isabelle: src/HOL/SPARK/SPARK_Setup.thy@6d0f1a5a16ea (annotated)

41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	1	(* Title: HOL/SPARK/SPARK_Setup.thy
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	2	Author: Stefan Berghofer
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	3	Copyright: secunet Security Networks AG
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	4
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	5	Setup for SPARK/Ada verification environment.
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	6	*)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	7
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	8	theory SPARK_Setup
66453 cc19f7ca2ed6 session-qualified theory imports: isabelle imports -U -i -d '~~/src/Benchmarks' -a; wenzelm parents: 63432 diff changeset	9	imports "HOL-Word.Word" "HOL-Word.Bit_Comparison"
46950 d0181abdbdac declare command keywords via theory header, including strict checking outside Pure; wenzelm parents: 42416 diff changeset	10	keywords
48908 713f24d7a40f added specific 'spark_open_vcg' and 'spark_open_siv' with formal management of corresponding source files; wenzelm parents: 48891 diff changeset	11	"spark_open_vcg" :: thy_load ("vcg", "fdl", "rls") and
56798 939e88e79724 Discontinued old spark_open; spark_open_siv is now spark_open berghofe parents: 55789 diff changeset	12	"spark_open" :: thy_load ("siv", "fdl", "rls") and
939e88e79724 Discontinued old spark_open; spark_open_siv is now spark_open berghofe parents: 55789 diff changeset	13	"spark_proof_functions" "spark_types" "spark_end" :: thy_decl and
63432 ba7901e94e7b tuned; wenzelm parents: 63167 diff changeset	14	"spark_vc" :: thy_goal and
ba7901e94e7b tuned; wenzelm parents: 63167 diff changeset	15	"spark_status" :: diag
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	16	begin
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	17
48891 c0eafbd55de3 prefer ML_file over old uses; wenzelm parents: 46950 diff changeset	18	ML_file "Tools/fdl_lexer.ML"
c0eafbd55de3 prefer ML_file over old uses; wenzelm parents: 46950 diff changeset	19	ML_file "Tools/fdl_parser.ML"
c0eafbd55de3 prefer ML_file over old uses; wenzelm parents: 46950 diff changeset	20
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	21	text \<open>
41635 f938a6022d2e Replaced smod by standard mod operator to reflect actual behaviour berghofe parents: 41561 diff changeset	22	SPARK version of div, see section 4.4.1.1 of SPARK Proof Manual
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	23	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	24
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	25	definition sdiv :: "int \<Rightarrow> int \<Rightarrow> int" (infixl "sdiv" 70) where
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	26	"a sdiv b = sgn a * sgn b * (\<bar>a\<bar> div \<bar>b\<bar>)"
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	27
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	28	lemma sdiv_minus_dividend: "- a sdiv b = - (a sdiv b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	29	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	30
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	31	lemma sdiv_minus_divisor: "a sdiv - b = - (a sdiv b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	32	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	33
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	34	text \<open>
41635 f938a6022d2e Replaced smod by standard mod operator to reflect actual behaviour berghofe parents: 41561 diff changeset	35	Correspondence between HOL's and SPARK's version of div
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	36	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	37
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	38	lemma sdiv_pos_pos: "0 \<le> a \<Longrightarrow> 0 \<le> b \<Longrightarrow> a sdiv b = a div b"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	39	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	40
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	41	lemma sdiv_pos_neg: "0 \<le> a \<Longrightarrow> b < 0 \<Longrightarrow> a sdiv b = - (a div - b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	42	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	43
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	44	lemma sdiv_neg_pos: "a < 0 \<Longrightarrow> 0 \<le> b \<Longrightarrow> a sdiv b = - (- a div b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	45	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	46
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	47	lemma sdiv_neg_neg: "a < 0 \<Longrightarrow> b < 0 \<Longrightarrow> a sdiv b = - a div - b"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	48	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	49
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	50
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	51	text \<open>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	52	Updating a function at a set of points. Useful for building arrays.
