isabelle: src/HOL/HoareParallel/OG_Hoare.thy@13d6f120992b (annotated)

13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	1
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	2	header {* \section{The Proof System} *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	3
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 15102 diff changeset	4	theory OG_Hoare imports OG_Tran begin
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	5
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	6	consts assertions :: "'a ann_com \<Rightarrow> ('a assn) set"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	7	primrec
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	8	"assertions (AnnBasic r f) = {r}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	9	"assertions (AnnSeq c1 c2) = assertions c1 \<union> assertions c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	10	"assertions (AnnCond1 r b c1 c2) = {r} \<union> assertions c1 \<union> assertions c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	11	"assertions (AnnCond2 r b c) = {r} \<union> assertions c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	12	"assertions (AnnWhile r b i c) = {r, i} \<union> assertions c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	13	"assertions (AnnAwait r b c) = {r}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	14
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	15	consts atomics :: "'a ann_com \<Rightarrow> ('a assn \<times> 'a com) set"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	16	primrec
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	17	"atomics (AnnBasic r f) = {(r, Basic f)}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	18	"atomics (AnnSeq c1 c2) = atomics c1 \<union> atomics c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	19	"atomics (AnnCond1 r b c1 c2) = atomics c1 \<union> atomics c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	20	"atomics (AnnCond2 r b c) = atomics c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	21	"atomics (AnnWhile r b i c) = atomics c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	22	"atomics (AnnAwait r b c) = {(r \<inter> b, c)}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	23
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	24	consts com :: "'a ann_triple_op \<Rightarrow> 'a ann_com_op"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	25	primrec "com (c, q) = c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	26
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	27	consts post :: "'a ann_triple_op \<Rightarrow> 'a assn"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	28	primrec "post (c, q) = q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	29
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	30	constdefs interfree_aux :: "('a ann_com_op \<times> 'a assn \<times> 'a ann_com_op) \<Rightarrow> bool"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	31	"interfree_aux \<equiv> \<lambda>(co, q, co'). co'= None \<or>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	32	(\<forall>(r,a) \<in> atomics (the co'). \<parallel>= (q \<inter> r) a q \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	33	(co = None \<or> (\<forall>p \<in> assertions (the co). \<parallel>= (p \<inter> r) a p)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	34
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	35	constdefs interfree :: "(('a ann_triple_op) list) \<Rightarrow> bool"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	36	"interfree Ts \<equiv> \<forall>i j. i < length Ts \<and> j < length Ts \<and> i \<noteq> j \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	37	interfree_aux (com (Ts!i), post (Ts!i), com (Ts!j)) "
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	38
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	39	inductive
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	40	oghoare :: "'a assn \<Rightarrow> 'a com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(3\<parallel>- _//_//_)" [90,55,90] 50)
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	41	and ann_hoare :: "'a ann_com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(2\<turnstile> _// _)" [60,90] 45)
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	42	where
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	43	AnnBasic: "r \<subseteq> {s. f s \<in> q} \<Longrightarrow> \<turnstile> (AnnBasic r f) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	44
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	45	\| AnnSeq: "\<lbrakk> \<turnstile> c0 pre c1; \<turnstile> c1 q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnSeq c0 c1) q"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	46
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	47	\| AnnCond1: "\<lbrakk> r \<inter> b \<subseteq> pre c1; \<turnstile> c1 q; r \<inter> -b \<subseteq> pre c2; \<turnstile> c2 q\<rbrakk>
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	48	\<Longrightarrow> \<turnstile> (AnnCond1 r b c1 c2) q"
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	49	\| AnnCond2: "\<lbrakk> r \<inter> b \<subseteq> pre c; \<turnstile> c q; r \<inter> -b \<subseteq> q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnCond2 r b c) q"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	50
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	51	\| AnnWhile: "\<lbrakk> r \<subseteq> i; i \<inter> b \<subseteq> pre c; \<turnstile> c i; i \<inter> -b \<subseteq> q \<rbrakk>
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	52	\<Longrightarrow> \<turnstile> (AnnWhile r b i c) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	53
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	54	\| AnnAwait: "\<lbrakk> atom_com c; \<parallel>- (r \<inter> b) c q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnAwait r b c) q"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	55
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	56	\| AnnConseq: "\<lbrakk>\<turnstile> c q; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<turnstile> c q'"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	57
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	58
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	59	\| Parallel: "\<lbrakk> \<forall>i<length Ts. \<exists>c q. Ts!i = (Some c, q) \<and> \<turnstile> c q; interfree Ts \<rbrakk>
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	60	\<Longrightarrow> \<parallel>- (\<Inter>i\<in>{i. i<length Ts}. pre(the(com(Ts!i))))
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	61	Parallel Ts
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	62	(\<Inter>i\<in>{i. i<length Ts}. post(Ts!i))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	63
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	64	\| Basic: "\<parallel>- {s. f s \<in>q} (Basic f) q"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	65
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	66	\| Seq: "\<lbrakk> \<parallel>- p c1 r; \<parallel>- r c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Seq c1 c2) q "
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	67
