author | kleing |
Thu, 28 Jul 2011 16:56:14 +0200 | |
changeset 44004 | a9fcbafdf208 |
parent 44000 | ab4d8499815c |
child 44010 | 823549d46960 |
permissions | -rw-r--r-- |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
1 |
theory Comp_Rev |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
2 |
imports Compiler |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
3 |
begin |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
4 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
5 |
section {* Compiler Correctness, 2nd direction *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
6 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
7 |
subsection {* Definitions *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
8 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
9 |
text {* Execution in @{term n} steps for simpler induction *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
10 |
primrec |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
11 |
exec_n :: "instr list \<Rightarrow> config \<Rightarrow> nat \<Rightarrow> config \<Rightarrow> bool" |
44000
ab4d8499815c
resolved code_pred FIXME in IMP; clearer notation for exec_n
kleing
parents:
43438
diff
changeset
|
12 |
("_/ \<turnstile> (_ \<rightarrow>^_/ _)" [65,0,1000,55] 55) |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
13 |
where |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
14 |
"P \<turnstile> c \<rightarrow>^0 c' = (c'=c)" | |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
15 |
"P \<turnstile> c \<rightarrow>^(Suc n) c'' = (\<exists>c'. (P \<turnstile> c \<rightarrow> c') \<and> P \<turnstile> c' \<rightarrow>^n c'')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
16 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
17 |
text {* The possible successor pc's of an instruction at position @{term n} *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
18 |
definition |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
19 |
"isuccs i n \<equiv> case i of |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
20 |
JMP j \<Rightarrow> {n + 1 + j} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
21 |
| JMPFLESS j \<Rightarrow> {n + 1 + j, n + 1} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
22 |
| JMPFGE j \<Rightarrow> {n + 1 + j, n + 1} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
23 |
| _ \<Rightarrow> {n +1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
24 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
25 |
text {* The possible successors pc's of an instruction list *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
26 |
definition |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
27 |
"succs P n = {s. \<exists>i. 0 \<le> i \<and> i < isize P \<and> s \<in> isuccs (P!!i) (n+i)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
28 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
29 |
text {* Possible exit pc's of a program *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
30 |
definition |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
31 |
"exits P = succs P 0 - {0..< isize P}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
32 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
33 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
34 |
subsection {* Basic properties of @{term exec_n} *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
35 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
36 |
lemma exec_n_exec: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
37 |
"P \<turnstile> c \<rightarrow>^n c' \<Longrightarrow> P \<turnstile> c \<rightarrow>* c'" |
44004 | 38 |
by (induct n arbitrary: c) auto |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
39 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
40 |
lemma exec_0 [intro!]: "P \<turnstile> c \<rightarrow>^0 c" by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
41 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
42 |
lemma exec_Suc [trans]: |
44000
ab4d8499815c
resolved code_pred FIXME in IMP; clearer notation for exec_n
kleing
parents:
43438
diff
changeset
|
43 |
"\<lbrakk> P \<turnstile> c \<rightarrow> c'; P \<turnstile> c' \<rightarrow>^n c'' \<rbrakk> \<Longrightarrow> P \<turnstile> c \<rightarrow>^(Suc n) c''" |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
44 |
by (fastsimp simp del: split_paired_Ex) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
45 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
46 |
lemma exec_exec_n: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
47 |
"P \<turnstile> c \<rightarrow>* c' \<Longrightarrow> \<exists>n. P \<turnstile> c \<rightarrow>^n c'" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
48 |
by (induct rule: exec.induct) (auto intro: exec_Suc) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
49 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
50 |
lemma exec_eq_exec_n: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
51 |
"(P \<turnstile> c \<rightarrow>* c') = (\<exists>n. P \<turnstile> c \<rightarrow>^n c')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
52 |
by (blast intro: exec_exec_n exec_n_exec) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
53 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
54 |
lemma exec_n_Nil [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
55 |
"[] \<turnstile> c \<rightarrow>^k c' = (c' = c \<and> k = 0)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
56 |
by (induct k) auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
57 |
|
44004 | 58 |
lemma exec1_exec_n [intro!]: |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
59 |
"P \<turnstile> c \<rightarrow> c' \<Longrightarrow> P \<turnstile> c \<rightarrow>^1 c'" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
60 |
by (cases c') simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
61 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
62 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
63 |
subsection {* Concrete symbolic execution steps *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
64 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
65 |
lemma exec_n_step: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
66 |
"n \<noteq> n' \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
67 |
P \<turnstile> (n,stk,s) \<rightarrow>^k (n',stk',s') = |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
68 |
(\<exists>c. P \<turnstile> (n,stk,s) \<rightarrow> c \<and> P \<turnstile> c \<rightarrow>^(k - 1) (n',stk',s') \<and> 0 < k)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
