isabelle: src/HOL/IMP/Transition.thy@0c90e581379f (annotated)

12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	1	(* Title: HOL/IMP/Transition.thy
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	2	ID: $Id$
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	3	Author: Tobias Nipkow & Robert Sandner, TUM
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	4	Isar Version: Gerwin Klein, 2001
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	5	Copyright 1996 TUM
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	6	*)
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	7
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	8	header "Transition Semantics of Commands"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	9
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	10	theory Transition = Natural:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	11
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	12	subsection "The transition relation"
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	13
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	14	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	15	We formalize the transition semantics as in \cite{Nielson}. This
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	16	makes some of the rules a bit more intuitive, but also requires
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	17	some more (internal) formal overhead.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	18
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	19	Since configurations that have terminated are written without
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	20	a statement, the transition relation is not
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	21	@{typ "((com \<times> state) \<times> (com \<times> state)) set"}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	22	but instead:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	23	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	24	consts evalc1 :: "((com option \<times> state) \<times> (com option \<times> state)) set"
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	25
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	26	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	27	Some syntactic sugar that we will use to hide the
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	28	@{text option} part in configurations:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	29	*}
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	30	syntax
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	31	"_angle" :: "[com, state] \<Rightarrow> com option \<times> state" ("<_,_>")
0c90e581379f tuned; wenzelm parents: 12434 diff changeset	32	"_angle2" :: "state \<Rightarrow> com option \<times> state" ("<_>")
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	33
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	34	syntax (xsymbols)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	35	"_angle" :: "[com, state] \<Rightarrow> com option \<times> state" ("\<langle>_,_\<rangle>")
0c90e581379f tuned; wenzelm parents: 12434 diff changeset	36	"_angle2" :: "state \<Rightarrow> com option \<times> state" ("\<langle>_\<rangle>")
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	37
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	38	translations
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	39	"\<langle>c,s\<rangle>" == "(Some c, s)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	40	"\<langle>s\<rangle>" == "(None, s)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	41
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	42	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	43	More syntactic sugar for the transition relation, and its
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	44	iteration.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	45	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	46	syntax
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	47	"_evalc1" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	48	("_ -1-> _" [60,60] 60)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	49	"_evalcn" :: "[(com option\<times>state),nat,(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	50	("_ -_-> _" [60,60,60] 60)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	51	"_evalc*" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	52	("_ -*-> _" [60,60] 60)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	53
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	54	syntax (xsymbols)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	55	"_evalc1" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	56	("_ \<longrightarrow>\<^sub>1 _" [60,60] 61)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	57	"_evalcn" :: "[(com option\<times>state),nat,(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	58	("_ -_\<rightarrow>\<^sub>1 _" [60,60,60] 60)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	59	"_evalc*" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	60	("_ \<longrightarrow>\<^sub>1\<^sup>* _" [60,60] 60)
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	61
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	62	translations
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	63	"cs \<longrightarrow>\<^sub>1 cs'" == "(cs,cs') \<in> evalc1"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	64	"cs -n\<rightarrow>\<^sub>1 cs'" == "(cs,cs') \<in> evalc1^n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	65	"cs \<longrightarrow>\<^sub>1\<^sup>* cs'" == "(cs,cs') \<in> evalc1^*"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	66
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	67	-- {* Isabelle converts @{text "(cs0,(c1,s1))"} to @{term "(cs0,c1,s1)"},
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	68	so we also include: *}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	69	"cs0 \<longrightarrow>\<^sub>1 (c1,s1)" == "(cs0,c1,s1) \<in> evalc1"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	70	"cs0 -n\<rightarrow>\<^sub>1 (c1,s1)" == "(cs0,c1,s1) \<in> evalc1^n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	71	"cs0 \<longrightarrow>\<^sub>1\<^sup>* (c1,s1)" == "(cs0,c1,s1) \<in> evalc1^*"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	72
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	73	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	74	Now, finally, we are set to write down the rules for our small step semantics:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	75	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	76	inductive evalc1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	77	intros
