isabelle: src/HOL/NanoJava/AxSem.thy@d25be0ad1a6c (annotated)

11376 bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	1	(* Title: HOL/NanoJava/AxSem.thy
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	2	ID: $Id$
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	3	Author: David von Oheimb
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	4	Copyright 2001 Technische Universitaet Muenchen
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	5	*)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	6
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	7	header "Axiomatic Semantics (Hoare Logic)"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	8
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	9	theory AxSem = State:
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	10
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	11	types assn = "state => bool"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	12	triple = "assn \<times> stmt \<times> assn"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	13	translations
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	14	"assn" \<leftharpoondown> (type)"state => bool"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	15	"triple" \<leftharpoondown> (type)"assn \<times> stmt \<times> assn"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	16
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	17	consts hoare :: "(triple set \<times> triple set) set"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	18	syntax (xsymbols)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	19	"@hoare" :: "[triple set, triple set ] => bool" ("_ \|\<turnstile>/ _" [61,61] 60)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	20	"@hoare1" :: "[triple set, assn,stmt,assn] => bool"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	21	("_ \<turnstile>/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3]60)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	22	syntax
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	23	"@hoare" :: "[triple set, triple set ] => bool" ("_ \|\|-/ _" [61,61] 60)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	24	"@hoare1" :: "[triple set, assn,stmt,assn] => bool"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	25	("_ \|-/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3] 60)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	26
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	27	translations "A \|\<turnstile> C" \<rightleftharpoons> "(A,C) \<in> hoare"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	28	"A \<turnstile> {P}c{Q}" \<rightleftharpoons> "A \|\<turnstile> {(P,c,Q)}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	29
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	30	inductive hoare
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	31	intros
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	32
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	33	Skip: "A \|- {P} Skip {P}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	34
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	35	Comp: "[\| A \|- {P} c1 {Q}; A \|- {Q} c2 {R} \|] ==> A \|- {P} c1;;c2 {R}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	36
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	37	Cond: "[\| A \|- {\<lambda>s. P s \<and> s<e> \<noteq> Null} c1 {Q};
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	38	A \|- {\<lambda>s. P s \<and> s<e> = Null} c2 {Q} \|] ==>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	39	A \|- {P} If(e) c1 Else c2 {Q}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	40
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	41	Loop: "A \|- {\<lambda>s. P s \<and> s<e> \<noteq> Null} c {P} ==>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	42	A \|- {P} While(e) c {\<lambda>s. P s \<and> s<e> = Null}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	43
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	44	NewC: "A \|- {\<lambda>s.\<forall>a. new_Addr s=Addr a--> P (lupd(x\|->Addr a)(new_obj a C s))}
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	45	x:=new C {P}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	46
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	47	Cast: "A \|- {\<lambda>s.(case s<y> of Null=> True \| Addr a=> obj_class s a <=C C) -->
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	48	P (lupd(x\|->s<y>) s)} x:=(C)y {P}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	49
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	50	FAcc: "A \|- {\<lambda>s.\<forall>a. s<y>=Addr a-->P(lupd(x\|->get_field s a f) s)} x:=y..f{P}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	51
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	52	FAss: "A \|- {\<lambda>s. \<forall>a. s<y>=Addr a --> P (upd_obj a f (s<x>) s)} y..f:=x {P}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	53
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	54	Call: "\<forall>l. A \|- {\<lambda>s'. \<exists>s. P s \<and> l = s \<and>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	55	s' = lupd(This\|->s<y>)(lupd(Param\|->s<p>)(init_locs C m s))}
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	56	Meth C m {\<lambda>s. Q (lupd(x\|->s<Res>)(set_locs l s))} ==>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	57	A \|- {P} x:={C}y..m(p) {Q}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	58
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	59	Meth: "\<forall>D. A \|- {\<lambda>s. \<exists>a. s<This> = Addr a \<and> D=obj_class s a \<and> D <=C C \<and> P s}
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	60	Impl D m {Q} ==>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	61	A \|- {P} Meth C m {Q}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	62
