isabelle: src/HOL/Hoare/HoareAbort.thy@9ffb43b19ec6 (annotated)

13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	1	(* Title: HOL/Hoare/HoareAbort.thy
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	2	ID: $Id$
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	3	Author: Leonor Prensa Nieto & Tobias Nipkow
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	4	Copyright 2003 TUM
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	5
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	6	Like Hoare.thy, but with an Abort statement for modelling run time errors.
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	7	*)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	8
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 15032 diff changeset	9	theory HoareAbort imports Main
9bc16273c2d4 migrated theory headers to new format haftmann parents: 15032 diff changeset	10	uses ("hoareAbort.ML") begin
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	11
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	12	types
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	13	'a bexp = "'a set"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	14	'a assn = "'a set"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	15
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	16	datatype
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	17	'a com = Basic "'a \<Rightarrow> 'a"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	18	\| Abort
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	19	\| Seq "'a com" "'a com" ("(_;/ _)" [61,60] 60)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	20	\| Cond "'a bexp" "'a com" "'a com" ("(1IF _/ THEN _ / ELSE _/ FI)" [0,0,0] 61)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	21	\| While "'a bexp" "'a assn" "'a com" ("(1WHILE _/ INV {_} //DO _ /OD)" [0,0,0] 61)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	22
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	23	syntax
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	24	"@assign" :: "id => 'b => 'a com" ("(2_ :=/ _)" [70,65] 61)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	25	"@annskip" :: "'a com" ("SKIP")
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	26
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	27	translations
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	28	"SKIP" == "Basic id"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	29
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	30	types 'a sem = "'a option => 'a option => bool"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	31
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	32	consts iter :: "nat => 'a bexp => 'a sem => 'a sem"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	33	primrec
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	34	"iter 0 b S = (\<lambda>s s'. s \<notin> Some ` b \<and> s=s')"
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	35	"iter (Suc n) b S =
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	36	(\<lambda>s s'. s \<in> Some ` b \<and> (\<exists>s''. S s s'' \<and> iter n b S s'' s'))"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	37
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	38	consts Sem :: "'a com => 'a sem"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	39	primrec
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	40	"Sem(Basic f) s s' = (case s of None \<Rightarrow> s' = None \| Some t \<Rightarrow> s' = Some(f t))"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	41	"Sem Abort s s' = (s' = None)"
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	42	"Sem(c1;c2) s s' = (\<exists>s''. Sem c1 s s'' \<and> Sem c2 s'' s')"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	43	"Sem(IF b THEN c1 ELSE c2 FI) s s' =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	44	(case s of None \<Rightarrow> s' = None
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	45	\| Some t \<Rightarrow> ((t \<in> b \<longrightarrow> Sem c1 s s') \<and> (t \<notin> b \<longrightarrow> Sem c2 s s')))"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	46	"Sem(While b x c) s s' =
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	47	(if s = None then s' = None else \<exists>n. iter n b (Sem c) s s')"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	48
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	49	constdefs Valid :: "'a bexp \<Rightarrow> 'a com \<Rightarrow> 'a bexp \<Rightarrow> bool"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	50	"Valid p c q == \<forall>s s'. Sem c s s' \<longrightarrow> s : Some ` p \<longrightarrow> s' : Some ` q"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	51
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	52
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	53	syntax
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	54	"@hoare_vars" :: "[idts, 'a assn,'a com,'a assn] => bool"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	55	("VARS _// {_} // _ // {_}" [0,0,55,0] 50)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	56	syntax ("" output)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	57	"@hoare" :: "['a assn,'a com,'a assn] => bool"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	58	("{_} // _ // {_}" [0,55,0] 50)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	59
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	60	( parse translations )
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	61
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	62	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	63
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	64	local
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	65	fun free a = Free(a,dummyT)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	66	fun abs((a,T),body) =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	67	let val a = absfree(a, dummyT, body)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	68	in if T = Bound 0 then a else Const(Syntax.constrainAbsC,dummyT) $ a $ T end