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	68	\| Cond: "\<lbrakk> \<parallel>- (p \<inter> b) c1 q; \<parallel>- (p \<inter> -b) c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Cond b c1 c2) q"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	69
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	70	\| While: "\<lbrakk> \<parallel>- (p \<inter> b) c p \<rbrakk> \<Longrightarrow> \<parallel>- p (While b i c) (p \<inter> -b)"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	71
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	72	\| Conseq: "\<lbrakk> p' \<subseteq> p; \<parallel>- p c q ; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<parallel>- p' c q'"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	73
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	74	section {* Soundness *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	75	(* In the version Isabelle-10-Sep-1999: HOL: The THEN and ELSE
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	76	parts of conditional expressions (if P then x else y) are no longer
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	77	simplified. (This allows the simplifier to unfold recursive
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	78	functional programs.) To restore the old behaviour, we declare
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	79	@{text "lemmas [cong del] = if_weak_cong"}. *)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	80
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	81	lemmas [cong del] = if_weak_cong
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	82
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	83	lemmas ann_hoare_induct = oghoare_ann_hoare.induct [THEN conjunct2]
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	84	lemmas oghoare_induct = oghoare_ann_hoare.induct [THEN conjunct1]
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	85
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	86	lemmas AnnBasic = oghoare_ann_hoare.AnnBasic
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	87	lemmas AnnSeq = oghoare_ann_hoare.AnnSeq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	88	lemmas AnnCond1 = oghoare_ann_hoare.AnnCond1
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	89	lemmas AnnCond2 = oghoare_ann_hoare.AnnCond2
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	90	lemmas AnnWhile = oghoare_ann_hoare.AnnWhile
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	91	lemmas AnnAwait = oghoare_ann_hoare.AnnAwait
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	92	lemmas AnnConseq = oghoare_ann_hoare.AnnConseq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	93
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	94	lemmas Parallel = oghoare_ann_hoare.Parallel
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	95	lemmas Basic = oghoare_ann_hoare.Basic
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	96	lemmas Seq = oghoare_ann_hoare.Seq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	97	lemmas Cond = oghoare_ann_hoare.Cond
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	98	lemmas While = oghoare_ann_hoare.While
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	99	lemmas Conseq = oghoare_ann_hoare.Conseq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	100
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	101	subsection {* Soundness of the System for Atomic Programs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	102
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	103	lemma Basic_ntran [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	104	"(Basic f, s) -Pn\<rightarrow> (Parallel Ts, t) \<longrightarrow> All_None Ts \<longrightarrow> t = f s"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	105	apply(induct "n")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	106	apply(simp (no_asm))
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	107	apply(fast dest: rel_pow_Suc_D2 Parallel_empty_lemma elim: transition_cases)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	108	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	109
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	110	lemma SEM_fwhile: "SEM S (p \<inter> b) \<subseteq> p \<Longrightarrow> SEM (fwhile b S k) p \<subseteq> (p \<inter> -b)"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	111	apply (induct "k")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	112	apply(simp (no_asm) add: L3_5v_lemma3)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	113	apply(simp (no_asm) add: L3_5iv L3_5ii Parallel_empty)
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	114	apply(rule conjI)
04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	115	apply (blast dest: L3_5i)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	116	apply(simp add: SEM_def sem_def id_def)
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	117	apply (blast dest: Basic_ntran rtrancl_imp_UN_rel_pow)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	118	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	119
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	120	lemma atom_hoare_sound [rule_format]:
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	121	" \<parallel>- p c q \<longrightarrow> atom_com(c) \<longrightarrow> \<parallel>= p c q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	122	apply (unfold com_validity_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	123	apply(rule oghoare_induct)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	124	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	125	--{Basic}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	126	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	127	apply(fast dest: rtrancl_imp_UN_rel_pow Basic_ntran)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	128	--{* Seq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	129	apply(rule impI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	130	apply(rule subset_trans)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	131	prefer 2 apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	132	apply(simp add: L3_5ii L3_5i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	133	--{* Cond *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	134	apply(simp add: L3_5iv)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	135	--{* While *}
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	136	apply (force simp add: L3_5v dest: SEM_fwhile)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	137	--{* Conseq *}
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	138	apply(force simp add: SEM_def sem_def)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	139	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	140
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	141	subsection {* Soundness of the System for Component Programs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	142
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	143	inductive_cases ann_transition_cases:
