| author | wenzelm |
| Mon, 16 Aug 1999 17:38:52 +0200 | |
| changeset 7215 | 1379275df5cd |
| parent 5291 | 5706f0ef1d43 |
| child 8417 | ae28c198e78d |
| permissions | -rw-r--r-- |
| 1461 | 1 |
(* Title: HOLCF/ex/hoare.ML |
| 244 | 2 |
ID: $Id$ |
| 1461 | 3 |
Author: Franz Regensburger |
4 |
Copyright 1993 Technische Universitaet Muenchen |
|
| 244 | 5 |
*) |
6 |
||
7 |
open Hoare; |
|
8 |
||
9 |
(* --------- pure HOLCF logic, some little lemmas ------ *) |
|
10 |
||
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
11 |
val hoare_lemma2 = prove_goal HOLCF.thy "b~=TT ==> b=FF | b=UU" |
| 244 | 12 |
(fn prems => |
| 1461 | 13 |
[ |
14 |
(cut_facts_tac prems 1), |
|
15 |
(rtac (Exh_tr RS disjE) 1), |
|
16 |
(fast_tac HOL_cs 1), |
|
17 |
(etac disjE 1), |
|
18 |
(contr_tac 1), |
|
19 |
(fast_tac HOL_cs 1) |
|
20 |
]); |
|
| 244 | 21 |
|
| 1043 | 22 |
val hoare_lemma3 = prove_goal HOLCF.thy |
| 3842 | 23 |
" (!k. b1`(iterate k g x) = TT) | (? k. b1`(iterate k g x)~=TT)" |
| 244 | 24 |
(fn prems => |
| 1461 | 25 |
[ |
26 |
(fast_tac HOL_cs 1) |
|
27 |
]); |
|
| 244 | 28 |
|
| 1043 | 29 |
val hoare_lemma4 = prove_goal HOLCF.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
30 |
"(? k. b1`(iterate k g x) ~= TT) ==> \ |
|
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
31 |
\ ? k. b1`(iterate k g x) = FF | b1`(iterate k g x) = UU" |
| 244 | 32 |
(fn prems => |
| 1461 | 33 |
[ |
34 |
(cut_facts_tac prems 1), |
|
35 |
(etac exE 1), |
|
36 |
(rtac exI 1), |
|
37 |
(rtac hoare_lemma2 1), |
|
38 |
(atac 1) |
|
39 |
]); |
|
| 244 | 40 |
|
| 1043 | 41 |
val hoare_lemma5 = prove_goal HOLCF.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
42 |
"[|(? k. b1`(iterate k g x) ~= TT);\ |
| 1675 | 43 |
\ k=Least(%n. b1`(iterate n g x) ~= TT)|] ==> \ |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
44 |
\ b1`(iterate k g x)=FF | b1`(iterate k g x)=UU" |
| 244 | 45 |
(fn prems => |
| 1461 | 46 |
[ |
47 |
(cut_facts_tac prems 1), |
|
48 |
(hyp_subst_tac 1), |
|
49 |
(rtac hoare_lemma2 1), |
|
50 |
(etac exE 1), |
|
| 1675 | 51 |
(etac LeastI 1) |
| 1461 | 52 |
]); |
| 244 | 53 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
54 |
val hoare_lemma6 = prove_goal HOLCF.thy "b=UU ==> b~=TT" |
| 244 | 55 |
(fn prems => |
| 1461 | 56 |
[ |
57 |
(cut_facts_tac prems 1), |
|
58 |
(hyp_subst_tac 1), |
|
59 |
(resolve_tac dist_eq_tr 1) |
|
60 |
]); |
|
| 244 | 61 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
62 |
val hoare_lemma7 = prove_goal HOLCF.thy "b=FF ==> b~=TT" |
| 244 | 63 |
(fn prems => |
| 1461 | 64 |
[ |
65 |
(cut_facts_tac prems 1), |
|
66 |
(hyp_subst_tac 1), |
|
67 |
(resolve_tac dist_eq_tr 1) |
|
68 |
]); |
|
| 244 | 69 |
|
| 1043 | 70 |
val hoare_lemma8 = prove_goal HOLCF.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
71 |
"[|(? k. b1`(iterate k g x) ~= TT);\ |
| 1675 | 72 |
\ k=Least(%n. b1`(iterate n g x) ~= TT)|] ==> \ |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
73 |