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	78	Skip: "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	79	Assign: "\<langle>x :== a, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s[x \<mapsto> a s]\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	80
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	81	Semi1: "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> \<langle>c0;c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1,s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	82	Semi2: "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0',s'\<rangle> \<Longrightarrow> \<langle>c0;c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0';c1,s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	83
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	84	IfTrue: "b s \<Longrightarrow> \<langle>\<IF> b \<THEN> c1 \<ELSE> c2,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1,s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	85	IfFalse: "\<not>b s \<Longrightarrow> \<langle>\<IF> b \<THEN> c1 \<ELSE> c2,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c2,s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	86
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	87	While: "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<IF> b \<THEN> c; \<WHILE> b \<DO> c \<ELSE> \<SKIP>,s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	88
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	89	lemmas [intro] = evalc1.intros -- "again, use these rules in automatic proofs"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	90
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	91	(<)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	92	(* fixme: move to Relation_Power.thy *)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	93	lemma rel_pow_Suc_E2 [elim!]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	94	"[\| (x, z) \<in> R ^ Suc n; !!y. [\| (x, y) \<in> R; (y, z) \<in> R ^ n \|] ==> P \|] ==> P"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	95	by (drule rel_pow_Suc_D2) blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	96
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	97	lemma rtrancl_imp_rel_pow: "p \<in> R^* \<Longrightarrow> \<exists>n. p \<in> R^n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	98	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	99	assume "p \<in> R\<^sup>*"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	100	moreover obtain x y where p: "p = (x,y)" by (cases p)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	101	ultimately have "(x,y) \<in> R\<^sup>*" by hypsubst
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	102	hence "\<exists>n. (x,y) \<in> R^n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	103	proof induct
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	104	fix a have "(a,a) \<in> R^0" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	105	thus "\<exists>n. (a,a) \<in> R ^ n" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	106	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	107	fix a b c assume "\<exists>n. (a,b) \<in> R ^ n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	108	then obtain n where "(a,b) \<in> R^n" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	109	moreover assume "(b,c) \<in> R"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	110	ultimately have "(a,c) \<in> R^(Suc n)" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	111	thus "\<exists>n. (a,c) \<in> R^n" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	112	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	113	with p show ?thesis by hypsubst
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	114	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	115	(>)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	116	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	117	As for the big step semantics you can read these rules in a
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	118	syntax directed way:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	119	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	120	lemma SKIP_1: "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 y = (y = \<langle>s\<rangle>)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	121	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	122
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	123	lemma Assign_1: "\<langle>x :== a, s\<rangle> \<longrightarrow>\<^sub>1 y = (y = \<langle>s[x \<mapsto> a s]\<rangle>)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	124	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	125
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	126	lemma Cond_1:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	127	"\<langle>\<IF> b \<THEN> c1 \<ELSE> c2, s\<rangle> \<longrightarrow>\<^sub>1 y = ((b s \<longrightarrow> y = \<langle>c1, s\<rangle>) \<and> (\<not>b s \<longrightarrow> y = \<langle>c2, s\<rangle>))"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	128	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	129
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	130	lemma While_1:
ff2efde4574d tuned kleing parents: 12431 diff changeset	131	"\<langle>\<WHILE> b \<DO> c, s\<rangle> \<longrightarrow>\<^sub>1 y = (y = \<langle>\<IF> b \<THEN> c; \<WHILE> b \<DO> c \<ELSE> \<SKIP>, s\<rangle>)"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	132	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	133
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	134	lemmas [simp] = SKIP_1 Assign_1 Cond_1 While_1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	135
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	136
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	137	subsection "Examples"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	138
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	139	lemma
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	140	"s x = 0 \<Longrightarrow> \<langle>\<WHILE> \<lambda>s. s x \<noteq> 1 \<DO> (x:== \<lambda>s. s x+1), s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s[x \<mapsto> 1]\<rangle>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	141	(is "_ \<Longrightarrow> \<langle>?w, _\<rangle> \<longrightarrow>\<^sub>1\<^sup>* _")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	142	proof -
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	143	let ?c = "x:== \<lambda>s. s x+1"
ff2efde4574d tuned kleing parents: 12431 diff changeset	144	let ?if = "\<IF> \<lambda>s. s x \<noteq> 1 \<THEN> ?c; ?w \<ELSE> \<SKIP>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	145	assume [simp]: "s x = 0"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	146	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" ..