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	144	"(None,s) -1\<rightarrow> (c', s')"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	145	"(Some (AnnBasic r f),s) -1\<rightarrow> (c', s')"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	146	"(Some (AnnSeq c1 c2), s) -1\<rightarrow> (c', s')"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	147	"(Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> (c', s')"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	148	"(Some (AnnCond2 r b c), s) -1\<rightarrow> (c', s')"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	149	"(Some (AnnWhile r b I c), s) -1\<rightarrow> (c', s')"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	150	"(Some (AnnAwait r b c),s) -1\<rightarrow> (c', s')"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	151
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	152	text {* Strong Soundness for Component Programs:*}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	153
26811 067cceb36e26 Rephrased proof of ann_hoare_case_analysis, to avoid problems with HO unification berghofe parents: 23746 diff changeset	154	lemma ann_hoare_case_analysis [rule_format]:
067cceb36e26 Rephrased proof of ann_hoare_case_analysis, to avoid problems with HO unification berghofe parents: 23746 diff changeset	155	defines I: "I \<equiv> \<lambda>C q'.
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	156	((\<forall>r f. C = AnnBasic r f \<longrightarrow> (\<exists>q. r \<subseteq> {s. f s \<in> q} \<and> q \<subseteq> q')) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	157	(\<forall>c0 c1. C = AnnSeq c0 c1 \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and> \<turnstile> c0 pre c1 \<and> \<turnstile> c1 q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	158	(\<forall>r b c1 c2. C = AnnCond1 r b c1 c2 \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	159	r \<inter> b \<subseteq> pre c1 \<and> \<turnstile> c1 q \<and> r \<inter> -b \<subseteq> pre c2 \<and> \<turnstile> c2 q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	160	(\<forall>r b c. C = AnnCond2 r b c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	161	(\<exists>q. q \<subseteq> q' \<and> r \<inter> b \<subseteq> pre c \<and> \<turnstile> c q \<and> r \<inter> -b \<subseteq> q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	162	(\<forall>r i b c. C = AnnWhile r b i c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	163	(\<exists>q. q \<subseteq> q' \<and> r \<subseteq> i \<and> i \<inter> b \<subseteq> pre c \<and> \<turnstile> c i \<and> i \<inter> -b \<subseteq> q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	164	(\<forall>r b c. C = AnnAwait r b c \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and> \<parallel>- (r \<inter> b) c q)))"
26811 067cceb36e26 Rephrased proof of ann_hoare_case_analysis, to avoid problems with HO unification berghofe parents: 23746 diff changeset	165	shows "\<turnstile> C q' \<longrightarrow> I C q'"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	166	apply(rule ann_hoare_induct)
26811 067cceb36e26 Rephrased proof of ann_hoare_case_analysis, to avoid problems with HO unification berghofe parents: 23746 diff changeset	167	apply (simp_all add: I)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	168	apply(rule_tac x=q in exI,simp)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	169	apply(rule conjI,clarify,simp,clarify,rule_tac x=qa in exI,fast)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	170	apply(clarify,simp,clarify,rule_tac x=qa in exI,fast)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	171	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	172
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	173	lemma Help: "(transition \<inter> {(x,y). True}) = (transition)"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	174	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	175	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	176
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	177	lemma Strong_Soundness_aux_aux [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	178	"(co, s) -1\<rightarrow> (co', t) \<longrightarrow> (\<forall>c. co = Some c \<longrightarrow> s\<in> pre c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	179	(\<forall>q. \<turnstile> c q \<longrightarrow> (if co' = None then t\<in>q else t \<in> pre(the co') \<and> \<turnstile> (the co') q )))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	180	apply(rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	181	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	182	--{* Basic *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	183	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	184	apply(frule ann_hoare_case_analysis)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	185	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	186	--{* Seq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	187	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	188	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	189	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	190	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	191	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	192	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	193	apply(rule conjI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	194	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	195	apply(rule AnnSeq,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	196	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	197	--{* Cond1 *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	198	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	199	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	200	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	201	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	202	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	203	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	204	--{* Cond2 *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	205	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	206	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	207	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	208	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	209	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	210	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	211	--{* While *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	212	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	213	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	214	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	215	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	216	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	217	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	218	apply(rule AnnSeq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	219	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	220	apply(rule AnnWhile)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	221	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	222	--{* Await *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	223	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	224	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	225	apply(drule atom_hoare_sound)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	226	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	227	apply(simp add: com_validity_def SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	228	apply(simp add: Help All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	229	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	230	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	231