\ !m. m < k --> b1`(iterate m g x)=TT" |
| 244 | 74 |
(fn prems => |
| 1461 | 75 |
[ |
76 |
(cut_facts_tac prems 1), |
|
77 |
(hyp_subst_tac 1), |
|
78 |
(etac exE 1), |
|
79 |
(strip_tac 1), |
|
80 |
(res_inst_tac [("p","b1`(iterate m g x)")] trE 1),
|
|
81 |
(atac 2), |
|
| 1619 | 82 |
(rtac (le_less_trans RS less_irrefl) 1), |
| 1461 | 83 |
(atac 2), |
| 1675 | 84 |
(rtac Least_le 1), |
| 1461 | 85 |
(etac hoare_lemma6 1), |
| 1619 | 86 |
(rtac (le_less_trans RS less_irrefl) 1), |
| 1461 | 87 |
(atac 2), |
| 1675 | 88 |
(rtac Least_le 1), |
| 1461 | 89 |
(etac hoare_lemma7 1) |
90 |
]); |
|
| 244 | 91 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
92 |
|
| 1043 | 93 |
val hoare_lemma28 = prove_goal HOLCF.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
94 |
"b1`(y::'a)=(UU::tr) ==> b1`UU = UU" |
| 244 | 95 |
(fn prems => |
| 1461 | 96 |
[ |
97 |
(cut_facts_tac prems 1), |
|
| 3324 | 98 |
(etac (flat_codom RS disjE) 1), |
| 1461 | 99 |
(atac 1), |
100 |
(etac spec 1) |
|
101 |
]); |
|
| 244 | 102 |
|
103 |
||
104 |
(* ----- access to definitions ----- *) |
|
105 |
||
| 1043 | 106 |
val p_def3 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
107 |
"p`x = If b1`x then p`(g`x) else x fi" |
| 244 | 108 |
(fn prems => |
| 1461 | 109 |
[ |
110 |
(fix_tac3 p_def 1), |
|
111 |
(Simp_tac 1) |
|
112 |
]); |
|
| 244 | 113 |
|
| 1043 | 114 |
val q_def3 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
115 |
"q`x = If b1`x orelse b2`x then q`(g`x) else x fi" |
| 244 | 116 |
(fn prems => |
| 1461 | 117 |
[ |
118 |
(fix_tac3 q_def 1), |
|
119 |
(Simp_tac 1) |
|
120 |
]); |
|
| 244 | 121 |
|
122 |
(** --------- proves about iterations of p and q ---------- **) |
|
123 |
||
| 1043 | 124 |
val hoare_lemma9 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
125 |
"(! m. m< Suc k --> b1`(iterate m g x)=TT) -->\ |
|
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
126 |
\ p`(iterate k g x)=p`x" |
| 244 | 127 |
(fn prems => |
| 1461 | 128 |
[ |
129 |
(nat_ind_tac "k" 1), |
|
| 1675 | 130 |
(Simp_tac 1), |
131 |
(Simp_tac 1), |
|
| 1461 | 132 |
(strip_tac 1), |
|
3044
3e3087aa69e7
Updates because nat_ind_tac no longer appends "1" to the ind.var.
nipkow
parents:
2642
diff
changeset
|
133 |
(res_inst_tac [("s","p`(iterate k g x)")] trans 1),
|
| 1461 | 134 |
(rtac trans 1), |
135 |
(rtac (p_def3 RS sym) 2), |
|
|
3044
3e3087aa69e7
Updates because nat_ind_tac no longer appends "1" to the ind.var.
nipkow
parents:
2642
diff
changeset
|
136 |
(res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1),
|
| 1461 | 137 |
(rtac mp 1), |
138 |
(etac spec 1), |
|
| 4098 | 139 |
(simp_tac (simpset() addsimps [less_Suc_eq]) 1), |
| 1461 | 140 |
(simp_tac HOLCF_ss 1), |
141 |
(etac mp 1), |
|
142 |
(strip_tac 1), |
|
143 |
(rtac mp 1), |
|
144 |
(etac spec 1), |
|
145 |
(etac less_trans 1), |
|
146 |
(Simp_tac 1) |
|
147 |
]); |
|
|
3044
3e3087aa69e7
Updates because nat_ind_tac no longer appends "1" to the ind.var.
