author | kleing |
Thu, 04 Apr 2002 16:48:00 +0200 | |
changeset 13078 | 1dd711c6b93c |
parent 13071 | f538a1dba7ee |
child 13080 | d9feada9c486 |
permissions | -rw-r--r-- |
13078 | 1 |
(* |
8245 | 2 |
ID: $Id$ |
3 |
Author: Gerwin Klein |
|
4 |
Copyright 1999 Technische Universitaet Muenchen |
|
9054 | 5 |
*) |
8245 | 6 |
|
12911 | 7 |
header {* \isaheader{Correctness of the LBV} *} |
8245 | 8 |
|
13062 | 9 |
theory LBVCorrect = LBVSpec + Typing_Framework: |
9757
1024a2d80ac0
functional LBV style, dead code, type safety -> Isar
kleing
parents:
9664
diff
changeset
|
10 |
|
13078 | 11 |
locale lbvc = lbv + |
12 |
fixes s0 :: 'a |
|
13 |
fixes c :: "'a list" |
|
14 |
fixes ins :: "'b list" |
|
15 |
fixes phi :: "'a list" ("\<phi>") |
|
16 |
defines phi_def: |
|
17 |
"\<phi> \<equiv> map (\<lambda>pc. if c!pc = \<bottom> then wtl (take pc ins) c 0 s0 else c!pc) |
|
18 |
[0..length ins(]" |
|
9012 | 19 |
|
20 |
||
13078 | 21 |
lemma (in lbvc) phi_None [intro?]: |
22 |
"\<lbrakk> pc < length ins; c!pc = \<bottom> \<rbrakk> \<Longrightarrow> \<phi> ! pc = wtl (take pc ins) c 0 s0" |
|
23 |
by (simp add: phi_def) |
|
9757
1024a2d80ac0
functional LBV style, dead code, type safety -> Isar
kleing
parents:
9664
diff
changeset
|
24 |
|
13078 | 25 |
lemma (in lbvc) phi_Some [intro?]: |
26 |
"\<lbrakk> pc < length ins; c!pc \<noteq> \<bottom> \<rbrakk> \<Longrightarrow> \<phi> ! pc = c ! pc" |
|
27 |
by (simp add: phi_def) |
|
13062 | 28 |
|
13078 | 29 |
lemma (in lbvc) phi_len [simp]: |
30 |
"length \<phi> = length ins" |
|
31 |
by (simp add: phi_def) |
|
32 |
||
9012 | 33 |
|
13078 | 34 |
lemma (in lbvc) wtl_suc_pc: |
35 |
assumes all: "wtl ins c 0 s0 \<noteq> \<top>" |
|
36 |
assumes pc: "pc+1 < length ins" |
|
37 |
shows "wtl (take (pc+1) ins) c 0 s0 <=_r \<phi>!(pc+1)" |
|
38 |
proof - |
|
39 |
from all pc |
|
40 |
have "wtc c (pc+1) (wtl (take (pc+1) ins) c 0 s0) \<noteq> T" by (rule wtl_all) |
|
41 |
with pc show ?thesis by (simp add: phi_def wtc split: split_if_asm) |
|
9580 | 42 |
qed |
9012 | 43 |
|
44 |
||
13078 | 45 |
lemma (in lbvc) wtl_stable: |
13062 | 46 |
assumes |
13078 | 47 |
pres: "pres_type step (length ins) A" and |
48 |
s0_in_A: "s0 \<in> A" and |
|
49 |
cert_ok: "cert_ok c (length ins) \<top> \<bottom> A" and |
|
50 |
wtl: "wtl ins c 0 s0 \<noteq> \<top>" and |
|
51 |
pc: "pc < length ins" and |
|
52 |
bounded: "bounded step (length ins)" |
|
53 |
shows "stable r step \<phi> pc" |
|
13062 | 54 |
proof (unfold stable_def, clarify) |
13078 | 55 |
fix pc' s' assume step: "(pc',s') \<in> set (step pc (\<phi> ! pc))" |
13062 | 56 |
(is "(pc',s') \<in> set (?step pc)") |
57 |
||
13078 | 58 |
from step pc bounded have pc': "pc' < length ins" |
13062 | 59 |
by (unfold bounded_def) blast |
13078 | 60 |
|
61 |
have tkpc: "wtl (take pc ins) c 0 s0 \<noteq> \<top>" (is "?s1 \<noteq> _") by (rule wtl_take) |
|
62 |
have s2: "wtl (take (pc+1) ins) c 0 s0 \<noteq> \<top>" (is "?s2 \<noteq> _") by (rule wtl_take) |
|
13062 | 63 |
|
13078 | 64 |
from wtl pc have cert: "wtc c pc ?s1 \<noteq> \<top>" by (rule wtl_all) |
9012 | 65 |
|
13078 | 66 |
have c_Some: "\<forall>pc t. pc < length ins \<longrightarrow> c!pc \<noteq> \<bottom> \<longrightarrow> \<phi>!pc = c!pc" |
67 |
by (simp add: phi_def) |
|
68 |
have c_None: "c!pc = \<bottom> \<Longrightarrow> \<phi>!pc = ?s1" .. |
|
13062 | 69 |
|
13078 | 70 |
from cert pc c_None c_Some |
71 |
have inst: "wtc c pc ?s1 = wti c pc (\<phi>!pc)" |
|
72 |
by (simp add: wtc split: split_if_asm) |
|
13062 | 73 |
|
13078 | 74 |
have "?s1 \<in> A" by (rule wtl_pres) |
13062 | 75 |
with pc c_Some cert_ok c_None |
13078 | 76 |
have "\<phi>!pc \<in> A" by (cases "c!pc = \<bottom>") (auto dest: cert_okD1) |
13062 | 77 |
with pc pres |
13078 | 78 |