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	63	(*\<Union>z instead of \<forall>z in the conclusion and
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	64	z restricted to type state due to limitations of the inductive paackage *)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	65	Impl: "A\<union> (\<Union>z::state. (\<lambda>(C,m). (P z C m, Impl C m, Q z C m))`ms) \|\|-
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	66	(\<Union>z::state. (\<lambda>(C,m). (P z C m, body C m, Q z C m))`ms) ==>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	67	A \|\|- (\<Union>z::state. (\<lambda>(C,m). (P z C m, Impl C m, Q z C m))`ms)"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	68
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	69	(* structural rules *)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	70
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	71	(* z restricted to type state due to limitations of the inductive paackage *)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	72	Conseq:"[\| \<forall>z::state. A \|- {P' z} c {Q' z};
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	73	\<forall>s t. (\<forall>z::state. P' z s --> Q' z t) --> (P s --> Q t) \|] ==>
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	74	A \|- {P} c {Q }"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	75
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	76	Asm: " a \<in> A ==> A \|\|- {a}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	77
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	78	ConjI: " \<forall>c \<in> C. A \|\|- {c} ==> A \|\|- C"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	79
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	80	ConjE: "[\|A \|\|- C; c \<in> C \|] ==> A \|\|- {c}";
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	81
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	82
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	83	subsection "Derived Rules"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	84
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	85	lemma Conseq1: "\<lbrakk>A \<turnstile> {P'} c {Q}; \<forall>s. P s \<longrightarrow> P' s\<rbrakk> \<Longrightarrow> A \<turnstile> {P} c {Q}"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	86	apply (rule hoare.Conseq)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	87	apply (rule allI, assumption)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	88	apply fast
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	89	done
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	90
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	91	lemma Weaken: "\<lbrakk>A \|\<turnstile> C'; C \<subseteq> C'\<rbrakk> \<Longrightarrow> A \|\<turnstile> C"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	92	apply (rule hoare.ConjI)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	93	apply clarify
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	94	apply (drule hoare.ConjE)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	95	apply fast
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	96	apply assumption
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	97	done
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	98
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	99	lemma Union: "A \|\<turnstile> (\<Union>z. C z) = (\<forall>z. A \|\<turnstile> C z)"
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	100	by (auto intro: hoare.ConjI hoare.ConjE)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	101
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	102	lemma Impl':
11449 d25be0ad1a6c cosmetics oheimb parents: 11376 diff changeset	103	"\<forall>z. A\<union> (\<Union>z. (\<lambda>(C,m). (P z C m, Impl C m, Q (z::state) C m))`ms) \|\|-
11376 bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	104	(\<lambda>(C,m). (P z C m, body C m, Q (z::state) C m))`ms ==>
11449 d25be0ad1a6c cosmetics oheimb parents: 11376 diff changeset	105	A \|\|- (\<lambda>(C,m). (P z C m, Impl C m, Q (z::state) C m))`ms"
11376 bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	106	apply (drule Union[THEN iffD2])
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	107	apply (drule hoare.Impl)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	108	apply (drule Union[THEN iffD1])
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	109	apply (erule spec)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	110	done
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	111
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	112	lemma Impl1:
11449 d25be0ad1a6c cosmetics oheimb parents: 11376 diff changeset	113	"\<lbrakk>\<forall>z. A\<union> (\<Union>z. (\<lambda>(C,m). (P z C m, Impl C m, Q (z::state) C m))`ms) \|\|-
11376 bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	114	(\<lambda>(C,m). (P z C m, body C m, Q (z::state) C m))`ms;
11449 d25be0ad1a6c cosmetics oheimb parents: 11376 diff changeset	115	(C,m)\<in> ms\<rbrakk> \<Longrightarrow>
d25be0ad1a6c cosmetics oheimb parents: 11376 diff changeset	116	A \|- {P z C m} Impl C m {Q (z::state) C m}"
11376 bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	117	apply (drule Impl')
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	118	apply (erule Weaken)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	119	apply (auto del: image_eqI intro: rev_image_eqI)
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	120	done
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	121
bf98ad1c22c6 added NanoJava oheimb parents: diff changeset	122	end

author	oheimb
	Mon, 23 Jul 2001 19:06:11 +0200
changeset 11449	d25be0ad1a6c
parent 11376	bf98ad1c22c6
child 11476	06c1998340a8
permissions	-rw-r--r--