nipkow
parents:
2642
diff
changeset
|
148 |
|
| 1043 | 149 |
val hoare_lemma24 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
150 |
"(! m. m< Suc k --> b1`(iterate m g x)=TT) --> \ |
|
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
151 |
\ q`(iterate k g x)=q`x" |
| 244 | 152 |
(fn prems => |
| 1461 | 153 |
[ |
154 |
(nat_ind_tac "k" 1), |
|
| 1675 | 155 |
(Simp_tac 1), |
| 4098 | 156 |
(simp_tac (simpset() addsimps [less_Suc_eq]) 1), |
| 1461 | 157 |
(strip_tac 1), |
|
3044
3e3087aa69e7
Updates because nat_ind_tac no longer appends "1" to the ind.var.
nipkow
parents:
2642
diff
changeset
|
158 |
(res_inst_tac [("s","q`(iterate k g x)")] trans 1),
|
| 1461 | 159 |
(rtac trans 1), |
160 |
(rtac (q_def3 RS sym) 2), |
|
|
3044
3e3087aa69e7
Updates because nat_ind_tac no longer appends "1" to the ind.var.
nipkow
parents:
2642
diff
changeset
|
161 |
(res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1),
|
| 1675 | 162 |
(fast_tac HOL_cs 1), |
| 1461 | 163 |
(simp_tac HOLCF_ss 1), |
164 |
(etac mp 1), |
|
165 |
(strip_tac 1), |
|
| 2033 | 166 |
(fast_tac (HOL_cs addSDs [less_Suc_eq RS iffD1]) 1)]); |
| 244 | 167 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
168 |
(* -------- results about p for case (? k. b1`(iterate k g x)~=TT) ------- *) |
| 244 | 169 |
|
170 |
||
171 |
val hoare_lemma10 = (hoare_lemma8 RS (hoare_lemma9 RS mp)); |
|
172 |
(* |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
173 |
val hoare_lemma10 = "[| ? k. b1`(iterate k g ?x1) ~= TT; |
| 1675 | 174 |
Suc ?k3 = Least(%n. b1`(iterate n g ?x1) ~= TT) |] ==> |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
175 |
p`(iterate ?k3 g ?x1) = p`?x1" : thm |
|
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
176 |
|
| 244 | 177 |
*) |
178 |
||
| 1043 | 179 |
val hoare_lemma11 = prove_goal Hoare.thy |
| 3842 | 180 |
"(? n. b1`(iterate n g x) ~= TT) ==>\ |
|
4716
a291e858061c
Asm_full_simp_tac now reorients asm c = t to t = c.
nipkow
parents:
4098
diff
changeset
|
181 |
\ k=(LEAST n. b1`(iterate n g x) ~= TT) & b1`(iterate k g x)=FF \ |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
182 |
\ --> p`x = iterate k g x" |
| 244 | 183 |
(fn prems => |
| 1461 | 184 |
[ |
185 |
(cut_facts_tac prems 1), |
|
| 5192 | 186 |
(exhaust_tac "k" 1), |
| 1461 | 187 |
(hyp_subst_tac 1), |
188 |
(Simp_tac 1), |
|
189 |
(strip_tac 1), |
|
190 |
(etac conjE 1), |
|
191 |
(rtac trans 1), |
|
192 |
(rtac p_def3 1), |
|
193 |
(asm_simp_tac HOLCF_ss 1), |
|
194 |
(hyp_subst_tac 1), |
|
195 |
(strip_tac 1), |
|
196 |
(etac conjE 1), |
|
197 |
(rtac trans 1), |
|
198 |
(etac (hoare_lemma10 RS sym) 1), |
|
199 |
(atac 1), |
|
200 |
(rtac trans 1), |
|
201 |
(rtac p_def3 1), |
|
| 5192 | 202 |
(res_inst_tac [("s","TT"),("t","b1`(iterate nat g x)")] ssubst 1),
|
| 1461 | 203 |
(rtac (hoare_lemma8 RS spec RS mp) 1), |
204 |
(atac 1), |
|