69 |
by (cases k) auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
70 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
71 |
lemma exec1_end: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
72 |
"isize P <= fst c \<Longrightarrow> \<not> P \<turnstile> c \<rightarrow> c'" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
73 |
by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
74 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
75 |
lemma exec_n_end: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
76 |
"isize P <= n \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
77 |
P \<turnstile> (n,s,stk) \<rightarrow>^k (n',s',stk') = (n' = n \<and> stk'=stk \<and> s'=s \<and> k =0)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
78 |
by (cases k) (auto simp: exec1_end) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
79 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
80 |
lemmas exec_n_simps = exec_n_step exec_n_end |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
81 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
82 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
83 |
subsection {* Basic properties of @{term succs} *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
84 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
85 |
lemma succs_simps [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
86 |
"succs [ADD] n = {n + 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
87 |
"succs [LOADI v] n = {n + 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
88 |
"succs [LOAD x] n = {n + 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
89 |
"succs [STORE x] n = {n + 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
90 |
"succs [JMP i] n = {n + 1 + i}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
91 |
"succs [JMPFGE i] n = {n + 1 + i, n + 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
92 |
"succs [JMPFLESS i] n = {n + 1 + i, n + 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
93 |
by (auto simp: succs_def isuccs_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
94 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
95 |
lemma succs_empty [iff]: "succs [] n = {}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
96 |
by (simp add: succs_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
97 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
98 |
lemma succs_Cons: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
99 |
"succs (x#xs) n = isuccs x n \<union> succs xs (1+n)" (is "_ = ?x \<union> ?xs") |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
100 |
proof |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
101 |
let ?isuccs = "\<lambda>p P n i. 0 \<le> i \<and> i < isize P \<and> p \<in> isuccs (P!!i) (n+i)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
102 |
{ fix p assume "p \<in> succs (x#xs) n" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
103 |
then obtain i where isuccs: "?isuccs p (x#xs) n i" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
104 |
unfolding succs_def by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
105 |
have "p \<in> ?x \<union> ?xs" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
106 |
proof cases |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
107 |
assume "i = 0" with isuccs show ?thesis by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
108 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
109 |
assume "i \<noteq> 0" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
110 |
with isuccs |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
111 |
have "?isuccs p xs (1+n) (i - 1)" by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
112 |
hence "p \<in> ?xs" unfolding succs_def by blast |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
113 |
thus ?thesis .. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
114 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
115 |
} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
116 |
thus "succs (x#xs) n \<subseteq> ?x \<union> ?xs" .. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
117 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
118 |
{ fix p assume "p \<in> ?x \<or> p \<in> ?xs" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
119 |
hence "p \<in> succs (x#xs) n" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
120 |
proof |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
121 |
assume "p \<in> ?x" thus ?thesis by (fastsimp simp: succs_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
122 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
123 |
assume "p \<in> ?xs" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
124 |
then obtain i where "?isuccs p xs (1+n) i" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
125 |
unfolding succs_def by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
126 |
hence "?isuccs p (x#xs) n (1+i)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
127 |
by (simp add: algebra_simps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
128 |
thus ?thesis unfolding succs_def by blast |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
129 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
130 |
} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
131 |
thus "?x \<union> ?xs \<subseteq> succs (x#xs) n" by blast |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
132 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
133 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
134 |
lemma succs_iexec1: |
44004 | 135 |
assumes "P!!i \<turnstile>i (i,s,stk) \<rightarrow> c'" "0 \<le> i" "i < isize P" |
136 |
shows "fst c' \<in> succs P 0" |
|
137 |
using assms by (auto elim!: iexec1.cases simp: succs_def isuccs_def) |
|
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
138 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
139 |
lemma succs_shift: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
140 |
"(p - n \<in> succs P 0) = (p \<in> succs P n)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
141 |
by (fastsimp simp: succs_def isuccs_def split: instr.split) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
142 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
143 |
lemma inj_op_plus [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
144 |
"inj (op + (i::int))" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
145 |
by (metis add_minus_cancel inj_on_inverseI) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
