|
1465
|
1 |
(* Title: HOL/IMP/Hoare.ML
|
|
938
|
2 |
ID: $Id$
|
|
1465
|
3 |
Author: Tobias Nipkow
|
|
936
|
4 |
Copyright 1995 TUM
|
|
|
5 |
|
|
1481
|
6 |
Soundness (and part of) relative completeness of Hoare rules
|
|
|
7 |
wrt denotational semantics
|
|
936
|
8 |
*)
|
|
|
9 |
|
|
|
10 |
open Hoare;
|
|
|
11 |
|
|
1730
|
12 |
goalw Hoare.thy [hoare_valid_def] "!!P c Q. |- {P}c{Q} ==> |= {P}c{Q}";
|
|
|
13 |
by (etac hoare.induct 1);
|
|
1447
|
14 |
by(ALLGOALS Asm_simp_tac);
|
|
1973
|
15 |
by (Fast_tac 1);
|
|
1910
|
16 |
by (Fast_tac 1);
|
|
1465
|
17 |
by (rtac allI 1);
|
|
|
18 |
by (rtac allI 1);
|
|
|
19 |
by (rtac impI 1);
|
|
|
20 |
by (etac induct2 1);
|
|
1447
|
21 |
br Gamma_mono 1;
|
|
1465
|
22 |
by (rewtac Gamma_def);
|
|
1973
|
23 |
by (Fast_tac 1);
|
|
1730
|
24 |
qed "hoare_sound";
|
|
936
|
25 |
|
|
1696
|
26 |
goalw Hoare.thy [swp_def] "swp SKIP Q = Q";
|
|
1481
|
27 |
by(Simp_tac 1);
|
|
|
28 |
br ext 1;
|
|
1910
|
29 |
by (Fast_tac 1);
|
|
1696
|
30 |
qed "swp_SKIP";
|
|
1481
|
31 |
|
|
1696
|
32 |
goalw Hoare.thy [swp_def] "swp (x:=a) Q = (%s.Q(s[a s/x]))";
|
|
1481
|
33 |
by(Simp_tac 1);
|
|
|
34 |
qed "swp_Ass";
|
|
|
35 |
|
|
|
36 |
goalw Hoare.thy [swp_def] "swp (c;d) Q = swp c (swp d Q)";
|
|
|
37 |
by(Simp_tac 1);
|
|
|
38 |
br ext 1;
|
|
1910
|
39 |
by (Fast_tac 1);
|
|
1481
|
40 |
qed "swp_Semi";
|
|
936
|
41 |
|
|
1481
|
42 |
goalw Hoare.thy [swp_def]
|
|
1696
|
43 |
"swp (IF b THEN c ELSE d) Q = (%s. (b s --> swp c Q s) & \
|
|
|
44 |
\ (~b s --> swp d Q s))";
|
|
1481
|
45 |
by(Simp_tac 1);
|
|
|
46 |
br ext 1;
|
|
1910
|
47 |
by (Fast_tac 1);
|
|
1481
|
48 |
qed "swp_If";
|
|
936
|
49 |
|
|
1481
|
50 |
goalw Hoare.thy [swp_def]
|
|
1696
|
51 |
"!!s. b s ==> swp (WHILE b DO c) Q s = swp (c;WHILE b DO c) Q s";
|
|
1481
|
52 |
by(stac C_While_If 1);
|
|
|
53 |
by(Asm_simp_tac 1);
|
|
|
54 |
qed "swp_While_True";
|
|
|
55 |
|
|
1696
|
56 |
goalw Hoare.thy [swp_def] "!!s. ~b s ==> swp (WHILE b DO c) Q s = Q s";
|
|
1481
|
57 |
by(stac C_While_If 1);
|
|
|
58 |
by(Asm_simp_tac 1);
|
|
1910
|
59 |
by (Fast_tac 1);
|
|
1481
|
60 |
qed "swp_While_False";
|
|
|
61 |
|
|
1696
|
62 |
Addsimps [swp_SKIP,swp_Ass,swp_Semi,swp_If,swp_While_True,swp_While_False];
|
|
1481
|
63 |
|
|
1910
|
64 |
(*Not suitable for rewriting: LOOPS!*)
|
|
|
65 |
goal Hoare.thy "swp (WHILE b DO c) Q s = \
|
|
|
66 |
\ (if b s then swp (c;WHILE b DO c) Q s else Q s)";
|
|
|
67 |
by (simp_tac (!simpset setloop split_tac [expand_if]) 1);
|
|
|
68 |
qed "swp_While_if";
|
|
|
69 |
|
|
|
70 |
|
|
1481
|
71 |
Delsimps [C_while];
|
|
936
|
72 |
|
|
1910
|
73 |
AddSIs [hoare.skip, hoare.ass, hoare.semi, hoare.If];
|
|
|
74 |
|
|
1486
|
75 |
goal Hoare.thy "!Q. |- {swp c Q} c {Q}";
|
|
1481
|
76 |
by(com.induct_tac "c" 1);
|
|
|
77 |
by(ALLGOALS Simp_tac);
|
|
1910
|
78 |
by (REPEAT_FIRST Fast_tac);
|
|
|
79 |
by (deepen_tac (!claset addIs [hoare.conseq]) 0 1);
|
|
|
80 |
by (Step_tac 1);
|
|
1481
|
81 |
br hoare.conseq 1;
|
|
|
82 |
be thin_rl 1;
|
|
1910
|
83 |
by (Fast_tac 1);
|
|
1696
|
84 |
br hoare.While 1;
|
|
1481
|
85 |
br hoare.conseq 1;
|
|
|
86 |
be thin_rl 3;
|
|
|
87 |
br allI 3;
|
|
|
88 |
br impI 3;
|
|
|
89 |
ba 3;
|
|
1910
|
90 |
by (Fast_tac 2);
|
|
1481
|
91 |
by(safe_tac HOL_cs);
|
|
|
92 |
by(rotate_tac ~1 1);
|
|
|
93 |
by(Asm_full_simp_tac 1);
|
|
|
94 |
by(rotate_tac ~1 1);
|
|
|
95 |
by(Asm_full_simp_tac 1);
|
|
1486
|
96 |
qed_spec_mp "swp_is_pre";
|
|
1481
|
97 |
|
|
1486
|
98 |
goal Hoare.thy "!!c. |= {P}c{Q} ==> |- {P}c{Q}";
|
|
1481
|
99 |
br (swp_is_pre RSN (2,hoare.conseq)) 1;
|
|
1910
|
100 |
by (Fast_tac 2);
|
|
1696
|
101 |
by(rewrite_goals_tac [hoare_valid_def,swp_def]);
|
|
1910
|
102 |
by (Fast_tac 1);
|
|
1481
|
103 |
qed "hoare_relative_complete";
|