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	232	lemma Strong_Soundness_aux: "\<lbrakk> (Some c, s) -*\<rightarrow> (co, t); s \<in> pre c; \<turnstile> c q \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	233	\<Longrightarrow> if co = None then t \<in> q else t \<in> pre (the co) \<and> \<turnstile> (the co) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	234	apply(erule rtrancl_induct2)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	235	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	236	apply(case_tac "a")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	237	apply(fast elim: ann_transition_cases)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	238	apply(erule Strong_Soundness_aux_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	239	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	240	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	241	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	242
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	243	lemma Strong_Soundness: "\<lbrakk> (Some c, s)-*\<rightarrow>(co, t); s \<in> pre c; \<turnstile> c q \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	244	\<Longrightarrow> if co = None then t\<in>q else t \<in> pre (the co)"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	245	apply(force dest:Strong_Soundness_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	246	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	247
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	248	lemma ann_hoare_sound: "\<turnstile> c q \<Longrightarrow> \<Turnstile> c q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	249	apply (unfold ann_com_validity_def ann_SEM_def ann_sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	250	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	251	apply(drule Strong_Soundness)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	252	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	253	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	254
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	255	subsection {* Soundness of the System for Parallel Programs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	256
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	257	lemma Parallel_length_post_P1: "(Parallel Ts,s) -P1\<rightarrow> (R', t) \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	258	(\<exists>Rs. R' = (Parallel Rs) \<and> (length Rs) = (length Ts) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	259	(\<forall>i. i<length Ts \<longrightarrow> post(Rs ! i) = post(Ts ! i)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	260	apply(erule transition_cases)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	261	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	262	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	263	apply(case_tac "i=ia")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	264	apply simp+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	265	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	266
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	267	lemma Parallel_length_post_PStar: "(Parallel Ts,s) -P*\<rightarrow> (R',t) \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	268	(\<exists>Rs. R' = (Parallel Rs) \<and> (length Rs) = (length Ts) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	269	(\<forall>i. i<length Ts \<longrightarrow> post(Ts ! i) = post(Rs ! i)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	270	apply(erule rtrancl_induct2)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	271	apply(simp_all)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	272	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	273	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	274	apply(drule Parallel_length_post_P1)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	275	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	276	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	277
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	278	lemma assertions_lemma: "pre c \<in> assertions c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	279	apply(rule ann_com_com.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	280	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	281	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	282
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	283	lemma interfree_aux1 [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	284	"(c,s) -1\<rightarrow> (r,t) \<longrightarrow> (interfree_aux(c1, q1, c) \<longrightarrow> interfree_aux(c1, q1, r))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	285	apply (rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	286	apply(safe)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	287	prefer 13
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	288	apply (rule TrueI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	289	apply (simp_all add:interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	290	apply force+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	291	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	292
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	293	lemma interfree_aux2 [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	294	"(c,s) -1\<rightarrow> (r,t) \<longrightarrow> (interfree_aux(c, q, a) \<longrightarrow> interfree_aux(r, q, a) )"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	295	apply (rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	296	apply(force simp add:interfree_aux_def)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	297	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	298
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	299	lemma interfree_lemma: "\<lbrakk> (Some c, s) -1\<rightarrow> (r, t);interfree Ts ; i<length Ts;
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	300	Ts!i = (Some c, q) \<rbrakk> \<Longrightarrow> interfree (Ts[i:= (r, q)])"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	301	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	302	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	303	apply(case_tac "i=j")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	304	apply(drule_tac t = "ia" in not_sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	305	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	306	apply(force elim: interfree_aux1)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	307	apply(force elim: interfree_aux2 simp add:nth_list_update)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	308	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	309