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	53	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	54
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	55	definition fun_upds :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a set \<Rightarrow> 'b \<Rightarrow> 'a \<Rightarrow> 'b" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	56	"fun_upds f xs y z = (if z \<in> xs then y else f z)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	57
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	58	syntax
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	59	"_updsbind" :: "['a, 'a] => updbind" ("(2_ [:=]/ _)")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	60
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	61	translations
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	62	"f(xs[:=]y)" == "CONST fun_upds f xs y"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	63
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	64	lemma fun_upds_in [simp]: "z \<in> xs \<Longrightarrow> (f(xs [:=] y)) z = y"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	65	by (simp add: fun_upds_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	66
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	67	lemma fun_upds_notin [simp]: "z \<notin> xs \<Longrightarrow> (f(xs [:=] y)) z = f z"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	68	by (simp add: fun_upds_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	69
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	70	lemma upds_singleton [simp]: "f({x} [:=] y) = f(x := y)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	71	by (simp add: fun_eq_iff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	72
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	73
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	74	text \<open>Enumeration types\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	75
42416 a8a9f4d79196 - renamed enum type class to spark_enum, to avoid confusion with berghofe parents: 41637 diff changeset	76	class spark_enum = ord + finite +
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	77	fixes pos :: "'a \<Rightarrow> int"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	78	assumes range_pos: "range pos = {0..<int (card (UNIV::'a set))}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	79	and less_pos: "(x < y) = (pos x < pos y)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	80	and less_eq_pos: "(x \<le> y) = (pos x \<le> pos y)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	81	begin
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	82
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	83	definition "val = inv pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	84
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	85	definition "succ x = val (pos x + 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	86
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	87	definition "pred x = val (pos x - 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	88
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	89	lemma inj_pos: "inj pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	90	using finite_UNIV
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	91	by (rule eq_card_imp_inj_on) (simp add: range_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	92
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	93	lemma val_pos: "val (pos x) = x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	94	unfolding val_def using inj_pos
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	95	by (rule inv_f_f)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	96
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	97	lemma pos_val: "z \<in> range pos \<Longrightarrow> pos (val z) = z"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	98	unfolding val_def
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	99	by (rule f_inv_into_f)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	100
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	101	subclass linorder
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	102	proof
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	103	fix x::'a and y show "(x < y) = (x \<le> y \<and> \<not> y \<le> x)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	104	by (simp add: less_pos less_eq_pos less_le_not_le)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	105	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	106	fix x::'a show "x \<le> x" by (simp add: less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	107	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	108	fix x::'a and y z assume "x \<le> y" and "y \<le> z"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	109	then show "x \<le> z" by (simp add: less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	110	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	111	fix x::'a and y assume "x \<le> y" and "y \<le> x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	112	with inj_pos show "x = y"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	113	by (auto dest: injD simp add: less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	114	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	115	fix x::'a and y show "x \<le> y \<or> y \<le> x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	116	by (simp add: less_eq_pos linear)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	117	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	118
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	119	definition "first_el = val 0"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	120
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	121	definition "last_el = val (int (card (UNIV::'a set)) - 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	122
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	123	lemma first_el_smallest: "first_el \<le> x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	124	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	125	have "pos x \<in> range pos" by (rule rangeI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	126	then have "pos (val 0) \<le> pos x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	127	by (simp add: range_pos pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	128	then show ?thesis by (simp add: first_el_def less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	129	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	130
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	131	lemma last_el_greatest: "x \<le> last_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	132	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	133	have "pos x \<in> range pos" by (rule rangeI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	134	then have "pos x \<le> pos (val (int (card (UNIV::'a set)) - 1))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	135	by (simp add: range_pos pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	136	then show ?thesis by (simp add: last_el_def less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	137	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	138
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	139	lemma pos_succ:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	140	assumes "x \<noteq> last_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	141	shows "pos (succ x) = pos x + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	142	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	143	have "x \<le> last_el" by (rule last_el_greatest)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	144	with assms have "x < last_el" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	145	then have "pos x < pos last_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	146	by (simp add: less_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	147	with rangeI [of pos x]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	148	have "pos x + 1 \<in> range pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	149	by (simp add: range_pos last_el_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	150	then show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	151	by (simp add: succ_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	152	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	153
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	154	lemma pos_pred:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	155	assumes "x \<noteq> first_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	156	shows "pos (pred x) = pos x - 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	157	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	158	have "first_el \<le> x" by (rule first_el_smallest)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	159	with assms have "first_el < x" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	160	then have "pos first_el < pos x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	161	by (simp add: less_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	162	with rangeI [of pos x]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	163	have "pos x - 1 \<in> range pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	164	by (simp add: range_pos first_el_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	165	then show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	166	by (simp add: pred_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	167	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	168
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	169	lemma succ_val: "x \<in> range pos \<Longrightarrow> succ (val x) = val (x + 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	170	by (simp add: succ_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	171
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	172	lemma pred_val: "x \<in> range pos \<Longrightarrow> pred (val x) = val (x - 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	173	by (simp add: pred_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	174
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	175	end
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	176
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	177	lemma interval_expand:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	178	"x < y \<Longrightarrow> (z::int) \<in> {x..<y} = (z = x \<or> z \<in> {x+1..<y})"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	179	by auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	180
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	181
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	182	text \<open>Load the package\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	183
48891 c0eafbd55de3 prefer ML_file over old uses; wenzelm parents: 46950 diff changeset	184	ML_file "Tools/spark_vcs.ML"
c0eafbd55de3 prefer ML_file over old uses; wenzelm parents: 46950 diff changeset	185	ML_file "Tools/spark_commands.ML"
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	186
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	187	end

author	wenzelm
	Thu, 14 Jun 2018 17:50:23 +0200
changeset 68449	6d0f1a5a16ea
parent 66453	cc19f7ca2ed6
child 69605	a96320074298
permissions	-rw-r--r--