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	147	also have "\<langle>?if, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s\<rangle>" by simp
ff2efde4574d tuned kleing parents: 12431 diff changeset	148	also have "\<langle>?c; ?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 1]\<rangle>" by (rule Semi1, simp)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	149	also have "\<langle>?w, s[x \<mapsto> 1]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s[x \<mapsto> 1]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	150	also have "\<langle>?if, s[x \<mapsto> 1]\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<SKIP>, s[x \<mapsto> 1]\<rangle>" by (simp add: update_def)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	151	also have "\<langle>\<SKIP>, s[x \<mapsto> 1]\<rangle> \<longrightarrow>\<^sub>1 \<langle>s[x \<mapsto> 1]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	152	finally show ?thesis ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	153	qed
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	154
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	155	lemma
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	156	"s x = 2 \<Longrightarrow> \<langle>\<WHILE> \<lambda>s. s x \<noteq> 1 \<DO> (x:== \<lambda>s. s x+1), s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* s'"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	157	(is "_ \<Longrightarrow> \<langle>?w, _\<rangle> \<longrightarrow>\<^sub>1\<^sup>* s'")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	158	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	159	let ?c = "x:== \<lambda>s. s x+1"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	160	let ?if = "\<IF> \<lambda>s. s x \<noteq> 1 \<THEN> ?c; ?w \<ELSE> \<SKIP>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	161	assume [simp]: "s x = 2"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	162	note update_def [simp]
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	163	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	164	also have "\<langle>?if, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s\<rangle>" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	165	also have "\<langle>?c; ?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 3]\<rangle>" by (rule Semi1, simp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	166	also have "\<langle>?w, s[x \<mapsto> 3]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s[x \<mapsto> 3]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	167	also have "\<langle>?if, s[x \<mapsto> 3]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s[x \<mapsto> 3]\<rangle>" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	168	also have "\<langle>?c; ?w, s[x \<mapsto> 3]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 4]\<rangle>" by (rule Semi1, simp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	169	also have "\<langle>?w, s[x \<mapsto> 4]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s[x \<mapsto> 4]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	170	also have "\<langle>?if, s[x \<mapsto> 4]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s[x \<mapsto> 4]\<rangle>" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	171	also have "\<langle>?c; ?w, s[x \<mapsto> 4]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 5]\<rangle>" by (rule Semi1, simp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	172	oops
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	173
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	174	subsection "Basic properties"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	175
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	176	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	177	There are no \emph{stuck} programs:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	178	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	179	lemma no_stuck: "\<exists>y. \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1 y"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	180	proof (induct c)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	181	-- "case Semi:"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	182	fix c1 c2 assume "\<exists>y. \<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 y"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	183	then obtain y where "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 y" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	184	then obtain c1' s' where "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle> \<or> \<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1',s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	185	by (cases y, cases "fst y", auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	186	thus "\<exists>s'. \<langle>c1;c2,s\<rangle> \<longrightarrow>\<^sub>1 s'" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	187	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	188	-- "case If:"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	189	fix b c1 c2 assume "\<exists>y. \<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 y" and "\<exists>y. \<langle>c2,s\<rangle> \<longrightarrow>\<^sub>1 y"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	190	thus "\<exists>y. \<langle>\<IF> b \<THEN> c1 \<ELSE> c2, s\<rangle> \<longrightarrow>\<^sub>1 y" by (cases "b s") auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	191	qed auto -- "the rest is trivial"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	192
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	193	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	194	If a configuration does not contain a statement, the program
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	195	has terminated and there is no next configuration:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	196	*}
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	197	lemma stuck [elim!]: "\<langle>s\<rangle> \<longrightarrow>\<^sub>1 y \<Longrightarrow> P"
ff2efde4574d tuned kleing parents: 12431 diff changeset	198	by (auto elim: evalc1.elims)
ff2efde4574d tuned kleing parents: 12431 diff changeset	199
ff2efde4574d tuned kleing parents: 12431 diff changeset	200	lemma evalc_None_retrancl [simp, dest!]: "\<langle>s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* s' \<Longrightarrow> s' = \<langle>s\<rangle>"
ff2efde4574d tuned kleing parents: 12431 diff changeset	201	by (erule rtrancl_induct) auto
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	202
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	203	(<)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	204	(* fixme: relpow.simps don't work *)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	205	lemma rel_pow_0 [simp]: "!!R::('a*'a) set. R^0 = Id" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	206	lemma rel_pow_Suc_0 [simp]: "!!R::('a*'a) set. R^(Suc 0) = R" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	207	lemmas [simp del] = relpow.simps
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	208	(>)
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	209	lemma evalc1_None_0 [simp, dest!]: "\<langle>s\<rangle> -n\<rightarrow>\<^sub>1 y = (n = 0 \<and> y = \<langle>s\<rangle>)"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	210	by (cases n) auto
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	211
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	212	lemma SKIP_n: "\<langle>\<SKIP>, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> s' = s \<and> n=1"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	213	by (cases n) auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	214
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	215	subsection "Equivalence to natural semantics (after Nielson and Nielson)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	216