205 |
(atac 1), |
|
206 |
(Simp_tac 1), |
|
207 |
(simp_tac HOLCF_ss 1), |
|
208 |
(rtac trans 1), |
|
209 |
(rtac p_def3 1), |
|
| 4098 | 210 |
(simp_tac (simpset() delsimps [iterate_Suc] |
| 1267 | 211 |
addsimps [iterate_Suc RS sym]) 1), |
| 1461 | 212 |
(eres_inst_tac [("s","FF")] ssubst 1),
|
213 |
(simp_tac HOLCF_ss 1) |
|
214 |
]); |
|
| 244 | 215 |
|
| 1043 | 216 |
val hoare_lemma12 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
217 |
"(? n. b1`(iterate n g x) ~= TT) ==>\ |
| 1675 | 218 |
\ k=Least(%n. b1`(iterate n g x)~=TT) & b1`(iterate k g x)=UU \ |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
219 |
\ --> p`x = UU" |
| 244 | 220 |
(fn prems => |
| 1461 | 221 |
[ |
222 |
(cut_facts_tac prems 1), |
|
| 5192 | 223 |
(exhaust_tac "k" 1), |
| 1461 | 224 |
(hyp_subst_tac 1), |
225 |
(Simp_tac 1), |
|
226 |
(strip_tac 1), |
|
227 |
(etac conjE 1), |
|
228 |
(rtac trans 1), |
|
229 |
(rtac p_def3 1), |
|
230 |
(asm_simp_tac HOLCF_ss 1), |
|
231 |
(hyp_subst_tac 1), |
|
232 |
(Simp_tac 1), |
|
233 |
(strip_tac 1), |
|
234 |
(etac conjE 1), |
|
235 |
(rtac trans 1), |
|
236 |
(rtac (hoare_lemma10 RS sym) 1), |
|
237 |
(atac 1), |
|
238 |
(atac 1), |
|
239 |
(rtac trans 1), |
|
240 |
(rtac p_def3 1), |
|
| 5192 | 241 |
(res_inst_tac [("s","TT"),("t","b1`(iterate nat g x)")] ssubst 1),
|
| 1461 | 242 |
(rtac (hoare_lemma8 RS spec RS mp) 1), |
243 |
(atac 1), |
|
244 |
(atac 1), |
|
245 |
(Simp_tac 1), |
|
246 |
(asm_simp_tac HOLCF_ss 1), |
|
247 |
(rtac trans 1), |
|
248 |
(rtac p_def3 1), |
|
249 |
(asm_simp_tac HOLCF_ss 1) |
|
250 |
]); |
|
| 244 | 251 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
252 |
(* -------- results about p for case (! k. b1`(iterate k g x)=TT) ------- *) |
| 244 | 253 |
|
| 1043 | 254 |
val fernpass_lemma = prove_goal Hoare.thy |
| 3843 | 255 |
"(! k. b1`(iterate k g x)=TT) ==> !k. p`(iterate k g x) = UU" |
| 244 | 256 |
(fn prems => |
| 1461 | 257 |
[ |
258 |
(cut_facts_tac prems 1), |
|
| 2570 | 259 |
(rtac (p_def RS def_fix_ind) 1), |
| 1461 | 260 |
(rtac adm_all 1), |
261 |
(rtac allI 1), |
|
262 |
(rtac adm_eq 1), |
|
263 |
(cont_tacR 1), |
|
264 |
(rtac allI 1), |
|
| 5291 | 265 |
(stac strict_Rep_CFun1 1), |
| 1461 | 266 |
(rtac refl 1), |
267 |
(Simp_tac 1), |
|
268 |
(rtac allI 1), |
|
269 |
(res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1),
|
|
270 |
(etac spec 1), |
|
271 |
(asm_simp_tac HOLCF_ss 1), |
|
272 |
(rtac (iterate_Suc RS subst) 1), |
|
273 |
(etac spec 1) |
|
274 |
]); |
|
| 244 | 275 |
|
| 1043 | 276 |
val hoare_lemma16 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
277 |
"(! k. b1`(iterate k g x)=TT) ==> p`x = UU" |
| 244 | 278 |
(fn prems => |
| 1461 | 279 |
[ |
280 |
(cut_facts_tac prems 1), |
|
281 |
(res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1),
|
|
282 |
(etac (fernpass_lemma RS spec) 1) |
|
283 |
]); |
