isabelle: src/HOL/IMPP/Hoare.thy@ae50c9b82444 (annotated)

8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	1	(* Title: HOL/IMPP/Hoare.thy
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	2	Author: David von Oheimb
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	3	Copyright 1999 TUM
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	4	*)
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	5
58889 5b7a9633cfa8 modernized header uniformly as section; wenzelm parents: 58310 diff changeset	6	section {* Inductive definition of Hoare logic for partial correctness *}
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	7
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	8	theory Hoare
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	9	imports Natural
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	10	begin
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	11
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	12	text {*
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	13	Completeness is taken relative to completeness of the underlying logic.
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	14
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	15	Two versions of completeness proof: nested single recursion
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	16	vs. simultaneous recursion in call rule
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	17	*}
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	18
42174 d0be2722ce9f modernized specifications; wenzelm parents: 41529 diff changeset	19	type_synonym 'a assn = "'a => state => bool"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	20	translations
35431 8758fe1fc9f8 cleanup type translations; wenzelm parents: 30607 diff changeset	21	(type) "'a assn" <= (type) "'a => state => bool"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	22
27364 a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	23	definition
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	24	state_not_singleton :: bool where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	25	"state_not_singleton = (\<exists>s t::state. s ~= t)" (* at least two elements *)
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	26
27364 a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	27	definition
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	28	peek_and :: "'a assn => (state => bool) => 'a assn" (infixr "&>" 35) where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	29	"peek_and P p = (%Z s. P Z s & p s)"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	30
58310 91ea607a34d8 updated news blanchet parents: 58254 diff changeset	31	datatype 'a triple =
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	32	triple "'a assn" com "'a assn" ("{(1_)}./ (_)/ .{(1_)}" [3,60,3] 58)
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	33
27364 a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	34	definition
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	35	triple_valid :: "nat => 'a triple => bool" ( "\|=_:_" [0 , 58] 57) where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	36	"\|=n:t = (case t of {P}.c.{Q} =>
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	37	!Z s. P Z s --> (!s'. <c,s> -n-> s' --> Q Z s'))"
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	38	abbreviation
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	39	triples_valid :: "nat => 'a triple set => bool" ("\|\|=_:_" [0 , 58] 57) where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	40	"\|\|=n:G == Ball G (triple_valid n)"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	41
27364 a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	42	definition
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	43	hoare_valids :: "'a triple set => 'a triple set => bool" ("_\|\|=_" [58, 58] 57) where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	44	"G\|\|=ts = (!n. \|\|=n:G --> \|\|=n:ts)"
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	45	abbreviation
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	46	hoare_valid :: "'a triple set => 'a triple => bool" ("_\|=_" [58, 58] 57) where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	47	"G \|=t == G\|\|={t}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	48
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	49	(* Most General Triples *)
27364 a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	50	definition
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	51	MGT :: "com => state triple" ("{=}._.{->}" [60] 58) where
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	52	"{=}.c.{->} = {%Z s0. Z = s0}. c .{%Z s1. <c,Z> -c-> s1}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	53
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	54	inductive
27364 a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	55	hoare_derivs :: "'a triple set => 'a triple set => bool" ("_\|\|-_" [58, 58] 57) and
a8672b0e2b15 modernized specifications; wenzelm parents: 27239 diff changeset	56	hoare_deriv :: "'a triple set => 'a triple => bool" ("_\|-_" [58, 58] 57)
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	57	where
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	58	"G \|-t == G\|\|-{t}"
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	59
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	60	\| empty: "G\|\|-{}"
a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	61	\| insert: "[\| G \|-t; G\|\|-ts \|]
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	62	==> G\|\|-insert t ts"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	63
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	64	\| asm: "ts <= G ==>
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	65	G\|\|-ts" (* {P}.BODY pn.{Q} instead of (general) t for SkipD_lemma *)
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	66
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	67	\| cut: "[\| G'\|\|-ts; G\|\|-G' \|] ==> G\|\|-ts" (* for convenience and efficiency *)
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	68
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	69	\| weaken: "[\| G\|\|-ts' ; ts <= ts' \|] ==> G\|\|-ts"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	70
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	71	\| conseq: "!Z s. P Z s --> (? P' Q'. G\|-{P'}.c.{Q'} &
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	72	(!s'. (!Z'. P' Z' s --> Q' Z' s') --> Q Z s'))
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	73	==> G\|-{P}.c.{Q}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	74
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	75
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	76	\| Skip: "G\|-{P}. SKIP .{P}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	77
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	78	\| Ass: "G\|-{%Z s. P Z (s[X::=a s])}. X:==a .{P}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	79
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	80	\| Local: "G\|-{P}. c .{%Z s. Q Z (s[Loc X::=s'<X>])}
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	81	==> G\|-{%Z s. s'=s & P Z (s[Loc X::=a s])}. LOCAL X:=a IN c .{Q}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	82