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	217	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	218	We first need two lemmas about semicolon statements:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	219	decomposition and composition.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	220	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	221	lemma semiD:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	222	"\<And>c1 c2 s s''. \<langle>c1; c2, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<Longrightarrow>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	223	\<exists>i j s'. \<langle>c1, s\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<and> \<langle>c2, s'\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<and> n = i+j"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	224	(is "PROP ?P n")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	225	proof (induct n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	226	show "PROP ?P 0" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	227	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	228	fix n assume IH: "PROP ?P n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	229	show "PROP ?P (Suc n)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	230	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	231	fix c1 c2 s s''
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	232	assume "\<langle>c1; c2, s\<rangle> -Suc n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	233	then obtain y where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	234	1: "\<langle>c1; c2, s\<rangle> \<longrightarrow>\<^sub>1 y" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	235	n: "y -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	236	by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	237
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	238	from 1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	239	show "\<exists>i j s'. \<langle>c1, s\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<and> \<langle>c2, s'\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<and> Suc n = i+j"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	240	(is "\<exists>i j s'. ?Q i j s'")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	241	proof (cases set: evalc1)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	242	case Semi1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	243	then obtain s' where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	244	"y = \<langle>c2, s'\<rangle>" and "\<langle>c1, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	245	by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	246	with 1 n have "?Q 1 n s'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	247	thus ?thesis by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	248	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	249	case Semi2
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	250	then obtain c1' s' where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	251	y: "y = \<langle>c1'; c2, s'\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	252	c1: "\<langle>c1, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1', s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	253	by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	254	with n have "\<langle>c1'; c2, s'\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	255	with IH obtain i j s0 where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	256	c1': "\<langle>c1',s'\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s0\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	257	c2: "\<langle>c2,s0\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	258	i: "n = i+j"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	259	by fast
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	260
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	261	from c1 c1'
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	262	have "\<langle>c1,s\<rangle> -(i+1)\<rightarrow>\<^sub>1 \<langle>s0\<rangle>" by (auto intro: rel_pow_Suc_I2)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	263	with c2 i
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	264	have "?Q (i+1) j s0" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	265	thus ?thesis by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	266	qed auto -- "the remaining cases cannot occur"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	267	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	268	qed
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	269
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	270
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	271	lemma semiI:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	272	"\<And>c0 s s''. \<langle>c0,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<Longrightarrow> \<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle> \<Longrightarrow> \<langle>c0; c1, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	273	proof (induct n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	274	fix c0 s s'' assume "\<langle>c0,s\<rangle> -(0::nat)\<rightarrow>\<^sub>1 \<langle>s''\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	275	hence False by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	276	thus "?thesis c0 s s''" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	277	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	278	fix c0 s s'' n
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	279	assume c0: "\<langle>c0,s\<rangle> -Suc n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	280	assume c1: "\<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	281	assume IH: "\<And>c0 s s''.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	282	\<langle>c0,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<Longrightarrow> \<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle> \<Longrightarrow> \<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	283	from c0 obtain y where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	284	1: "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1 y" and n: "y -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	285	from 1 obtain c0' s0' where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	286	"y = \<langle>s0'\<rangle> \<or> y = \<langle>c0', s0'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	287	by (cases y, cases "fst y", auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	288	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	289	{ assume y: "y = \<langle>s0'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	290	with n have "s'' = s0'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	291	with y 1 have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1, s''\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	292	with c1 have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (blast intro: rtrancl_trans)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	293	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	294	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	295	{ assume y: "y = \<langle>c0', s0'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	296	with n have "\<langle>c0', s0'\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	297	with IH c1 have "\<langle>c0'; c1,s0'\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	298	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	299	from y 1 have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0'; c1,s0'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	300	hence "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c0'; c1,s0'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	301	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	302	have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (blast intro: rtrancl_trans)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	303	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	304	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	305	show "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	306	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	307