|
| 244 | 284 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
285 |
(* -------- results about q for case (! k. b1`(iterate k g x)=TT) ------- *) |
| 244 | 286 |
|
| 1043 | 287 |
val hoare_lemma17 = prove_goal Hoare.thy |
| 3843 | 288 |
"(! k. b1`(iterate k g x)=TT) ==> !k. q`(iterate k g x) = UU" |
| 244 | 289 |
(fn prems => |
| 1461 | 290 |
[ |
291 |
(cut_facts_tac prems 1), |
|
| 2570 | 292 |
(rtac (q_def RS def_fix_ind) 1), |
| 1461 | 293 |
(rtac adm_all 1), |
294 |
(rtac allI 1), |
|
295 |
(rtac adm_eq 1), |
|
296 |
(cont_tacR 1), |
|
297 |
(rtac allI 1), |
|
| 5291 | 298 |
(stac strict_Rep_CFun1 1), |
| 1461 | 299 |
(rtac refl 1), |
300 |
(rtac allI 1), |
|
301 |
(Simp_tac 1), |
|
302 |
(res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1),
|
|
303 |
(etac spec 1), |
|
304 |
(asm_simp_tac HOLCF_ss 1), |
|
305 |
(rtac (iterate_Suc RS subst) 1), |
|
306 |
(etac spec 1) |
|
307 |
]); |
|
| 244 | 308 |
|
| 1043 | 309 |
val hoare_lemma18 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
310 |
"(! k. b1`(iterate k g x)=TT) ==> q`x = UU" |
| 244 | 311 |
(fn prems => |
| 1461 | 312 |
[ |
313 |
(cut_facts_tac prems 1), |
|
314 |
(res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1),
|
|
315 |
(etac (hoare_lemma17 RS spec) 1) |
|
316 |
]); |
|
| 244 | 317 |
|
| 1043 | 318 |
val hoare_lemma19 = prove_goal Hoare.thy |
| 3843 | 319 |
"(!k. (b1::'a->tr)`(iterate k g x)=TT) ==> b1`(UU::'a) = UU | (!y. b1`(y::'a)=TT)" |
| 244 | 320 |
(fn prems => |
| 1461 | 321 |
[ |
322 |
(cut_facts_tac prems 1), |
|
| 3324 | 323 |
(rtac (flat_codom) 1), |
| 1461 | 324 |
(res_inst_tac [("t","x1")] (iterate_0 RS subst) 1),
|
325 |
(etac spec 1) |
|
326 |
]); |
|
| 244 | 327 |
|
| 1043 | 328 |
val hoare_lemma20 = prove_goal Hoare.thy |
| 3843 | 329 |
"(! y. b1`(y::'a)=TT) ==> !k. q`(iterate k g (x::'a)) = UU" |
| 244 | 330 |
(fn prems => |
| 1461 | 331 |
[ |
332 |
(cut_facts_tac prems 1), |
|
| 2570 | 333 |
(rtac (q_def RS def_fix_ind) 1), |
| 1461 | 334 |
(rtac adm_all 1), |
335 |
(rtac allI 1), |
|
336 |
(rtac adm_eq 1), |
|
337 |
(cont_tacR 1), |
|
338 |
(rtac allI 1), |
|
| 5291 | 339 |
(stac strict_Rep_CFun1 1), |
| 1461 | 340 |
(rtac refl 1), |
341 |
(rtac allI 1), |
|
342 |
(Simp_tac 1), |
|
343 |
(res_inst_tac [("s","TT"),("t","b1`(iterate k g (x::'a))")] ssubst 1),
|
|
344 |
(etac spec 1), |
|
345 |
(asm_simp_tac HOLCF_ss 1), |
|
346 |
(rtac (iterate_Suc RS subst) 1), |
|
347 |
(etac spec 1) |
|
348 |
]); |
|
| 244 | 349 |
|
| 1043 | 350 |
val hoare_lemma21 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
351 |
"(! y. b1`(y::'a)=TT) ==> q`(x::'a) = UU" |
| 244 | 352 |
(fn prems => |
| 1461 | 353 |
[ |
354 |
(cut_facts_tac prems 1), |
|
355 |
(res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1),
|
|
356 |
(etac (hoare_lemma20 RS spec) 1) |
|
357 |
]); |
|
| 244 | 358 |
|
| 1043 | 359 |