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	310	text {* Strong Soundness Theorem for Parallel Programs:*}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	311
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	312	lemma Parallel_Strong_Soundness_Seq_aux:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	313	"\<lbrakk>interfree Ts; i<length Ts; com(Ts ! i) = Some(AnnSeq c0 c1) \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	314	\<Longrightarrow> interfree (Ts[i:=(Some c0, pre c1)])"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	315	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	316	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	317	apply(case_tac "i=j")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	318	apply(force simp add: nth_list_update interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	319	apply(case_tac "i=ia")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	320	apply(erule_tac x=ia in allE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	321	apply(force simp add:interfree_aux_def assertions_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	322	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	323	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	324
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	325	lemma Parallel_Strong_Soundness_Seq [rule_format (no_asm)]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	326	"\<lbrakk> \<forall>i<length Ts. (if com(Ts!i) = None then b \<in> post(Ts!i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	327	else b \<in> pre(the(com(Ts!i))) \<and> \<turnstile> the(com(Ts!i)) post(Ts!i));
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	328	com(Ts ! i) = Some(AnnSeq c0 c1); i<length Ts; interfree Ts \<rbrakk> \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	329	(\<forall>ia<length Ts. (if com(Ts[i:=(Some c0, pre c1)]! ia) = None
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	330	then b \<in> post(Ts[i:=(Some c0, pre c1)]! ia)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	331	else b \<in> pre(the(com(Ts[i:=(Some c0, pre c1)]! ia))) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	332	\<turnstile> the(com(Ts[i:=(Some c0, pre c1)]! ia)) post(Ts[i:=(Some c0, pre c1)]! ia)))
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	333	\<and> interfree (Ts[i:= (Some c0, pre c1)])"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	334	apply(rule conjI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	335	apply safe
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	336	apply(case_tac "i=ia")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	337	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	338	apply(force dest: ann_hoare_case_analysis)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	339	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	340	apply(fast elim: Parallel_Strong_Soundness_Seq_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	341	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	342
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	343	lemma Parallel_Strong_Soundness_aux_aux [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	344	"(Some c, b) -1\<rightarrow> (co, t) \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	345	(\<forall>Ts. i<length Ts \<longrightarrow> com(Ts ! i) = Some c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	346	(\<forall>i<length Ts. (if com(Ts ! i) = None then b\<in>post(Ts!i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	347	else b\<in>pre(the(com(Ts!i))) \<and> \<turnstile> the(com(Ts!i)) post(Ts!i))) \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	348	interfree Ts \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	349	(\<forall>j. j<length Ts \<and> i\<noteq>j \<longrightarrow> (if com(Ts!j) = None then t\<in>post(Ts!j)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	350	else t\<in>pre(the(com(Ts!j))) \<and> \<turnstile> the(com(Ts!j)) post(Ts!j))) )"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	351	apply(rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	352	apply safe
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	353	prefer 11
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	354	apply(rule TrueI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	355	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	356	--{* Basic *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	357	apply(erule_tac x = "i" in all_dupE, erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	358	apply(erule_tac x = "j" in allE , erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	359	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	360	apply(erule_tac x = "j" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	361	apply(erule_tac x = "i" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	362	apply(drule_tac t = "i" in not_sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	363	apply(case_tac "com(Ts ! j)=None")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	364	apply(force intro: converse_rtrancl_into_rtrancl
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	365	simp add: interfree_aux_def com_validity_def SEM_def sem_def All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	366	apply(simp add:interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	367	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	368	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	369	apply(erule_tac x="pre y" in ballE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	370	apply(force intro: converse_rtrancl_into_rtrancl
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	371	simp add: com_validity_def SEM_def sem_def All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	372	apply(simp add:assertions_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	373	--{* Seqs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	374	apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	375	apply(drule Parallel_Strong_Soundness_Seq,simp+)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	376	apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	377	apply(drule Parallel_Strong_Soundness_Seq,simp+)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	378	--{* Await *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	379	apply(rule_tac x = "i" in allE , assumption , erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	380	apply(erule_tac x = "j" in allE , erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	381	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	382	apply(erule_tac x = "j" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	383	apply(erule_tac x = "i" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	384	apply(drule_tac t = "i" in not_sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	385	apply(case_tac "com(Ts ! j)=None")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	386	apply(force intro: converse_rtrancl_into_rtrancl simp add: interfree_aux_def
