isabelle: src/HOL/IMP/Hoare_Den.thy@2a41709f34c1 (annotated)

35754 8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	1	(* Title: HOL/IMP/Hoare_Def.thy
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	2	ID: $Id$
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	3	Author: Tobias Nipkow
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	4	*)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	5
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	6	header "Soundness and Completeness wrt Denotational Semantics"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	7
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	8	theory Hoare_Den imports Hoare Denotation begin
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	9
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	10	definition
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	11	hoare_valid :: "[assn,com,assn] => bool" ("\|= {(1_)}/ (_)/ {(1_)}" 50) where
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	12	"\|= {P}c{Q} = (!s t. (s,t) : C(c) --> P s --> Q t)"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	13
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	14
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	15	lemma hoare_sound: "\|- {P}c{Q} ==> \|= {P}c{Q}"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	16	proof(induct rule: hoare.induct)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	17	case (While P b c)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	18	{ fix s t
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	19	let ?G = "Gamma b (C c)"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	20	assume "(s,t) \<in> lfp ?G"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	21	hence "P s \<longrightarrow> P t \<and> \<not> b t"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	22	proof(rule lfp_induct2)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	23	show "mono ?G" by(rule Gamma_mono)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	24	next
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	25	fix s t assume "(s,t) \<in> ?G (lfp ?G \<inter> {(s,t). P s \<longrightarrow> P t \<and> \<not> b t})"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	26	thus "P s \<longrightarrow> P t \<and> \<not> b t" using While.hyps
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	27	by(auto simp: hoare_valid_def Gamma_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	28	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	29	}
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	30	thus ?case by(simp add:hoare_valid_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	31	qed (auto simp: hoare_valid_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	32
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	33
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	34	definition
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	35	wp :: "com => assn => assn" where
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	36	"wp c Q = (%s. !t. (s,t) : C(c) --> Q t)"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	37
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	38	lemma wp_SKIP: "wp \<SKIP> Q = Q"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	39	by (simp add: wp_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	40
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	41	lemma wp_Ass: "wp (x:==a) Q = (%s. Q(s[x\<mapsto>a s]))"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	42	by (simp add: wp_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	43
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	44	lemma wp_Semi: "wp (c;d) Q = wp c (wp d Q)"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	45	by (rule ext) (auto simp: wp_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	46
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	47	lemma wp_If:
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	48	"wp (\<IF> b \<THEN> c \<ELSE> d) Q = (%s. (b s --> wp c Q s) & (~b s --> wp d Q s))"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	49	by (rule ext) (auto simp: wp_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	50
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	51	lemma wp_While_If:
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	52	"wp (\<WHILE> b \<DO> c) Q s =
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	53	wp (IF b THEN c;\<WHILE> b \<DO> c ELSE SKIP) Q s"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	54	by(simp only: wp_def C_While_If)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	55
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	56	(Not suitable for rewriting: LOOPS!)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	57	lemma wp_While_if:
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	58	"wp (\<WHILE> b \<DO> c) Q s = (if b s then wp (c;\<WHILE> b \<DO> c) Q s else Q s)"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	59	by(simp add:wp_While_If wp_If wp_SKIP)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	60
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	61	lemma wp_While_True: "b s ==>
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	62	wp (\<WHILE> b \<DO> c) Q s = wp (c;\<WHILE> b \<DO> c) Q s"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	63	by(simp add: wp_While_if)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	64
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	65	lemma wp_While_False: "~b s ==> wp (\<WHILE> b \<DO> c) Q s = Q s"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	66	by(simp add: wp_While_if)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	67
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	68	lemmas [simp] = wp_SKIP wp_Ass wp_Semi wp_If wp_While_True wp_While_False
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	69
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	70	lemma wp_While: "wp (\<WHILE> b \<DO> c) Q s =
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	71	(s : gfp(%S.{s. if b s then wp c (%s. s:S) s else Q s}))"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	72	apply (simp (no_asm))
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	73	apply (rule iffI)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	74	apply (rule weak_coinduct)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	75	apply (erule CollectI)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	76	apply safe
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	77	apply simp
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	78	apply simp
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	79	apply (simp add: wp_def Gamma_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	80	apply (intro strip)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	81	apply (rule mp)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	82	prefer 2 apply (assumption)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	83	apply (erule lfp_induct2)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	84	apply (fast intro!: monoI)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	85	apply (subst gfp_unfold)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	86	apply (fast intro!: monoI)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	87	apply fast
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	88	done
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	89
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	90	declare C_while [simp del]
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	91
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	92	lemma wp_is_pre: "\|- {wp c Q} c {Q}"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	93	proof(induct c arbitrary: Q)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	94	case SKIP show ?case by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	95	next
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	96	case Assign show ?case by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	97	next
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	98	case Semi thus ?case by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	99	next
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	100	case (Cond b c1 c2)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	101	let ?If = "IF b THEN c1 ELSE c2"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	102	show ?case
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	103	proof(rule If)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	104	show "\|- {\<lambda>s. wp ?If Q s \<and> b s} c1 {Q}"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	105	proof(rule strengthen_pre[OF _ Cond(1)])
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	106	show "\<forall>s. wp ?If Q s \<and> b s \<longrightarrow> wp c1 Q s" by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	107	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	108	show "\|- {\<lambda>s. wp ?If Q s \<and> \<not> b s} c2 {Q}"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	109	proof(rule strengthen_pre[OF _ Cond(2)])
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	110	show "\<forall>s. wp ?If Q s \<and> \<not> b s \<longrightarrow> wp c2 Q s" by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	111	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	112	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	113	next
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	114	case (While b c)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	115	let ?w = "WHILE b DO c"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	116	show ?case
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	117	proof(rule While')
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	118	show "\|- {\<lambda>s. wp ?w Q s \<and> b s} c {wp ?w Q}"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	119	proof(rule strengthen_pre[OF _ While(1)])
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	120	show "\<forall>s. wp ?w Q s \<and> b s \<longrightarrow> wp c (wp ?w Q) s" by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	121	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	122	show "\<forall>s. wp ?w Q s \<and> \<not> b s \<longrightarrow> Q s" by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	123	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	124	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	125
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	126	lemma hoare_relative_complete: assumes "\|= {P}c{Q}" shows "\|- {P}c{Q}"
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	127	proof(rule conseq)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	128	show "\<forall>s. P s \<longrightarrow> wp c Q s" using assms
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	129	by (auto simp: hoare_valid_def wp_def)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	130	show "\|- {wp c Q} c {Q}" by(rule wp_is_pre)
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	131	show "\<forall>s. Q s \<longrightarrow> Q s" by auto
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	132	qed
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	133
8e7dba5f00f5 Reorganized Hoare logic theories; added Hoare_Den nipkow parents: diff changeset	134	end

author	blanchet
	Tue, 07 Dec 2010 11:56:01 +0100
changeset 41045	2a41709f34c1
parent 35754	8e7dba5f00f5
child 41589	bbd861837ebc
permissions	-rw-r--r--