isabelle: src/HOL/IMP/Transition.thy@da548623916a (annotated)

12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	1	(* Title: HOL/IMP/Transition.thy
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	2	ID: $Id$
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	3	Author: Tobias Nipkow & Robert Sandner, TUM
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	4	Isar Version: Gerwin Klein, 2001
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	5	Copyright 1996 TUM
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	6	*)
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	7
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	8	header "Transition Semantics of Commands"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	9
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 14565 diff changeset	10	theory Transition imports Natural begin
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	11
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	12	subsection "The transition relation"
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	13
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	14	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	15	We formalize the transition semantics as in \cite{Nielson}. This
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	16	makes some of the rules a bit more intuitive, but also requires
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	17	some more (internal) formal overhead.
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	18
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	19	Since configurations that have terminated are written without
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	20	a statement, the transition relation is not
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	21	@{typ "((com \<times> state) \<times> (com \<times> state)) set"}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	22	but instead:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	23	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	24	consts evalc1 :: "((com option \<times> state) \<times> (com option \<times> state)) set"
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	25
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	26	text {*
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	27	Some syntactic sugar that we will use to hide the
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	28	@{text option} part in configurations:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	29	*}
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	30	syntax
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	31	"_angle" :: "[com, state] \<Rightarrow> com option \<times> state" ("<_,_>")
0c90e581379f tuned; wenzelm parents: 12434 diff changeset	32	"_angle2" :: "state \<Rightarrow> com option \<times> state" ("<_>")
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	33
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	34	syntax (xsymbols)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	35	"_angle" :: "[com, state] \<Rightarrow> com option \<times> state" ("\<langle>_,_\<rangle>")
0c90e581379f tuned; wenzelm parents: 12434 diff changeset	36	"_angle2" :: "state \<Rightarrow> com option \<times> state" ("\<langle>_\<rangle>")
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	37
14565 c6dc17aab88a use more symbols in HTML output kleing parents: 13524 diff changeset	38	syntax (HTML output)
c6dc17aab88a use more symbols in HTML output kleing parents: 13524 diff changeset	39	"_angle" :: "[com, state] \<Rightarrow> com option \<times> state" ("\<langle>_,_\<rangle>")
c6dc17aab88a use more symbols in HTML output kleing parents: 13524 diff changeset	40	"_angle2" :: "state \<Rightarrow> com option \<times> state" ("\<langle>_\<rangle>")
c6dc17aab88a use more symbols in HTML output kleing parents: 13524 diff changeset	41
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	42	translations
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	43	"\<langle>c,s\<rangle>" == "(Some c, s)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	44	"\<langle>s\<rangle>" == "(None, s)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	45
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	46	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	47	More syntactic sugar for the transition relation, and its
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	48	iteration.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	49	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	50	syntax
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	51	"_evalc1" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	52	("_ -1-> _" [60,60] 60)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	53	"_evalcn" :: "[(com option\<times>state),nat,(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	54	("_ -_-> _" [60,60,60] 60)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	55	"_evalc*" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	56	("_ -*-> _" [60,60] 60)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	57
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	58	syntax (xsymbols)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	59	"_evalc1" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	60	("_ \<longrightarrow>\<^sub>1 _" [60,60] 61)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	61	"_evalcn" :: "[(com option\<times>state),nat,(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	62	("_ -_\<rightarrow>\<^sub>1 _" [60,60,60] 60)
12546 0c90e581379f tuned; wenzelm parents: 12434 diff changeset	63	"_evalc*" :: "[(com option\<times>state),(com option\<times>state)] \<Rightarrow> bool"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	64	("_ \<longrightarrow>\<^sub>1\<^sup>* _" [60,60] 60)
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	65
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	66	translations
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	67	"cs \<longrightarrow>\<^sub>1 cs'" == "(cs,cs') \<in> evalc1"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	68	"cs -n\<rightarrow>\<^sub>1 cs'" == "(cs,cs') \<in> evalc1^n"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	69	"cs \<longrightarrow>\<^sub>1\<^sup>* cs'" == "(cs,cs') \<in> evalc1^*"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	70
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	71	-- {* Isabelle/HOL converts @{text "(cs0,(c1,s1))"} to @{term "(cs0,c1,s1)"},
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	72	so we also include: *}
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	73	"cs0 \<longrightarrow>\<^sub>1 (c1,s1)" == "(cs0,c1,s1) \<in> evalc1"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	74	"cs0 -n\<rightarrow>\<^sub>1 (c1,s1)" == "(cs0,c1,s1) \<in> evalc1^n"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	75	"cs0 \<longrightarrow>\<^sub>1\<^sup>* (c1,s1)" == "(cs0,c1,s1) \<in> evalc1^*"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	76
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	77	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	78	Now, finally, we are set to write down the rules for our small step semantics:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	79	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	80	inductive evalc1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	81	intros