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	69	in
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	70
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	71	fun mk_abstuple [x] body = abs (x, body)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	72	\| mk_abstuple (x::xs) body =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	73	Syntax.const "split" $ abs (x, mk_abstuple xs body);
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	74
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	75	fun mk_fbody a e [x as (b,_)] = if a=b then e else free b
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	76	\| mk_fbody a e ((b,_)::xs) =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	77	Syntax.const "Pair" $ (if a=b then e else free b) $ mk_fbody a e xs;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	78
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	79	fun mk_fexp a e xs = mk_abstuple xs (mk_fbody a e xs)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	80	end
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	81	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	82
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	83	(* bexp_tr & assn_tr *)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	84	(*all meta-variables for bexp except for TRUE are translated as if they
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	85	were boolean expressions*)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	86	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	87	fun bexp_tr (Const ("TRUE", _)) xs = Syntax.const "TRUE"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	88	\| bexp_tr b xs = Syntax.const "Collect" $ mk_abstuple xs b;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	89
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	90	fun assn_tr r xs = Syntax.const "Collect" $ mk_abstuple xs r;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	91	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	92	(* com_tr *)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	93	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	94	fun com_tr (Const("@assign",_) $ Free (a,_) $ e) xs =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	95	Syntax.const "Basic" $ mk_fexp a e xs
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	96	\| com_tr (Const ("Basic",_) $ f) xs = Syntax.const "Basic" $ f
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	97	\| com_tr (Const ("Seq",_) $ c1 $ c2) xs =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	98	Syntax.const "Seq" $ com_tr c1 xs $ com_tr c2 xs
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	99	\| com_tr (Const ("Cond",_) $ b $ c1 $ c2) xs =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	100	Syntax.const "Cond" $ bexp_tr b xs $ com_tr c1 xs $ com_tr c2 xs
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	101	\| com_tr (Const ("While",_) $ b $ I $ c) xs =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	102	Syntax.const "While" $ bexp_tr b xs $ assn_tr I xs $ com_tr c xs
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	103	\| com_tr t _ = t (* if t is just a Free/Var *)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	104	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	105
17781 32bb237158a5 print_translation: does not handle _idtdummy; wenzelm parents: 16417 diff changeset	106	(* triple_tr ) ( FIXME does not handle "_idtdummy" *)
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	107	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	108	local
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	109
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	110	fun var_tr(Free(a,_)) = (a,Bound 0) (* Bound 0 = dummy term *)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	111	\| var_tr(Const ("_constrain", _) $ (Free (a,_)) $ T) = (a,T);
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	112
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	113	fun vars_tr (Const ("_idts", _) $ idt $ vars) = var_tr idt :: vars_tr vars
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	114	\| vars_tr t = [var_tr t]
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	115
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	116	in
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	117	fun hoare_vars_tr [vars, pre, prg, post] =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	118	let val xs = vars_tr vars
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	119	in Syntax.const "Valid" $
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	120	assn_tr pre xs $ com_tr prg xs $ assn_tr post xs
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	121	end
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	122	\| hoare_vars_tr ts = raise TERM ("hoare_vars_tr", ts);
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	123	end
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	124	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	125
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	126	parse_translation {* [("@hoare_vars", hoare_vars_tr)] *}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	127
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	128
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	129	(*****************************************************************************)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	130
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	131	(* print translations *)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	132	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	133	fun dest_abstuple (Const ("split",_) $ (Abs(v,_, body))) =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	134	subst_bound (Syntax.free v, dest_abstuple body)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	135	\| dest_abstuple (Abs(v,_, body)) = subst_bound (Syntax.free v, body)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	136	\| dest_abstuple trm = trm;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	137