146 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
147 |
lemma succs_set_shift [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
148 |
"op + i ` succs xs 0 = succs xs i" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
149 |
by (force simp: succs_shift [where n=i, symmetric] intro: set_eqI) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
150 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
151 |
lemma succs_append [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
152 |
"succs (xs @ ys) n = succs xs n \<union> succs ys (n + isize xs)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
153 |
by (induct xs arbitrary: n) (auto simp: succs_Cons algebra_simps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
154 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
155 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
156 |
lemma exits_append [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
157 |
"exits (xs @ ys) = exits xs \<union> (op + (isize xs)) ` exits ys - |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
158 |
{0..<isize xs + isize ys}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
159 |
by (auto simp: exits_def image_set_diff) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
160 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
161 |
lemma exits_single: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
162 |
"exits [x] = isuccs x 0 - {0}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
163 |
by (auto simp: exits_def succs_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
164 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
165 |
lemma exits_Cons: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
166 |
"exits (x # xs) = (isuccs x 0 - {0}) \<union> (op + 1) ` exits xs - |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
167 |
{0..<1 + isize xs}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
168 |
using exits_append [of "[x]" xs] |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
169 |
by (simp add: exits_single) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
170 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
171 |
lemma exits_empty [iff]: "exits [] = {}" by (simp add: exits_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
172 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
173 |
lemma exits_simps [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
174 |
"exits [ADD] = {1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
175 |
"exits [LOADI v] = {1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
176 |
"exits [LOAD x] = {1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
177 |
"exits [STORE x] = {1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
178 |
"i \<noteq> -1 \<Longrightarrow> exits [JMP i] = {1 + i}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
179 |
"i \<noteq> -1 \<Longrightarrow> exits [JMPFGE i] = {1 + i, 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
180 |
"i \<noteq> -1 \<Longrightarrow> exits [JMPFLESS i] = {1 + i, 1}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
181 |
by (auto simp: exits_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
182 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
183 |
lemma acomp_succs [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
184 |
"succs (acomp a) n = {n + 1 .. n + isize (acomp a)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
185 |
by (induct a arbitrary: n) auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
186 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
187 |
lemma acomp_size: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
188 |
"1 \<le> isize (acomp a)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
189 |
by (induct a) auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
190 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
191 |
lemma exits_acomp [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
192 |
"exits (acomp a) = {isize (acomp a)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
193 |
by (auto simp: exits_def acomp_size) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
194 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
195 |
lemma bcomp_succs: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
196 |
"0 \<le> i \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
197 |
succs (bcomp b c i) n \<subseteq> {n .. n + isize (bcomp b c i)} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
198 |
\<union> {n + i + isize (bcomp b c i)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
199 |
proof (induct b arbitrary: c i n) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
200 |
case (And b1 b2) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
201 |
from And.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
202 |
show ?case |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
203 |
by (cases c) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
204 |
(auto dest: And.hyps(1) [THEN subsetD, rotated] |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
205 |
And.hyps(2) [THEN subsetD, rotated]) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
206 |
qed auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
207 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
208 |
lemmas bcomp_succsD [dest!] = bcomp_succs [THEN subsetD, rotated] |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
209 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
210 |
lemma bcomp_exits: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
211 |
"0 \<le> i \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
212 |
exits (bcomp b c i) \<subseteq> {isize (bcomp b c i), i + isize (bcomp b c i)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
213 |
by (auto simp: exits_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
214 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
215 |
lemma bcomp_exitsD [dest!]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
216 |
"p \<in> exits (bcomp b c i) \<Longrightarrow> 0 \<le> i \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
217 |
p = isize (bcomp b c i) \<or> p = i + isize (bcomp b c i)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
218 |
using bcomp_exits by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
219 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
220 |
lemma ccomp_succs: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
221 |
"succs (ccomp c) n \<subseteq> {n..n + isize (ccomp c)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