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	83	\| Comp: "[\| G\|-{P}.c.{Q};
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	84	G\|-{Q}.d.{R} \|]
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	85	==> G\|-{P}. (c;;d) .{R}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	86
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	87	\| If: "[\| G\|-{P &> b }.c.{Q};
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	88	G\|-{P &> (Not o b)}.d.{Q} \|]
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	89	==> G\|-{P}. IF b THEN c ELSE d .{Q}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	90
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	91	\| Loop: "G\|-{P &> b}.c.{P} ==>
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	92	G\|-{P}. WHILE b DO c .{P &> (Not o b)}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	93
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	94	(*
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	95	BodyN: "(insert ({P}. BODY pn .{Q}) G)
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	96	\|-{P}. the (body pn) .{Q} ==>
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	97	G\|-{P}. BODY pn .{Q}"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	98	*)
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	99	\| Body: "[\| G Un (%p. {P p}. BODY p .{Q p})`Procs
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	100	\|\|-(%p. {P p}. the (body p) .{Q p})`Procs \|]
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	101	==> G\|\|-(%p. {P p}. BODY p .{Q p})`Procs"
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	102
23746 a455e69c31cc Adapted to new inductive definition package. berghofe parents: 20217 diff changeset	103	\| Call: "G\|-{P}. BODY pn .{%Z s. Q Z (setlocs s (getlocs s')[X::=s<Res>])}
17477 ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	104	==> G\|-{%Z s. s'=s & P Z (setlocs s newlocs[Loc Arg::=a s])}.
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	105	X:=CALL pn(a) .{Q}"
ceb42ea2f223 converted to Isar theory format; wenzelm parents: 10834 diff changeset	106
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	107
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	108	section {* Soundness and relative completeness of Hoare rules wrt operational semantics *}
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	109
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	110	lemma single_stateE:
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	111	"state_not_singleton ==> !t. (!s::state. s = t) --> False"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	112	apply (unfold state_not_singleton_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	113	apply clarify
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	114	apply (case_tac "ta = t")
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	115	apply blast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	116	apply (blast dest: not_sym)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	117	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	118
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	119	declare peek_and_def [simp]
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	120
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	121
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	122	subsection "validity"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	123
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	124	lemma triple_valid_def2:
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	125	"\|=n:{P}.c.{Q} = (!Z s. P Z s --> (!s'. <c,s> -n-> s' --> Q Z s'))"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	126	apply (unfold triple_valid_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	127	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	128	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	129
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	130	lemma Body_triple_valid_0: "\|=0:{P}. BODY pn .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	131	apply (simp (no_asm) add: triple_valid_def2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	132	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	133	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	134
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	135	(* only ==> direction required *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	136	lemma Body_triple_valid_Suc: "\|=n:{P}. the (body pn) .{Q} = \|=Suc n:{P}. BODY pn .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	137	apply (simp (no_asm) add: triple_valid_def2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	138	apply force
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	139	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	140
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	141	lemma triple_valid_Suc [rule_format (no_asm)]: "\|=Suc n:t --> \|=n:t"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	142	apply (unfold triple_valid_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	143	apply (induct_tac t)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	144	apply simp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	145	apply (fast intro: evaln_Suc)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	146	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	147
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	148	lemma triples_valid_Suc: "\|\|=Suc n:ts ==> \|\|=n:ts"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	149	apply (fast intro: triple_valid_Suc)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	150	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	151
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	152
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	153	subsection "derived rules"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	154
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	155	lemma conseq12: "[\| G\|-{P'}.c.{Q'}; !Z s. P Z s -->
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	156	(!s'. (!Z'. P' Z' s --> Q' Z' s') --> Q Z s') \|]
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	157	==> G\|-{P}.c.{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	158	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	159	apply blast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	160	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	161
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	162	lemma conseq1: "[\| G\|-{P'}.c.{Q}; !Z s. P Z s --> P' Z s \|] ==> G\|-{P}.c.{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	163	apply (erule conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	164	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	165	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	166
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	167	lemma conseq2: "[\| G\|-{P}.c.{Q'}; !Z s. Q' Z s --> Q Z s \|] ==> G\|-{P}.c.{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	168	apply (erule conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	169	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	170	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	171