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	308	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	309	The easy direction of the equivalence proof:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	310	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	311	lemma evalc_imp_evalc1:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	312	"\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s' \<Longrightarrow> \<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	313	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	314	assume "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	315	thus "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	316	proof induct
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	317	fix s show "\<langle>\<SKIP>,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	318	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	319	fix x a s show "\<langle>x :== a ,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s[x\<mapsto>a s]\<rangle>" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	320	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	321	fix c0 c1 s s'' s'
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	322	assume "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s''\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	323	then obtain n where "\<langle>c0,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by (blast dest: rtrancl_imp_rel_pow)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	324	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	325	assume "\<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	326	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	327	show "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (rule semiI)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	328	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	329	fix s::state and b c0 c1 s'
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	330	assume "b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	331	hence "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0,s\<rangle>" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	332	also assume "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	333	finally show "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" .
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	334	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	335	fix s::state and b c0 c1 s'
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	336	assume "\<not>b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	337	hence "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1,s\<rangle>" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	338	also assume "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	339	finally show "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" .
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	340	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	341	fix b c and s::state
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	342	assume b: "\<not>b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	343	let ?if = "\<IF> b \<THEN> c; \<WHILE> b \<DO> c \<ELSE> \<SKIP>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	344	have "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	345	also have "\<langle>?if,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<SKIP>, s\<rangle>" by (simp add: b)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	346	also have "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	347	finally show "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	348	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	349	fix b c s s'' s'
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	350	let ?w = "\<WHILE> b \<DO> c"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	351	let ?if = "\<IF> b \<THEN> c; ?w \<ELSE> \<SKIP>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	352	assume w: "\<langle>?w,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	353	assume c: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s''\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	354	assume b: "b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	355	have "\<langle>?w,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	356	also have "\<langle>?if, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c; ?w, s\<rangle>" by (simp add: b)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	357	also
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	358	from c obtain n where "\<langle>c,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by (blast dest: rtrancl_imp_rel_pow)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	359	with w have "\<langle>c; ?w,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by - (rule semiI)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	360	finally show "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	361	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	362	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	363
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	364	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	365	Finally, the equivalence theorem:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	366	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	367	theorem evalc_equiv_evalc1:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	368	"\<langle>c, s\<rangle> \<longrightarrow>\<^sub>c s' = \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	369	proof
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	370	assume "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	371	show "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (rule evalc_imp_evalc1)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	372	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	373	assume "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	374	then obtain n where "\<langle>c, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by (blast dest: rtrancl_imp_rel_pow)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	375	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	376	have "\<And>c s s'. \<langle>c, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	377	proof (induct rule: nat_less_induct)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	378	fix n
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	379	assume IH: "\<forall>m. m < n \<longrightarrow> (\<forall>c s s'. \<langle>c, s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s')"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	380	fix c s s'
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	381	assume c: "\<langle>c, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	382	then obtain m where n: "n = Suc m" by (cases n) auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	383	with c obtain y where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	384	c': "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1 y" and m: "y -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	385	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	386	proof (cases c)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	387	case SKIP
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	388	with c n show ?thesis by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	389	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	390	case Assign