222 |
proof (induct c arbitrary: n) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
223 |
case SKIP thus ?case by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
224 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
225 |
case Assign thus ?case by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
226 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
227 |
case (Semi c1 c2) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
228 |
from Semi.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
229 |
show ?case |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
230 |
by (fastsimp dest: Semi.hyps [THEN subsetD]) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
231 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
232 |
case (If b c1 c2) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
233 |
from If.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
234 |
show ?case |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
235 |
by (auto dest!: If.hyps [THEN subsetD] simp: isuccs_def succs_Cons) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
236 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
237 |
case (While b c) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
238 |
from While.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
239 |
show ?case by (auto dest!: While.hyps [THEN subsetD]) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
240 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
241 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
242 |
lemma ccomp_exits: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
243 |
"exits (ccomp c) \<subseteq> {isize (ccomp c)}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
244 |
using ccomp_succs [of c 0] by (auto simp: exits_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
245 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
246 |
lemma ccomp_exitsD [dest!]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
247 |
"p \<in> exits (ccomp c) \<Longrightarrow> p = isize (ccomp c)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
248 |
using ccomp_exits by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
249 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
250 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
251 |
subsection {* Splitting up machine executions *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
252 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
253 |
lemma exec1_split: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
254 |
"P @ c @ P' \<turnstile> (isize P + i, s) \<rightarrow> (j,s') \<Longrightarrow> 0 \<le> i \<Longrightarrow> i < isize c \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
255 |
c \<turnstile> (i,s) \<rightarrow> (j - isize P, s')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
256 |
by (auto elim!: iexec1.cases) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
257 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
258 |
lemma exec_n_split: |
44004 | 259 |
assumes "P @ c @ P' \<turnstile> (isize P + i, s) \<rightarrow>^n (j, s')" |
260 |
"0 \<le> i" "i < isize c" |
|
261 |
"j \<notin> {isize P ..< isize P + isize c}" |
|
262 |
shows "\<exists>s'' i' k m. |
|
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
263 |
c \<turnstile> (i, s) \<rightarrow>^k (i', s'') \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
264 |
i' \<in> exits c \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
265 |
P @ c @ P' \<turnstile> (isize P + i', s'') \<rightarrow>^m (j, s') \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
266 |
n = k + m" |
44004 | 267 |
using assms proof (induct n arbitrary: i j s) |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
268 |
case 0 |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
269 |
thus ?case by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
270 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
271 |
case (Suc n) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
272 |
have i: "0 \<le> i" "i < isize c" by fact+ |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
273 |
from Suc.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
274 |
have j: "\<not> (isize P \<le> j \<and> j < isize P + isize c)" by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
275 |
from Suc.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
276 |
obtain i0 s0 where |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
277 |
step: "P @ c @ P' \<turnstile> (isize P + i, s) \<rightarrow> (i0,s0)" and |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
278 |
rest: "P @ c @ P' \<turnstile> (i0,s0) \<rightarrow>^n (j, s')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
279 |
by clarsimp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
280 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
281 |
from step i |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
282 |
have c: "c \<turnstile> (i,s) \<rightarrow> (i0 - isize P, s0)" by (rule exec1_split) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
283 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
284 |
have "i0 = isize P + (i0 - isize P) " by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
285 |
then obtain j0 where j0: "i0 = isize P + j0" .. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
286 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
287 |
note split_paired_Ex [simp del] |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
288 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
289 |
{ assume "j0 \<in> {0 ..< isize c}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
290 |
with j0 j rest c |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
291 |
have ?case |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
292 |
by (fastsimp dest!: Suc.hyps intro!: exec_Suc) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
293 |
} moreover { |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
294 |
assume "j0 \<notin> {0 ..< isize c}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
295 |
moreover |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
296 |
from c j0 have "j0 \<in> succs c 0" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
297 |
by (auto dest: succs_iexec1) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
298 |
ultimately |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
299 |
have "j0 \<in> exits c" by (simp add: exits_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
300 |