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	172	lemma Body1: "[\| G Un (%p. {P p}. BODY p .{Q p})`Procs
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	173	\|\|- (%p. {P p}. the (body p) .{Q p})`Procs;
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	174	pn:Procs \|] ==> G\|-{P pn}. BODY pn .{Q pn}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	175	apply (drule hoare_derivs.Body)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	176	apply (erule hoare_derivs.weaken)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	177	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	178	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	179
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	180	lemma BodyN: "(insert ({P}. BODY pn .{Q}) G) \|-{P}. the (body pn) .{Q} ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	181	G\|-{P}. BODY pn .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	182	apply (rule Body1)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	183	apply (rule_tac [2] singletonI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	184	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	185	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	186
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	187	lemma escape: "[\| !Z s. P Z s --> G\|-{%Z s'. s'=s}.c.{%Z'. Q Z} \|] ==> G\|-{P}.c.{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	188	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	189	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	190	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	191
52137 7f7337447b1b use generic data for code symbols for unified "code_printing" syntax for custom serialisations haftmann parents: 51717 diff changeset	192	lemma "constant": "[\| C ==> G\|-{P}.c.{Q} \|] ==> G\|-{%Z s. P Z s & C}.c.{Q}"
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	193	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	194	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	195	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	196
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	197	lemma LoopF: "G\|-{%Z s. P Z s & ~b s}.WHILE b DO c.{P}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	198	apply (rule hoare_derivs.Loop [THEN conseq2])
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	199	apply (simp_all (no_asm))
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	200	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	201	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	202	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	203
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	204	(*
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	205	Goal "[\| G'\|\|-ts; G' <= G \|] ==> G\|\|-ts"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	206	by (etac hoare_derivs.cut 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	207	by (etac hoare_derivs.asm 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	208	qed "thin";
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	209	*)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	210	lemma thin [rule_format]: "G'\|\|-ts ==> !G. G' <= G --> G\|\|-ts"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	211	apply (erule hoare_derivs.induct)
58963 26bf09b95dda proper context for assume_tac (atac remains as fall-back without context); wenzelm parents: 58889 diff changeset	212	apply (tactic {* ALLGOALS (EVERY'[clarify_tac @{context}, REPEAT o smp_tac @{context} 1]) *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	213	apply (rule hoare_derivs.empty)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	214	apply (erule (1) hoare_derivs.insert)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	215	apply (fast intro: hoare_derivs.asm)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	216	apply (fast intro: hoare_derivs.cut)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	217	apply (fast intro: hoare_derivs.weaken)
58963 26bf09b95dda proper context for assume_tac (atac remains as fall-back without context); wenzelm parents: 58889 diff changeset	218	apply (rule hoare_derivs.conseq, intro strip, tactic "smp_tac @{context} 2 1", clarify, tactic "smp_tac @{context} 1 1",rule exI, rule exI, erule (1) conjI)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	219	prefer 7
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	220	apply (rule_tac hoare_derivs.Body, drule_tac spec, erule_tac mp, fast)
59498 50b60f501b05 proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.; wenzelm parents: 58963 diff changeset	221	apply (tactic {* ALLGOALS (resolve_tac @{context} ((funpow 5 tl) @{thms hoare_derivs.intros}) THEN_ALL_NEW (fast_tac @{context})) *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	222	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	223
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	224	lemma weak_Body: "G\|-{P}. the (body pn) .{Q} ==> G\|-{P}. BODY pn .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	225	apply (rule BodyN)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	226	apply (erule thin)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	227	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	228	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	229
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	230	lemma derivs_insertD: "G\|\|-insert t ts ==> G\|-t & G\|\|-ts"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	231	apply (fast intro: hoare_derivs.weaken)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	232	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	233
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	234	lemma finite_pointwise [rule_format (no_asm)]: "[\| finite U;
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	235	!p. G \|- {P' p}.c0 p.{Q' p} --> G \|- {P p}.c0 p.{Q p} \|] ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	236	G\|\|-(%p. {P' p}.c0 p.{Q' p}) ` U --> G\|\|-(%p. {P p}.c0 p.{Q p}) ` U"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	237	apply (erule finite_induct)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	238	apply simp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	239	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	240	apply (drule derivs_insertD)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	241	apply (rule hoare_derivs.insert)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	242	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	243	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	244
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	245
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	246	subsection "soundness"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	247
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	248	lemma Loop_sound_lemma:
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	249	"G\|={P &> b}. c .{P} ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	250	G\|={P}. WHILE b DO c .{P &> (Not o b)}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	251	apply (unfold hoare_valids_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	252	apply (simp (no_asm_use) add: triple_valid_def2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	253	apply (rule allI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	254	apply (subgoal_tac "!d s s'. <d,s> -n-> s' --> d = WHILE b DO c --> \|\|=n:G --> (!Z. P Z s --> P Z s' & ~b s') ")
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	255	apply (erule thin_rl, fast)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	256	apply ((rule allI)+, rule impI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	257	apply (erule evaln.induct)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	258	apply (simp_all (no_asm))
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	259	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	260	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	261	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	262
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	263	lemma Body_sound_lemma:
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	264	"[\| G Un (%pn. {P pn}. BODY pn .{Q pn})`Procs
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	265	\|\|=(%pn. {P pn}. the (body pn) .{Q pn})`Procs \|] ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	266	G\|\|=(%pn. {P pn}. BODY pn .{Q pn})`Procs"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	267	apply (unfold hoare_valids_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	268	apply (rule allI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	269	apply (induct_tac n)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	270	apply (fast intro: Body_triple_valid_0)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	271	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	272	apply (drule triples_valid_Suc)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	273	apply (erule (1) notE impE)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	274	apply (simp add: ball_Un)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	275	apply (drule spec, erule impE, erule conjI, assumption)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	276	apply (fast intro!: Body_triple_valid_Suc [THEN iffD1])
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	277	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	278
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	279	lemma hoare_sound: "G\|\|-ts ==> G\|\|=ts"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	280	apply (erule hoare_derivs.induct)
59498 50b60f501b05 proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.; wenzelm parents: 58963 diff changeset	281	apply (tactic {* TRYALL (eresolve_tac @{context} [@{thm Loop_sound_lemma}, @{thm Body_sound_lemma}] THEN_ALL_NEW atac) *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	282	apply (unfold hoare_valids_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	283	apply blast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	284	apply blast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	285	apply (blast) (* asm *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	286	apply (blast) (* cut *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	287	apply (blast) (* weaken *)
27208 5fe899199f85 proper context for tactics derived from res_inst_tac; wenzelm parents: 23894 diff changeset	288	apply (tactic {* ALLGOALS (EVERY'
27239 f2f42f9fa09d pervasive RuleInsts; wenzelm parents: 27208 diff changeset	289	[REPEAT o thin_tac @{context} "hoare_derivs ?x ?y",
58963 26bf09b95dda proper context for assume_tac (atac remains as fall-back without context); wenzelm parents: 58889 diff changeset	290	simp_tac @{context}, clarify_tac @{context}, REPEAT o smp_tac @{context} 1]) *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	291	apply (simp_all (no_asm_use) add: triple_valid_def2)
58963 26bf09b95dda proper context for assume_tac (atac remains as fall-back without context); wenzelm parents: 58889 diff changeset	292	apply (intro strip, tactic "smp_tac @{context} 2 1", blast) (* conseq *)
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42174 diff changeset	293	apply (tactic {* ALLGOALS (clarsimp_tac @{context}) }) ( Skip, Ass, Local *)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	294	prefer 3 apply (force) (* Call *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	295	apply (erule_tac [2] evaln_elim_cases) (* If *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	296	apply blast+
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	297	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	298
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	299
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	300	section "completeness"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	301
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	302	(* Both versions *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	303
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	304	(unused)
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	305	lemma MGT_alternI: "G\|-MGT c ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	306	G\|-{%Z s0. !s1. <c,s0> -c-> s1 --> Z=s1}. c .{%Z s1. Z=s1}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	307	apply (unfold MGT_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	308	apply (erule conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	309	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	310	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	311
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	312	(* requires com_det *)
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	313	lemma MGT_alternD: "state_not_singleton ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	314	G\|-{%Z s0. !s1. <c,s0> -c-> s1 --> Z=s1}. c .{%Z s1. Z=s1} ==> G\|-MGT c"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	315	apply (unfold MGT_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	316	apply (erule conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	317	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	318	apply (case_tac "? t. <c,?s> -c-> t")
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	319	apply (fast elim: com_det)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	320	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	321	apply (drule single_stateE)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	322	apply blast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	323	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	324
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	325	lemma MGF_complete:
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	326	"{}\|-(MGT c::state triple) ==> {}\|={P}.c.{Q} ==> {}\|-{P}.c.{Q::state assn}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	327	apply (unfold MGT_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	328	apply (erule conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	329	apply (clarsimp simp add: hoare_valids_def eval_eq triple_valid_def2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	330	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	331
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	332	declare WTs_elim_cases [elim!]