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	391	with c n show ?thesis by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	392	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	393	fix c1 c2 assume semi: "c = (c1; c2)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	394	with c obtain i j s'' where
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	395	c1: "\<langle>c1, s\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	396	c2: "\<langle>c2, s''\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	397	ij: "n = i+j"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	398	by (blast dest: semiD)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	399	from c1 c2 obtain
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	400	"0 < i" and "0 < j" by (cases i, auto, cases j, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	401	with ij obtain
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	402	i: "i < n" and j: "j < n" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	403	from c1 i IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	404	have "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>c s''" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	405	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	406	from c2 j IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	407	have "\<langle>c2,s''\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	408	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	409	note semi
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	410	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	411	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	412	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	413	fix b c1 c2 assume If: "c = \<IF> b \<THEN> c1 \<ELSE> c2"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	414	{ assume True: "b s = True"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	415	with If c n
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	416	have "\<langle>c1,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	417	with n IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	418	have "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	419	with If True
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	420	have "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	421	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	422	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	423	{ assume False: "b s = False"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	424	with If c n
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	425	have "\<langle>c2,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	426	with n IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	427	have "\<langle>c2,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	428	with If False
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	429	have "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	430	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	431	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	432	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by (cases "b s") auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	433	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	434	fix b c' assume w: "c = \<WHILE> b \<DO> c'"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	435	with c n
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	436	have "\<langle>\<IF> b \<THEN> c'; \<WHILE> b \<DO> c' \<ELSE> \<SKIP>,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	437	(is "\<langle>?if,_\<rangle> -m\<rightarrow>\<^sub>1 _") by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	438	with n IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	439	have "\<langle>\<IF> b \<THEN> c'; \<WHILE> b \<DO> c' \<ELSE> \<SKIP>,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	440	moreover note unfold_while [of b c']
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	441	-- {* @{thm unfold_while [of b c']} *}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	442	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	443	have "\<langle>\<WHILE> b \<DO> c',s\<rangle> \<longrightarrow>\<^sub>c s'" by (blast dest: equivD2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	444	with w show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	445	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	446	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	447	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	448	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	449	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	450
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	451
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	452	subsection "Winskel's Proof"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	453
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	454	declare rel_pow_0_E [elim!]
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	455
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	456	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	457	Winskel's small step rules are a bit different \cite{Winskel};
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	458	we introduce their equivalents as derived rules:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	459	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	460	lemma whileFalse1 [intro]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	461	"\<not> b s \<Longrightarrow> \<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" (is "_ \<Longrightarrow> \<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	462	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	463	assume "\<not>b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	464	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	465	also have "\<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<SKIP>, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	466	also have "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	467	finally show "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	468	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	469
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	470	lemma whileTrue1 [intro]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	471	"b s \<Longrightarrow> \<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c;\<WHILE> b \<DO> c, s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	472	(is "_ \<Longrightarrow> \<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c;?w,s\<rangle>")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	473	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	474	assume "b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	475	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	476	also have "\<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c;?w, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	477	finally show "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c;?w,s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	478	qed
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	479
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	480	inductive_cases evalc1_SEs:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	481	"\<langle>\<SKIP>,s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	482	"\<langle>x:==a,s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	483	"\<langle>c1;c2, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	484	"\<langle>\<IF> b \<THEN> c1 \<ELSE> c2, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	485	"\<langle>\<WHILE> b \<DO> c, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	486
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	487	inductive_cases evalc1_E: "\<langle>\<WHILE> b \<DO> c, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	488
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	489	declare evalc1_SEs [elim!]