val hoare_lemma22 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
360 |
"b1`(UU::'a)=UU ==> q`(UU::'a) = UU" |
| 244 | 361 |
(fn prems => |
| 1461 | 362 |
[ |
363 |
(cut_facts_tac prems 1), |
|
| 2033 | 364 |
(stac q_def3 1), |
| 1461 | 365 |
(asm_simp_tac HOLCF_ss 1) |
366 |
]); |
|
| 244 | 367 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
368 |
(* -------- results about q for case (? k. b1`(iterate k g x) ~= TT) ------- *) |
| 244 | 369 |
|
370 |
val hoare_lemma25 = (hoare_lemma8 RS (hoare_lemma24 RS mp) ); |
|
371 |
(* |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
372 |
val hoare_lemma25 = "[| ? k. b1`(iterate k g ?x1) ~= TT; |
| 1675 | 373 |
Suc ?k3 = Least(%n. b1`(iterate n g ?x1) ~= TT) |] ==> |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
374 |
q`(iterate ?k3 g ?x1) = q`?x1" : thm |
| 244 | 375 |
*) |
376 |
||
| 1043 | 377 |
val hoare_lemma26 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
378 |
"(? n. b1`(iterate n g x)~=TT) ==>\ |
| 1675 | 379 |
\ k=Least(%n. b1`(iterate n g x) ~= TT) & b1`(iterate k g x) =FF \ |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
380 |
\ --> q`x = q`(iterate k g x)" |
| 244 | 381 |
(fn prems => |
| 1461 | 382 |
[ |
383 |
(cut_facts_tac prems 1), |
|
| 5192 | 384 |
(exhaust_tac "k" 1), |
| 1461 | 385 |
(hyp_subst_tac 1), |
386 |
(strip_tac 1), |
|
387 |
(Simp_tac 1), |
|
388 |
(hyp_subst_tac 1), |
|
389 |
(strip_tac 1), |
|
390 |
(etac conjE 1), |
|
391 |
(rtac trans 1), |
|
392 |
(rtac (hoare_lemma25 RS sym) 1), |
|
393 |
(atac 1), |
|
394 |
(atac 1), |
|
395 |
(rtac trans 1), |
|
396 |
(rtac q_def3 1), |
|
| 5192 | 397 |
(res_inst_tac [("s","TT"),("t","b1`(iterate nat g x)")] ssubst 1),
|
| 1461 | 398 |
(rtac (hoare_lemma8 RS spec RS mp) 1), |
399 |
(atac 1), |
|
400 |
(atac 1), |
|
401 |
(Simp_tac 1), |
|
402 |
(simp_tac HOLCF_ss 1) |
|
403 |
]); |
|
| 244 | 404 |
|
405 |
||
| 1043 | 406 |
val hoare_lemma27 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
407 |
"(? n. b1`(iterate n g x) ~= TT) ==>\ |
| 1675 | 408 |
\ k=Least(%n. b1`(iterate n g x)~=TT) & b1`(iterate k g x)=UU \ |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
409 |
\ --> q`x = UU" |
| 244 | 410 |
(fn prems => |
| 1461 | 411 |
[ |
412 |
(cut_facts_tac prems 1), |
|
| 5192 | 413 |
(exhaust_tac "k" 1), |
| 1461 | 414 |
(hyp_subst_tac 1), |
415 |
(Simp_tac 1), |
|
416 |
(strip_tac 1), |
|
417 |
(etac conjE 1), |
|
| 2033 | 418 |
(stac q_def3 1), |
| 1461 | 419 |
(asm_simp_tac HOLCF_ss 1), |
420 |
(hyp_subst_tac 1), |
|
421 |
(Simp_tac 1), |
|
422 |
(strip_tac 1), |
|
423 |
(etac conjE 1), |
|
424 |
(rtac trans 1), |
|
425 |
(rtac (hoare_lemma25 RS sym) 1), |
|
426 |
(atac 1), |
|
427 |
(atac 1), |
|
428 |
(rtac trans 1), |
|
429 |
(rtac q_def3 1), |
|
| 5192 | 430 |
(res_inst_tac [("s","TT"),("t","b1`(iterate nat g x)")] ssubst 1),
|
| 1461 | 431 |