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	333	declare not_None_eq [iff]
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	334	(* requires com_det, escape (i.e. hoare_derivs.conseq) *)
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	335	lemma MGF_lemma1 [rule_format (no_asm)]: "state_not_singleton ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	336	!pn:dom body. G\|-{=}.BODY pn.{->} ==> WT c --> G\|-{=}.c.{->}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	337	apply (induct_tac c)
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42174 diff changeset	338	apply (tactic {* ALLGOALS (clarsimp_tac @{context}) *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	339	prefer 7 apply (fast intro: domI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	340	apply (erule_tac [6] MGT_alternD)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	341	apply (unfold MGT_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	342	apply (drule_tac [7] bspec, erule_tac [7] domI)
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42174 diff changeset	343	apply (rule_tac [7] escape, tactic {* clarsimp_tac @{context} 7 *},
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	344	rename_tac [7] "fun" y Z,
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	345	rule_tac [7] P1 = "%Z' s. s= (setlocs Z newlocs) [Loc Arg ::= fun Z]" in hoare_derivs.Call [THEN conseq1], erule_tac [7] conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	346	apply (erule_tac [!] thin_rl)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	347	apply (rule hoare_derivs.Skip [THEN conseq2])
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	348	apply (rule_tac [2] hoare_derivs.Ass [THEN conseq1])
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42174 diff changeset	349	apply (rule_tac [3] escape, tactic {* clarsimp_tac @{context} 3 *},
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	350	rename_tac [3] loc "fun" y Z,
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	351	rule_tac [3] P1 = "%Z' s. s= (Z[Loc loc::=fun Z])" in hoare_derivs.Local [THEN conseq1],
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	352	erule_tac [3] conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	353	apply (erule_tac [5] hoare_derivs.Comp, erule_tac [5] conseq12)
39159 0dec18004e75 more antiquotations; wenzelm parents: 35431 diff changeset	354	apply (tactic {* (rtac @{thm hoare_derivs.If} THEN_ALL_NEW etac @{thm conseq12}) 6 *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	355	apply (rule_tac [8] hoare_derivs.Loop [THEN conseq2], erule_tac [8] conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	356	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	357	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	358
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	359	(* Version: nested single recursion *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	360
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	361	lemma nesting_lemma [rule_format]:
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	362	assumes "!!G ts. ts <= G ==> P G ts"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	363	and "!!G pn. P (insert (mgt_call pn) G) {mgt(the(body pn))} ==> P G {mgt_call pn}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	364	and "!!G c. [\| wt c; !pn:U. P G {mgt_call pn} \|] ==> P G {mgt c}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	365	and "!!pn. pn : U ==> wt (the (body pn))"
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	366	shows "finite U ==> uG = mgt_call`U ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	367	!G. G <= uG --> n <= card uG --> card G = card uG - n --> (!c. wt c --> P G {mgt c})"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	368	apply (induct_tac n)
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42174 diff changeset	369	apply (tactic {* ALLGOALS (clarsimp_tac @{context}) *})
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	370	apply (subgoal_tac "G = mgt_call ` U")
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	371	prefer 2
40786 0a54cfc9add3 gave more standard finite set rules simp and intro attribute nipkow parents: 39159 diff changeset	372	apply (simp add: card_seteq)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	373	apply simp
41529 ba60efa2fd08 eliminated global prems; wenzelm parents: 40786 diff changeset	374	apply (erule assms(3-)) (MGF_lemma1)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	375	apply (rule ballI)
41529 ba60efa2fd08 eliminated global prems; wenzelm parents: 40786 diff changeset	376	apply (rule assms) (hoare_derivs.asm)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	377	apply fast
41529 ba60efa2fd08 eliminated global prems; wenzelm parents: 40786 diff changeset	378	apply (erule assms(3-)) (MGF_lemma1)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	379	apply (rule ballI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	380	apply (case_tac "mgt_call pn : G")
41529 ba60efa2fd08 eliminated global prems; wenzelm parents: 40786 diff changeset	381	apply (rule assms) (hoare_derivs.asm)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	382	apply fast
41529 ba60efa2fd08 eliminated global prems; wenzelm parents: 40786 diff changeset	383	apply (rule assms(2-)) (MGT_BodyN)
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	384	apply (drule spec, erule impE, erule_tac [2] impE, drule_tac [3] spec, erule_tac [3] mp)
41529 ba60efa2fd08 eliminated global prems; wenzelm parents: 40786 diff changeset	385	apply (erule_tac [3] assms(4-))
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	386	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	387	apply (drule finite_subset)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	388	apply (erule finite_imageI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	389	apply (simp (no_asm_simp))
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	390	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	391