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	138	fun abs2list (Const ("split",_) $ (Abs(x,T,t))) = Free (x, T)::abs2list t
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	139	\| abs2list (Abs(x,T,t)) = [Free (x, T)]
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	140	\| abs2list _ = [];
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	141
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	142	fun mk_ts (Const ("split",_) $ (Abs(x,_,t))) = mk_ts t
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	143	\| mk_ts (Abs(x,_,t)) = mk_ts t
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	144	\| mk_ts (Const ("Pair",_) $ a $ b) = a::(mk_ts b)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	145	\| mk_ts t = [t];
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	146
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	147	fun mk_vts (Const ("split",_) $ (Abs(x,_,t))) =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	148	((Syntax.free x)::(abs2list t), mk_ts t)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	149	\| mk_vts (Abs(x,_,t)) = ([Syntax.free x], [t])
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	150	\| mk_vts t = raise Match;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	151
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	152	fun find_ch [] i xs = (false, (Syntax.free "not_ch",Syntax.free "not_ch" ))
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	153	\| find_ch ((v,t)::vts) i xs = if t=(Bound i) then find_ch vts (i-1) xs
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	154	else (true, (v, subst_bounds (xs,t)));
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	155
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	156	fun is_f (Const ("split",_) $ (Abs(x,_,t))) = true
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	157	\| is_f (Abs(x,_,t)) = true
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	158	\| is_f t = false;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	159	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	160
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	161	(* assn_tr' & bexp_tr'*)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	162	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	163	fun assn_tr' (Const ("Collect",_) $ T) = dest_abstuple T
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	164	\| assn_tr' (Const ("op Int",_) $ (Const ("Collect",_) $ T1) $
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	165	(Const ("Collect",_) $ T2)) =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	166	Syntax.const "op Int" $ dest_abstuple T1 $ dest_abstuple T2
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	167	\| assn_tr' t = t;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	168
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	169	fun bexp_tr' (Const ("Collect",_) $ T) = dest_abstuple T
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	170	\| bexp_tr' t = t;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	171	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	172
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	173	(com_tr' )
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	174	ML{*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	175	fun mk_assign f =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	176	let val (vs, ts) = mk_vts f;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	177	val (ch, which) = find_ch (vs~~ts) ((length vs)-1) (rev vs)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	178	in if ch then Syntax.const "@assign" $ fst(which) $ snd(which)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	179	else Syntax.const "@skip" end;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	180
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	181	fun com_tr' (Const ("Basic",_) $ f) = if is_f f then mk_assign f
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	182	else Syntax.const "Basic" $ f
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	183	\| com_tr' (Const ("Seq",_) $ c1 $ c2) = Syntax.const "Seq" $
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	184	com_tr' c1 $ com_tr' c2
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	185	\| com_tr' (Const ("Cond",_) $ b $ c1 $ c2) = Syntax.const "Cond" $
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	186	bexp_tr' b $ com_tr' c1 $ com_tr' c2
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	187	\| com_tr' (Const ("While",_) $ b $ I $ c) = Syntax.const "While" $
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	188	bexp_tr' b $ assn_tr' I $ com_tr' c
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	189	\| com_tr' t = t;
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	190
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	191
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	192	fun spec_tr' [p, c, q] =
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	193	Syntax.const "@hoare" $ assn_tr' p $ com_tr' c $ assn_tr' q
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	194	*}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	195
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	196	print_translation {* [("Valid", spec_tr')] *}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	197
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	198	(* The proof rules *)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	199
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	200	lemma SkipRule: "p \<subseteq> q \<Longrightarrow> Valid p (Basic id) q"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	201	by (auto simp:Valid_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	202
