        ORELSE
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   214
        (FIRST [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   215
          resolve_tac ctxt (get_thms \<^named_theorems>\<open>SkipRuleTC\<close>) i,
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   216
          EVERY [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   217
            resolve_tac ctxt (get_thms \<^named_theorems>\<open>BasicRuleTC\<close>) i,
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   218
            resolve_tac ctxt [Mlem] i,
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   219
            split_simp_tac ctxt i],
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   220
          EVERY [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   221
            resolve_tac ctxt (get_thms \<^named_theorems>\<open>CondRuleTC\<close>) i,
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   222
            rule_tac false (i + 2),
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   223
            rule_tac false (i + 1)],
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   224
          EVERY [
72985
9cc431444435 clarified modules: avoid multiple uses of the same ML file;
wenzelm
parents: 72806
diff changeset
   225
            resolve_tac ctxt (get_thms \<^named_theorems>\<open>WhileRuleTC\<close>) i,
72806
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   226
            basic_simp_tac ctxt var_names tac (i + 2),
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   227
            rule_tac true (i + 1)]]
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   228
         THEN (
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   229
           if pre_cond then basic_simp_tac ctxt var_names tac i
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   230
           else resolve_tac ctxt [subset_refl] i)));
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   231
  in rule_tac end;
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   232
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   233
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   234
fun hoare_tc_tac ctxt tac = SUBGOAL (fn (goal, i) =>
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   235
  SELECT_GOAL (hoare_tc_rule_tac ctxt (Mset ctxt goal) tac true 1) i);
4fa08e083865 Extension of session HOL/Hoare with total correctness proof system by Walter Guttmann
nipkow
parents: 69597
diff changeset
   236
55660
f0f895716a8b proper ML structure with signature;
wenzelm
parents: 55659
diff changeset
   237
end;