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	392	lemma MGT_BodyN: "insert ({=}.BODY pn.{->}) G\|-{=}. the (body pn) .{->} ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	393	G\|-{=}.BODY pn.{->}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	394	apply (unfold MGT_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	395	apply (rule BodyN)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	396	apply (erule conseq2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	397	apply force
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	398	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	399
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	400	(* requires BodyN, com_det *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	401	lemma MGF: "[\| state_not_singleton; WT_bodies; WT c \|] ==> {}\|-MGT c"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	402	apply (rule_tac P = "%G ts. G\|\|-ts" and U = "dom body" in nesting_lemma)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	403	apply (erule hoare_derivs.asm)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	404	apply (erule MGT_BodyN)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	405	apply (rule_tac [3] finite_dom_body)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	406	apply (erule MGF_lemma1)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	407	prefer 2 apply (assumption)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	408	apply blast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	409	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	410	apply (erule (1) WT_bodiesD)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	411	apply (rule_tac [3] le_refl)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	412	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	413	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	414
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	415
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	416	(* Version: simultaneous recursion in call rule *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	417
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	418	(* finiteness not really necessary here *)
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	419	lemma MGT_Body: "[\| G Un (%pn. {=}. BODY pn .{->})`Procs
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	420	\|\|-(%pn. {=}. the (body pn) .{->})`Procs;
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	421	finite Procs \|] ==> G \|\|-(%pn. {=}. BODY pn .{->})`Procs"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	422	apply (unfold MGT_def)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	423	apply (rule hoare_derivs.Body)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	424	apply (erule finite_pointwise)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	425	prefer 2 apply (assumption)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	426	apply clarify
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	427	apply (erule conseq2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	428	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	429	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	430
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	431	(* requires empty, insert, com_det *)
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	432	lemma MGF_lemma2_simult [rule_format (no_asm)]: "[\| state_not_singleton; WT_bodies;
c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	433	F<=(%pn. {=}.the (body pn).{->})`dom body \|] ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	434	(%pn. {=}. BODY pn .{->})`dom body\|\|-F"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	435	apply (frule finite_subset)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	436	apply (rule finite_dom_body [THEN finite_imageI])
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	437	apply (rotate_tac 2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	438	apply (tactic "make_imp_tac 1")
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	439	apply (erule finite_induct)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	440	apply (clarsimp intro!: hoare_derivs.empty)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	441	apply (clarsimp intro!: hoare_derivs.insert simp del: range_composition)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	442	apply (erule MGF_lemma1)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	443	prefer 2 apply (fast dest: WT_bodiesD)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	444	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	445	apply (rule hoare_derivs.asm)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	446	apply (fast intro: domI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	447	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	448
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	449	(* requires Body, empty, insert, com_det *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	450	lemma MGF': "[\| state_not_singleton; WT_bodies; WT c \|] ==> {}\|-MGT c"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	451	apply (rule MGF_lemma1)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	452	apply assumption
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	453	prefer 2 apply (assumption)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	454	apply clarsimp
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	455	apply (subgoal_tac "{}\|\|- (%pn. {=}. BODY pn .{->}) `dom body")
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	456	apply (erule hoare_derivs.weaken)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	457	apply (fast intro: domI)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	458	apply (rule finite_dom_body [THEN [2] MGT_Body])
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	459	apply (simp (no_asm))