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	387	com_validity_def SEM_def sem_def All_None_def Help)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	388	apply(simp add:interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	389	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	390	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	391	apply(erule_tac x="pre y" in ballE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	392	apply(force intro: converse_rtrancl_into_rtrancl
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	393	simp add: com_validity_def SEM_def sem_def All_None_def Help)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	394	apply(simp add:assertions_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	395	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	396
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	397	lemma Parallel_Strong_Soundness_aux [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	398	"\<lbrakk>(Ts',s) -P*\<rightarrow> (Rs',t); Ts' = (Parallel Ts); interfree Ts;
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	399	\<forall>i. i<length Ts \<longrightarrow> (\<exists>c q. (Ts ! i) = (Some c, q) \<and> s\<in>(pre c) \<and> \<turnstile> c q ) \<rbrakk> \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	400	\<forall>Rs. Rs' = (Parallel Rs) \<longrightarrow> (\<forall>j. j<length Rs \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	401	(if com(Rs ! j) = None then t\<in>post(Ts ! j)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	402	else t\<in>pre(the(com(Rs ! j))) \<and> \<turnstile> the(com(Rs ! j)) post(Ts ! j))) \<and> interfree Rs"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	403	apply(erule rtrancl_induct2)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	404	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	405	--{* Base *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	406	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	407	--{* Induction step *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	408	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	409	apply(drule Parallel_length_post_PStar)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	410	apply clarify
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	411	apply (ind_cases "(Parallel Ts, s) -P1\<rightarrow> (Parallel Rs, t)" for Ts s Rs t)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	412	apply(rule conjI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	413	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	414	apply(case_tac "i=j")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	415	apply(simp split del:split_if)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	416	apply(erule Strong_Soundness_aux_aux,simp+)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	417	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	418	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	419	apply(simp split del: split_if)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	420	apply(erule Parallel_Strong_Soundness_aux_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	421	apply(simp_all add: split del:split_if)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	422	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	423	apply(rule interfree_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	424	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	425	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	426
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	427	lemma Parallel_Strong_Soundness:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	428	"\<lbrakk>(Parallel Ts, s) -P*\<rightarrow> (Parallel Rs, t); interfree Ts; j<length Rs;
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	429	\<forall>i. i<length Ts \<longrightarrow> (\<exists>c q. Ts ! i = (Some c, q) \<and> s\<in>pre c \<and> \<turnstile> c q) \<rbrakk> \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	430	if com(Rs ! j) = None then t\<in>post(Ts ! j) else t\<in>pre (the(com(Rs ! j)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	431	apply(drule Parallel_Strong_Soundness_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	432	apply simp+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	433	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	434
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	435	lemma oghoare_sound [rule_format]: "\<parallel>- p c q \<longrightarrow> \<parallel>= p c q"
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	436	apply (unfold com_validity_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	437	apply(rule oghoare_induct)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	438	apply(rule TrueI)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	439	--{* Parallel *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	440	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	441	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	442	apply(frule Parallel_length_post_PStar)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	443	apply clarify
26811 067cceb36e26 Rephrased proof of ann_hoare_case_analysis, to avoid problems with HO unification berghofe parents: 23746 diff changeset	444	apply(drule_tac j=xa in Parallel_Strong_Soundness)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	445	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	446	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	447	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	448	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	449	apply(erule_tac V = "\<forall>i. ?P i" in thin_rl)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	450	apply(drule_tac s = "length Rs" in sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	451	apply(erule allE, erule impE, assumption)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	452	apply(force dest: nth_mem simp add: All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	453	--{* Basic *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	454	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	455	apply(force dest: rtrancl_imp_UN_rel_pow Basic_ntran)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	456	--{* Seq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	457	apply(rule subset_trans)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	458	prefer 2 apply assumption
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	459	apply(simp add: L3_5ii L3_5i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	460	--{* Cond *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	461	apply(simp add: L3_5iv)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	462	--{* While *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	463	apply(simp add: L3_5v)
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	464	apply (blast dest: SEM_fwhile)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	465	--{* Conseq *}
15102 04b0e943fcc9 new simprules Int_subset_iff and Un_subset_iff paulson parents: 14398 diff changeset	466	apply(auto simp add: SEM_def sem_def)
13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	467	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	468
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	469	end

author	huffman
	Thu, 04 Dec 2008 16:28:09 -0800
changeset 28988	13d6f120992b
parent 26811	067cceb36e26
child 32139	e271a64f03ff
permissions	-rw-r--r--