have step_in_A: "snd`set (?step pc) \<subseteq> A" by (auto dest: pres_typeD2) |
9012 | 79 |
|
13078 | 80 |
show "s' <=_r \<phi>!pc'" |
13062 | 81 |
proof (cases "pc' = pc+1") |
82 |
case True |
|
83 |
with pc' cert_ok |
|
13078 | 84 |
have cert_in_A: "c!(pc+1) \<in> A" by (auto dest: cert_okD1) |
85 |
from True pc' have pc1: "pc+1 < length ins" by simp |
|
86 |
with tkpc have "?s2 = wtc c pc ?s1" by - (rule wtl_Suc) |
|
87 |
with inst |
|
88 |
have merge: "?s2 = merge c pc (?step pc) (c!(pc+1))" by (simp add: wti) |
|
13062 | 89 |
also |
13078 | 90 |
from s2 merge have "\<dots> \<noteq> \<top>" (is "?merge \<noteq> _") by simp |
91 |
with cert_in_A step_in_A |
|
92 |
have "?merge = (map snd [(p',t')\<in>?step pc. p'=pc+1] ++_f (c!(pc+1)))" |
|
93 |
by (rule merge_not_top_s) |
|
13062 | 94 |
finally |
13078 | 95 |
have "s' <=_r ?s2" using step_in_A cert_in_A True step |
96 |
by (auto intro: pp_ub1') |
|
13062 | 97 |
also |
13078 | 98 |
from wtl pc1 have "?s2 <=_r \<phi>!(pc+1)" by (rule wtl_suc_pc) |
13062 | 99 |
also note True [symmetric] |
13078 | 100 |
finally show ?thesis by simp |
13062 | 101 |
next |
102 |
case False |
|
13078 | 103 |
from cert inst |
104 |
have "merge c pc (?step pc) (c!(pc+1)) \<noteq> \<top>" by (simp add: wti) |
|
105 |
with step_in_A |
|
106 |
have "\<forall>(pc', s')\<in>set (?step pc). pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'" |
|
107 |
by - (rule merge_not_top) |
|
13062 | 108 |
with step False |
13078 | 109 |
have ok: "s' <=_r c!pc'" by blast |
13062 | 110 |
moreover |
111 |
from ok |
|
13078 | 112 |
have "c!pc' = \<bottom> \<Longrightarrow> s' = \<bottom>" by simp |
13062 | 113 |
moreover |
114 |
from c_Some pc' |
|
13078 | 115 |
have "c!pc' \<noteq> \<bottom> \<Longrightarrow> \<phi>!pc' = c!pc'" by auto |
13062 | 116 |
ultimately |
13078 | 117 |
show ?thesis by (cases "c!pc' = \<bottom>") auto |
13062 | 118 |
qed |
9549
40d64cb4f4e6
BV and LBV specified in terms of app and step functions
kleing
parents:
9376
diff
changeset
|
119 |
qed |
9012 | 120 |
|
13078 | 121 |
|
122 |
lemma (in lbvc) phi_not_top: |
|
123 |
assumes wtl: "wtl ins c 0 s0 \<noteq> \<top>" |
|
124 |
assumes crt: "cert_ok c (length ins) \<top> \<bottom> A" |
|
125 |
assumes pc: "pc < length ins" |
|
126 |
shows "\<phi>!pc \<noteq> \<top>" |
|
127 |
proof (cases "c!pc = \<bottom>") |
|
128 |
case False with pc |
|
129 |
have "\<phi>!pc = c!pc" .. |
|
130 |
also from crt pc have "\<dots> \<noteq> \<top>" by (rule cert_okD4) |
|
131 |
finally show ?thesis . |
|
132 |
next |
|
133 |
case True with pc |
|
134 |
have "\<phi>!pc = wtl (take pc ins) c 0 s0" .. |
|
135 |
also from wtl have "\<dots> \<noteq> \<top>" by (rule wtl_take) |
|
136 |
finally show ?thesis . |
|
137 |
qed |
|
138 |
||
9376 | 139 |
|
13078 | 140 |
theorem (in lbvc) wtl_sound: |
141 |
assumes "wtl ins c 0 s0 \<noteq> \<top>" |
|
142 |
assumes "bounded step (length ins)" |
|
143 |
assumes "s0 \<in> A" and "cert_ok c (length ins) \<top> \<bottom> A" |
|
144 |
assumes "pres_type step (length ins) A" |
|
145 |
shows "\<exists>ts. wt_step r \<top> step ts" |
|
146 |
proof - |
|
147 |
have "wt_step r \<top> step \<phi>" |
|
148 |
proof (unfold wt_step_def, intro strip conjI) |
|
149 |
fix pc assume "pc < length \<phi>" |
|
150 |
then obtain "pc < length ins" by simp |
|
151 |
show "\<phi>!pc \<noteq> \<top>" by (rule phi_not_top) |
|
152 |
show "stable r step \<phi> pc" by (rule wtl_stable) |
|
153 |
qed |
|
154 |
thus ?thesis .. |
|
9549
40d64cb4f4e6
BV and LBV specified in terms of app and step functions
kleing
parents:
9376
diff
changeset
|
155 |
qed |
40d64cb4f4e6
BV and LBV specified in terms of app and step functions
kleing
parents:
9376
diff
changeset
|
156 |
|
13078 | 157 |
end |