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	460	apply (erule (1) MGF_lemma2_simult)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	461	apply (rule subset_refl)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	462	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	463
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	464	(* requires Body+empty+insert / BodyN, com_det *)
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 42793 diff changeset	465	lemmas hoare_complete = MGF' [THEN MGF_complete]
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	466
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	467
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	468	subsection "unused derived rules"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	469
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	470	lemma falseE: "G\|-{%Z s. False}.c.{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	471	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	472	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	473	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	474
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	475	lemma trueI: "G\|-{P}.c.{%Z s. True}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	476	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	477	apply (fast intro!: falseE)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	478	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	479
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	480	lemma disj: "[\| G\|-{P}.c.{Q}; G\|-{P'}.c.{Q'} \|]
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	481	==> G\|-{%Z s. P Z s \| P' Z s}.c.{%Z s. Q Z s \| Q' Z s}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	482	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	483	apply (fast elim: conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	484	done (* analogue conj non-derivable *)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	485
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	486	lemma hoare_SkipI: "(!Z s. P Z s --> Q Z s) ==> G\|-{P}. SKIP .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	487	apply (rule conseq12)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	488	apply (rule hoare_derivs.Skip)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	489	apply fast
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	490	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	491
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	492
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	493	subsection "useful derived rules"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	494
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	495	lemma single_asm: "{t}\|-t"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	496	apply (rule hoare_derivs.asm)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	497	apply (rule subset_refl)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	498	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	499
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	500	lemma export_s: "[\| !!s'. G\|-{%Z s. s'=s & P Z s}.c.{Q} \|] ==> G\|-{P}.c.{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	501	apply (rule hoare_derivs.conseq)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	502	apply auto
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	503	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	504
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	505
58254 c1c65a805d0f rename_tac'd scripts blanchet parents: 58249 diff changeset	506	lemma weak_Local: "[\| G\|-{P}. c .{Q}; !k Z s. Q Z s --> Q Z (s[Loc Y::=k]) \|] ==>
19803 aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	507	G\|-{%Z s. P Z (s[Loc Y::=a s])}. LOCAL Y:=a IN c .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	508	apply (rule export_s)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	509	apply (rule hoare_derivs.Local)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	510	apply (erule conseq2)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	511	apply (erule spec)
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	512	done
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	513
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	514	(*
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	515	Goal "!Q. G \|-{%Z s. ~(? s'. <c,s> -c-> s')}. c .{Q}"
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	516	by (induct_tac "c" 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	517	by Auto_tac;
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	518	by (rtac conseq1 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	519	by (rtac hoare_derivs.Skip 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	520	force 1;
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	521	by (rtac conseq1 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	522	by (rtac hoare_derivs.Ass 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	523	force 1;
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	524	by (defer_tac 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	525	###
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	526	by (rtac hoare_derivs.Comp 1);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	527	by (dtac spec 2);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	528	by (dtac spec 2);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	529	by (assume_tac 2);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	530	by (etac conseq1 2);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	531	by (Clarsimp_tac 2);
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	532	force 1;
aa2581752afb removed obsolete ML files; wenzelm parents: 17477 diff changeset	533	*)
8177 e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	534
e59e93ad85eb added IMPP to HOL oheimb parents: diff changeset	535	end

author	blanchet
	Tue, 17 Feb 2015 17:22:45 +0100
changeset 59552	ae50c9b82444
parent 59498	50b60f501b05
child 59763	56d2c357e6b5
permissions	-rw-r--r--