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	490
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	491	lemma evalc_impl_evalc1: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s1 \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s1\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	492	apply (erule evalc.induct)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	493
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	494	-- SKIP
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	495	apply blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	496
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	497	-- ASSIGN
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	498	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	499
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	500	-- SEMI
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	501	apply (fast dest: rtrancl_imp_UN_rel_pow intro: semiI)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	502
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	503	-- IF
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	504	apply (fast intro: rtrancl_into_rtrancl2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	505	apply (fast intro: rtrancl_into_rtrancl2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	506
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	507	-- WHILE
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	508	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	509	apply (fast dest: rtrancl_imp_UN_rel_pow intro: rtrancl_into_rtrancl2 semiI)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	510
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	511	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	512
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	513
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	514	lemma lemma2 [rule_format (no_asm)]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	515	"\<forall>c d s u. \<langle>c;d,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>u\<rangle> \<longrightarrow> (\<exists>t m. \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle> \<and> \<langle>d,t\<rangle> -m\<rightarrow>\<^sub>1 \<langle>u\<rangle> \<and> m \<le> n)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	516	apply (induct_tac "n")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	517	-- "case n = 0"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	518	apply fastsimp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	519	-- "induction step"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	520	apply (fast intro!: le_SucI le_refl dest!: rel_pow_Suc_D2
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	521	elim!: rel_pow_imp_rtrancl rtrancl_into_rtrancl2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	522	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	523
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	524	lemma evalc1_impl_evalc [rule_format (no_asm)]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	525	"\<forall>s t. \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle> \<longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	526	apply (induct_tac "c")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	527	apply (safe dest!: rtrancl_imp_UN_rel_pow)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	528
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	529	-- SKIP
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	530	apply (simp add: SKIP_n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	531
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	532	-- ASSIGN
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	533	apply (fastsimp elim: rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	534
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	535	-- SEMI
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	536	apply (fast dest!: rel_pow_imp_rtrancl lemma2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	537
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	538	-- IF
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	539	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	540	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	541	apply (fast dest!: rel_pow_imp_rtrancl)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	542
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	543	-- "WHILE, induction on the length of the computation"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	544	apply (rename_tac b c s t n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	545	apply (erule_tac P = "?X -n\<rightarrow>\<^sub>1 ?Y" in rev_mp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	546	apply (rule_tac x = "s" in spec)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	547	apply (induct_tac "n" rule: nat_less_induct)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	548	apply (intro strip)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	549	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	550	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	551	apply (erule evalc1_E)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	552
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	553	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	554	apply (case_tac "b x")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	555	-- WhileTrue
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	556	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	557	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	558	apply (clarify dest!: lemma2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	559	apply (erule allE, erule allE, erule impE, assumption)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	560	apply (erule_tac x=mb in allE, erule impE, fastsimp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	561	apply blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	562	-- WhileFalse
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	563	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	564	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	565	apply (simp add: SKIP_n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	566	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	567
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	568
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	569	text {* proof of the equivalence of evalc and evalc1 *}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	570	lemma evalc1_eq_evalc: "(\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle>) = (\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c t)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	571	apply (fast elim!: evalc1_impl_evalc evalc_impl_evalc1)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	572	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	573
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	574
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	575	subsection "A proof without n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	576
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	577	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	578	The inductions are a bit awkward to write in this section,
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	579	because @{text None} as result statement in the small step
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	580	semantics doesn't have a direct counterpart in the big step
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	581	semantics.