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	203	lemma BasicRule: "p \<subseteq> {s. f s \<in> q} \<Longrightarrow> Valid p (Basic f) q"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	204	by (auto simp:Valid_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	205
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	206	lemma SeqRule: "Valid P c1 Q \<Longrightarrow> Valid Q c2 R \<Longrightarrow> Valid P (c1;c2) R"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	207	by (auto simp:Valid_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	208
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	209	lemma CondRule:
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	210	"p \<subseteq> {s. (s \<in> b \<longrightarrow> s \<in> w) \<and> (s \<notin> b \<longrightarrow> s \<in> w')}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	211	\<Longrightarrow> Valid w c1 q \<Longrightarrow> Valid w' c2 q \<Longrightarrow> Valid p (Cond b c1 c2) q"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	212	by (fastsimp simp:Valid_def image_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	213
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	214	lemma iter_aux:
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	215	"! s s'. Sem c s s' \<longrightarrow> s \<in> Some ` (I \<inter> b) \<longrightarrow> s' \<in> Some ` I \<Longrightarrow>
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	216	(\<And>s s'. s \<in> Some ` I \<Longrightarrow> iter n b (Sem c) s s' \<Longrightarrow> s' \<in> Some ` (I \<inter> -b))";
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	217	apply(unfold image_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	218	apply(induct n)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	219	apply clarsimp
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	220	apply(simp (no_asm_use))
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	221	apply blast
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	222	done
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	223
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	224	lemma WhileRule:
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	225	"p \<subseteq> i \<Longrightarrow> Valid (i \<inter> b) c i \<Longrightarrow> i \<inter> (-b) \<subseteq> q \<Longrightarrow> Valid p (While b i c) q"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	226	apply(simp add:Valid_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	227	apply(simp (no_asm) add:image_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	228	apply clarify
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	229	apply(drule iter_aux)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	230	prefer 2 apply assumption
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	231	apply blast
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	232	apply blast
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	233	done
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	234
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	235	lemma AbortRule: "p \<subseteq> {s. False} \<Longrightarrow> Valid p Abort q"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	236	by(auto simp:Valid_def)
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	237
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	238	use "hoareAbort.ML"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	239
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	240	method_setup vcg = {*
21588 cd0dc678a205 simplified method setup; wenzelm parents: 20770 diff changeset	241	Method.no_args (Method.SIMPLE_METHOD' (hoare_tac (K all_tac))) *}
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	242	"verification condition generator"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	243
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	244	method_setup vcg_simp = {*
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	245	Method.ctxt_args (fn ctxt =>
21588 cd0dc678a205 simplified method setup; wenzelm parents: 20770 diff changeset	246	Method.SIMPLE_METHOD' (hoare_tac (asm_full_simp_tac (local_simpset_of ctxt)))) *}
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	247	"verification condition generator plus simplification"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	248
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	249	(* Special syntax for guarded statements and guarded array updates: *)
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	250
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	251	syntax
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	252	guarded_com :: "bool \<Rightarrow> 'a com \<Rightarrow> 'a com" ("(2_ \<rightarrow>/ _)" 71)
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	253	array_update :: "'a list \<Rightarrow> nat \<Rightarrow> 'a \<Rightarrow> 'a com" ("(2_[_] :=/ _)" [70,65] 61)
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	254	translations
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	255	"P \<rightarrow> c" == "IF P THEN c ELSE Abort FI"
20770 2c583720436e fixed translations: CONST; wenzelm parents: 17781 diff changeset	256	"a[i] := v" => "(i < CONST length a) \<rightarrow> (a := list_update a i v)"
13875 12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	257	(* reverse translation not possible because of duplicate "a" *)
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	258
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	259	text{* Note: there is no special syntax for guarded array access. Thus
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	260	you must write @{text"j < length a \<rightarrow> a[i] := a!j"}. *}
12997e3ddd8d * empty log message * nipkow parents: 13857 diff changeset	261
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	262	end

author	wenzelm
	Tue, 08 May 2007 17:40:18 +0200
changeset 22871	9ffb43b19ec6
parent 21588	cd0dc678a205
child 24470	41c81e23c08d
permissions	-rw-r--r--