(rtac (hoare_lemma8 RS spec RS mp) 1), |
432 |
(atac 1), |
|
433 |
(atac 1), |
|
434 |
(Simp_tac 1), |
|
435 |
(asm_simp_tac HOLCF_ss 1), |
|
436 |
(rtac trans 1), |
|
437 |
(rtac q_def3 1), |
|
438 |
(asm_simp_tac HOLCF_ss 1) |
|
439 |
]); |
|
| 244 | 440 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
441 |
(* ------- (! k. b1`(iterate k g x)=TT) ==> q o p = q ----- *) |
| 244 | 442 |
|
| 1043 | 443 |
val hoare_lemma23 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
444 |
"(! k. b1`(iterate k g x)=TT) ==> q`(p`x) = q`x" |
| 244 | 445 |
(fn prems => |
| 1461 | 446 |
[ |
447 |
(cut_facts_tac prems 1), |
|
| 2033 | 448 |
(stac hoare_lemma16 1), |
| 1461 | 449 |
(atac 1), |
450 |
(rtac (hoare_lemma19 RS disjE) 1), |
|
451 |
(atac 1), |
|
| 2033 | 452 |
(stac hoare_lemma18 1), |
| 1461 | 453 |
(atac 1), |
| 2033 | 454 |
(stac hoare_lemma22 1), |
| 1461 | 455 |
(atac 1), |
456 |
(rtac refl 1), |
|
| 2033 | 457 |
(stac hoare_lemma21 1), |
| 1461 | 458 |
(atac 1), |
| 2033 | 459 |
(stac hoare_lemma21 1), |
| 1461 | 460 |
(atac 1), |
461 |
(rtac refl 1) |
|
462 |
]); |
|
| 244 | 463 |
|
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
464 |
(* ------------ ? k. b1~(iterate k g x) ~= TT ==> q o p = q ----- *) |
| 244 | 465 |
|
| 1043 | 466 |
val hoare_lemma29 = prove_goal Hoare.thy |
|
1168
74be52691d62
The curried version of HOLCF is now just called HOLCF. The old
regensbu
parents:
1043
diff
changeset
|
467 |
"? k. b1`(iterate k g x) ~= TT ==> q`(p`x) = q`x" |
| 244 | 468 |
(fn prems => |
| 1461 | 469 |
[ |
470 |
(cut_facts_tac prems 1), |
|
471 |
(rtac (hoare_lemma5 RS disjE) 1), |
|
472 |
(atac 1), |
|
473 |
(rtac refl 1), |
|
| 2033 | 474 |
(stac (hoare_lemma11 RS mp) 1), |
| 1461 | 475 |
(atac 1), |
476 |
(rtac conjI 1), |
|
477 |
(rtac refl 1), |
|
478 |
(atac 1), |
|
479 |
(rtac (hoare_lemma26 RS mp RS subst) 1), |
|
480 |
(atac 1), |
|
481 |
(rtac conjI 1), |
|
482 |
(rtac refl 1), |
|
483 |
(atac 1), |
|
484 |
(rtac refl 1), |
|
| 2033 | 485 |
(stac (hoare_lemma12 RS mp) 1), |
| 1461 | 486 |
(atac 1), |
487 |
(rtac conjI 1), |
|
488 |
(rtac refl 1), |
|
489 |
(atac 1), |
|
| 2033 | 490 |
(stac hoare_lemma22 1), |
491 |
(stac hoare_lemma28 1), |
|
| 1461 | 492 |
(atac 1), |
493 |
(rtac refl 1), |
|
494 |
(rtac sym 1), |
|
| 2033 | 495 |
(stac (hoare_lemma27 RS mp) 1), |
| 1461 | 496 |
(atac 1), |
497 |
(rtac conjI 1), |
|
498 |
(rtac refl 1), |
|
499 |
(atac 1), |
|
500 |
(rtac refl 1) |
|
501 |
]); |
|
| 244 | 502 |
|
503 |
(* ------ the main prove q o p = q ------ *) |
|
504 |
||
| 1043 | 505 |
val hoare_main = prove_goal Hoare.thy "q oo p = q" |
| 244 | 506 |
(fn prems => |
| 1461 | 507 |
[ |
508 |
(rtac ext_cfun 1), |
|
| 2033 | 509 |
(stac cfcomp2 1), |
| 1461 | 510 |
(rtac (hoare_lemma3 RS disjE) 1), |
511 |
(etac hoare_lemma23 1), |
|
512 |
(etac hoare_lemma29 1) |
|
513 |
]); |
|
| 244 | 514 |
|
515 |