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	582
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	583	Winskel's small step rule set (using the @{text "\<SKIP>"} statement
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	584	to indicate termination) is better suited for this proof.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	585	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	586
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	587	lemma my_lemma1 [rule_format (no_asm)]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	588	"\<langle>c1,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s2\<rangle> \<Longrightarrow> \<langle>c2,s2\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3 \<Longrightarrow> \<langle>c1;c2,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	589	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	590	-- {* The induction rule needs @{text P} to be a function of @{term "Some c1"} *}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	591	have "\<langle>c1,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s2\<rangle> \<Longrightarrow> \<langle>c2,s2\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3 \<longrightarrow>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	592	\<langle>(\<lambda>c. if c = None then c2 else the c; c2) (Some c1),s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	593	apply (erule converse_rtrancl_induct2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	594	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	595	apply (rename_tac c s')
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	596	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	597	apply (rule conjI)
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	598	apply fast
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	599	apply clarify
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	600	apply (case_tac c)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	601	apply (auto intro: rtrancl_into_rtrancl2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	602	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	603	moreover assume "\<langle>c1,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s2\<rangle>" "\<langle>c2,s2\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	604	ultimately show "\<langle>c1;c2,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	605	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	606
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	607	lemma evalc_impl_evalc1: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s1 \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s1\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	608	apply (erule evalc.induct)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	609
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	610	-- SKIP
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	611	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	612
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	613	-- ASSIGN
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	614	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	615
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	616	-- SEMI
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	617	apply (fast intro: my_lemma1)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	618
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	619	-- IF
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	620	apply (fast intro: rtrancl_into_rtrancl2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	621	apply (fast intro: rtrancl_into_rtrancl2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	622
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	623	-- WHILE
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	624	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	625	apply (fast intro: rtrancl_into_rtrancl2 my_lemma1)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	626
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	627	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	628
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	629	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	630	The opposite direction is based on a Coq proof done by Ranan Fraer and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	631	Yves Bertot. The following sketch is from an email by Ranan Fraer.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	632
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	633	\begin{verbatim}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	634	First we've broke it into 2 lemmas:
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	635
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	636	Lemma 1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	637	((c,s) --> (SKIP,t)) => (<c,s> -c-> t)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	638
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	639	This is a quick one, dealing with the cases skip, assignment
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	640	and while_false.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	641
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	642	Lemma 2
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	643	((c,s) -*-> (c',s')) /\ <c',s'> -c'-> t
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	644	=>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	645	<c,s> -c-> t
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	646
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	647	This is proved by rule induction on the -*-> relation
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	648	and the induction step makes use of a third lemma:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	649
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	650	Lemma 3
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	651	((c,s) --> (c',s')) /\ <c',s'> -c'-> t
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	652	=>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	653	<c,s> -c-> t
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	654
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	655	This captures the essence of the proof, as it shows that <c',s'>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	656	behaves as the continuation of <c,s> with respect to the natural
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	657	semantics.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	658	The proof of Lemma 3 goes by rule induction on the --> relation,
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	659	dealing with the cases sequence1, sequence2, if_true, if_false and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	660	while_true. In particular in the case (sequence1) we make use again
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	661	of Lemma 1.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	662	\end{verbatim}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	663	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	664
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	665	inductive_cases evalc1_term_cases: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	666
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	667	lemma FB_lemma3 [rule_format]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	668	"(c,s) \<longrightarrow>\<^sub>1 (c',s') \<Longrightarrow> c \<noteq> None \<longrightarrow>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	669	(\<forall>t. \<langle>if c'=None then \<SKIP> else the c',s'\<rangle> \<longrightarrow>\<^sub>c t \<longrightarrow> \<langle>the c,s\<rangle> \<longrightarrow>\<^sub>c t)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	670	apply (erule evalc1.induct)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	671	apply (auto elim!: evalc1_term_cases equivD2 [OF unfold_while])
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	672	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	673
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	674	lemma FB_lemma2 [rule_format]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	675	"(c,s) \<longrightarrow>\<^sub>1\<^sup>* (c',s') \<Longrightarrow> c \<noteq> None \<longrightarrow>
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	676	\<langle>if c' = None then \<SKIP> else the c',s'\<rangle> \<longrightarrow>\<^sub>c t \<longrightarrow> \<langle>the c,s\<rangle> \<longrightarrow>\<^sub>c t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	677	apply (erule converse_rtrancl_induct2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	678	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	679	apply clarsimp
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	680	apply (fastsimp elim!: evalc1_term_cases intro: FB_lemma3)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	681	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	682
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	683	lemma evalc1_impl_evalc: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle> \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	684	apply (fastsimp dest: FB_lemma2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	685	done
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	686
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	687	end

author	wenzelm
	Wed, 19 Dec 2001 00:26:04 +0100
changeset 12546	0c90e581379f
parent 12434	ff2efde4574d
child 12566	fe20540bcf93
permissions	-rw-r--r--