with c j0 rest |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
301 |
have ?case by fastsimp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
302 |
} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
303 |
ultimately |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
304 |
show ?case by cases |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
305 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
306 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
307 |
lemma exec_n_drop_right: |
44004 | 308 |
assumes "c @ P' \<turnstile> (0, s) \<rightarrow>^n (j, s')" "j \<notin> {0..<isize c}" |
309 |
shows "\<exists>s'' i' k m. |
|
310 |
(if c = [] then s'' = s \<and> i' = 0 \<and> k = 0 |
|
311 |
else c \<turnstile> (0, s) \<rightarrow>^k (i', s'') \<and> |
|
312 |
i' \<in> exits c) \<and> |
|
313 |
c @ P' \<turnstile> (i', s'') \<rightarrow>^m (j, s') \<and> |
|
314 |
n = k + m" |
|
315 |
using assms |
|
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
316 |
by (cases "c = []") |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
317 |
(auto dest: exec_n_split [where P="[]", simplified]) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
318 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
319 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
320 |
text {* |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
321 |
Dropping the left context of a potentially incomplete execution of @{term c}. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
322 |
*} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
323 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
324 |
lemma exec1_drop_left: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
325 |
assumes "P1 @ P2 \<turnstile> (i, s, stk) \<rightarrow> (n, s', stk')" and "isize P1 \<le> i" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
326 |
shows "P2 \<turnstile> (i - isize P1, s, stk) \<rightarrow> (n - isize P1, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
327 |
proof - |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
328 |
have "i = isize P1 + (i - isize P1)" by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
329 |
then obtain i' where "i = isize P1 + i'" .. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
330 |
moreover |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
331 |
have "n = isize P1 + (n - isize P1)" by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
332 |
then obtain n' where "n = isize P1 + n'" .. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
333 |
ultimately |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
334 |
show ?thesis using assms by clarsimp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
335 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
336 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
337 |
lemma exec_n_drop_left: |
44004 | 338 |
assumes "P @ P' \<turnstile> (i, s, stk) \<rightarrow>^k (n, s', stk')" |
339 |
"isize P \<le> i" "exits P' \<subseteq> {0..}" |
|
340 |
shows "P' \<turnstile> (i - isize P, s, stk) \<rightarrow>^k (n - isize P, s', stk')" |
|
341 |
using assms proof (induct k arbitrary: i s stk) |
|
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
342 |
case 0 thus ?case by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
343 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
344 |
case (Suc k) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
345 |
from Suc.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
346 |
obtain i' s'' stk'' where |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
347 |
step: "P @ P' \<turnstile> (i, s, stk) \<rightarrow> (i', s'', stk'')" and |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
348 |
rest: "P @ P' \<turnstile> (i', s'', stk'') \<rightarrow>^k (n, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
349 |
by auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
350 |
from step `isize P \<le> i` |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
351 |
have "P' \<turnstile> (i - isize P, s, stk) \<rightarrow> (i' - isize P, s'', stk'')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
352 |
by (rule exec1_drop_left) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
353 |
also |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
354 |
then have "i' - isize P \<in> succs P' 0" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
355 |
by (fastsimp dest!: succs_iexec1) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
356 |
with `exits P' \<subseteq> {0..}` |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
357 |
have "isize P \<le> i'" by (auto simp: exits_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
358 |
from rest this `exits P' \<subseteq> {0..}` |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
359 |
have "P' \<turnstile> (i' - isize P, s'', stk'') \<rightarrow>^k (n - isize P, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
360 |
by (rule Suc.hyps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
361 |
finally |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
362 |
show ?case . |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
363 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
364 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
365 |
lemmas exec_n_drop_Cons = |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
366 |
exec_n_drop_left [where P="[instr]", simplified, standard] |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
367 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
368 |
definition |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
369 |
"closed P \<longleftrightarrow> exits P \<subseteq> {isize P}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
370 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
371 |
lemma ccomp_closed [simp, intro!]: "closed (ccomp c)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
372 |
using ccomp_exits by (auto simp: closed_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
373 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
374 |
lemma acomp_closed [simp, intro!]: "closed (acomp c)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
375 |
by (simp add: closed_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
376 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
377 |
lemma exec_n_split_full: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
378 |
assumes exec: "P @ P' \<turnstile> (0,s,stk) \<rightarrow>^k (j, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
379 |
assumes P: "isize P \<le> j" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
380 |
assumes closed: "closed P" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
381 |
assumes exits: "exits P' \<subseteq> {0..}" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
382 |
shows "\<exists>k1 k2 s'' stk''. P \<turnstile> (0,s,stk) \<rightarrow>^k1 (isize P, s'', stk'') \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
383 |
P' \<turnstile> (0,s'',stk'') \<rightarrow>^k2 (j - isize P, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
384 |
proof (cases "P") |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
385 |
case Nil with exec |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
386 |
show ?thesis by fastsimp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
387 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
388 |
case Cons |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
389 |
hence "0 < isize P" by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
390 |
with exec P closed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
391 |
obtain k1 k2 s'' stk'' where |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
392 |
1: "P \<turnstile> (0,s,stk) \<rightarrow>^k1 (isize P, s'', stk'')" and |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
393 |
2: "P @ P' \<turnstile> (isize P,s'',stk'') \<rightarrow>^k2 (j, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
394 |
by (auto dest!: exec_n_split [where P="[]" and i=0, simplified] |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
395 |
simp: closed_def) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
396 |
moreover |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
397 |
have "j = isize P + (j - isize P)" by simp |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
398 |
then obtain j0 where "j = isize P + j0" .. |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
399 |
ultimately |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
400 |
show ?thesis using exits |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
401 |
by (fastsimp dest: exec_n_drop_left) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
402 |
qed |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
403 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
404 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
405 |
subsection {* Correctness theorem *} |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
406 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
407 |
lemma acomp_neq_Nil [simp]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
408 |
"acomp a \<noteq> []" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
409 |
by (induct a) auto |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
410 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
411 |
lemma acomp_exec_n [dest!]: |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
412 |
"acomp a \<turnstile> (0,s,stk) \<rightarrow>^n (isize (acomp a),s',stk') \<Longrightarrow> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
413 |
s' = s \<and> stk' = aval a s#stk" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
414 |
proof (induct a arbitrary: n s' stk stk') |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
415 |
case (Plus a1 a2) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
416 |
let ?sz = "isize (acomp a1) + (isize (acomp a2) + 1)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
417 |
from Plus.prems |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
418 |
have "acomp a1 @ acomp a2 @ [ADD] \<turnstile> (0,s,stk) \<rightarrow>^n (?sz, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
419 |
by (simp add: algebra_simps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
420 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
421 |
then obtain n1 s1 stk1 n2 s2 stk2 n3 where |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
422 |
"acomp a1 \<turnstile> (0,s,stk) \<rightarrow>^n1 (isize (acomp a1), s1, stk1)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
423 |
"acomp a2 \<turnstile> (0,s1,stk1) \<rightarrow>^n2 (isize (acomp a2), s2, stk2)" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
424 |
"[ADD] \<turnstile> (0,s2,stk2) \<rightarrow>^n3 (1, s', stk')" |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
425 |
by (auto dest!: exec_n_split_full) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
426 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
427 |
thus ?case by (fastsimp dest: Plus.hyps simp: exec_n_simps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
428 |
qed (auto simp: exec_n_simps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
429 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
430 |
lemma bcomp_split: |
44004 | 431 |
assumes "bcomp b c i @ P' \<turnstile> (0, s, stk) \<rightarrow>^n (j, s', stk')" |
432 |
"j \<notin> {0..<isize (bcomp b c i)}" "0 \<le> i" |
|
433 |
shows "\<exists>s'' stk'' i' k m. |
|
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
434 |
bcomp b c i \<turnstile> (0, s, stk) \<rightarrow>^k (i', s'', stk'') \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
435 |
(i' = isize (bcomp b c i) \<or> i' = i + isize (bcomp b c i)) \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
436 |
bcomp b c i @ P' \<turnstile> (i', s'', stk'') \<rightarrow>^m (j, s', stk') \<and> |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
437 |
n = k + m" |
44004 | 438 |
using assms by (cases "bcomp b c i = []") (fastsimp dest!: exec_n_drop_right)+ |
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
439 |
|
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
440 |
lemma bcomp_exec_n [dest]: |
44004 | 441 |
assumes "bcomp b c j \<turnstile> (0, s, stk) \<rightarrow>^n (i, s', stk')" |
442 |
"isize (bcomp b c j) \<le> i" "0 \<le> j" |
|
443 |
shows "i = isize(bcomp b c j) + (if c = bval b s then j else 0) \<and> |
|
444 |
s' = s \<and> stk' = stk" |
|
445 |
using assms proof (induct b arbitrary: c j i n s' stk') |
|
43438
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
446 |
case B thus ?case |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
447 |
by (simp split: split_if_asm add: exec_n_simps) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
448 |
next |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
449 |
case (Not b) |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
450 |
from Not.prems show ?case |
a666b8d11252
IMP compiler with int, added reverse soundness direction
kleing
parents:
diff
changeset
|
451 |
by (fastsimp dest!: Not.hyps) |