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	82	Skip: "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s\<rangle>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	83	Assign: "\<langle>x :== a, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s[x \<mapsto> a s]\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	84
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	85	Semi1: "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> \<langle>c0;c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1,s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	86	Semi2: "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0',s'\<rangle> \<Longrightarrow> \<langle>c0;c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0';c1,s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	87
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	88	IfTrue: "b s \<Longrightarrow> \<langle>\<IF> b \<THEN> c1 \<ELSE> c2,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1,s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	89	IfFalse: "\<not>b s \<Longrightarrow> \<langle>\<IF> b \<THEN> c1 \<ELSE> c2,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c2,s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	90
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	91	While: "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<IF> b \<THEN> c; \<WHILE> b \<DO> c \<ELSE> \<SKIP>,s\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	92
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	93	lemmas [intro] = evalc1.intros -- "again, use these rules in automatic proofs"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	94
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	95	(<)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	96	(* fixme: move to Relation_Power.thy *)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	97	lemma rel_pow_Suc_E2 [elim!]:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	98	"[\| (x, z) \<in> R ^ Suc n; !!y. [\| (x, y) \<in> R; (y, z) \<in> R ^ n \|] ==> P \|] ==> P"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	99	by (blast dest: rel_pow_Suc_D2)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	100
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	101	lemma rtrancl_imp_rel_pow: "p \<in> R^* \<Longrightarrow> \<exists>n. p \<in> R^n"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	102	proof (induct p)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	103	fix x y
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	104	assume "(x, y) \<in> R\<^sup>*"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	105	thus "\<exists>n. (x, y) \<in> R^n"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	106	proof induct
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	107	fix a have "(a, a) \<in> R^0" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	108	thus "\<exists>n. (a, a) \<in> R ^ n" ..
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	109	next
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	110	fix a b c assume "\<exists>n. (a, b) \<in> R ^ n"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	111	then obtain n where "(a, b) \<in> R^n" ..
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	112	moreover assume "(b, c) \<in> R"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	113	ultimately have "(a, c) \<in> R^(Suc n)" by auto
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	114	thus "\<exists>n. (a, c) \<in> R^n" ..
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	115	qed
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	116	qed
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	117	(>)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	118	text {*
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	119	As for the big step semantics you can read these rules in a
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	120	syntax directed way:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	121	*}
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	122	lemma SKIP_1: "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 y = (y = \<langle>s\<rangle>)"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	123	by (rule, cases set: evalc1, auto)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	124
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	125	lemma Assign_1: "\<langle>x :== a, s\<rangle> \<longrightarrow>\<^sub>1 y = (y = \<langle>s[x \<mapsto> a s]\<rangle>)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	126	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	127
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	128	lemma Cond_1:
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	129	"\<langle>\<IF> b \<THEN> c1 \<ELSE> c2, s\<rangle> \<longrightarrow>\<^sub>1 y = ((b s \<longrightarrow> y = \<langle>c1, s\<rangle>) \<and> (\<not>b s \<longrightarrow> y = \<langle>c2, s\<rangle>))"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	130	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	131
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	132	lemma While_1:
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	133	"\<langle>\<WHILE> b \<DO> c, s\<rangle> \<longrightarrow>\<^sub>1 y = (y = \<langle>\<IF> b \<THEN> c; \<WHILE> b \<DO> c \<ELSE> \<SKIP>, s\<rangle>)"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	134	by (rule, cases set: evalc1, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	135
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	136	lemmas [simp] = SKIP_1 Assign_1 Cond_1 While_1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	137
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	138
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	139	subsection "Examples"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	140
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	141	lemma
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	142	"s x = 0 \<Longrightarrow> \<langle>\<WHILE> \<lambda>s. s x \<noteq> 1 \<DO> (x:== \<lambda>s. s x+1), s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s[x \<mapsto> 1]\<rangle>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	143	(is "_ \<Longrightarrow> \<langle>?w, _\<rangle> \<longrightarrow>\<^sub>1\<^sup>* _")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	144	proof -
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	145	let ?c = "x:== \<lambda>s. s x+1"
ff2efde4574d tuned kleing parents: 12431 diff changeset	146	let ?if = "\<IF> \<lambda>s. s x \<noteq> 1 \<THEN> ?c; ?w \<ELSE> \<SKIP>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	147	assume [simp]: "s x = 0"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	148	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" ..
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	149	also have "\<langle>?if, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s\<rangle>" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	150	also have "\<langle>?c; ?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 1]\<rangle>" by (rule Semi1) simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	151	also have "\<langle>?w, s[x \<mapsto> 1]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s[x \<mapsto> 1]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	152	also have "\<langle>?if, s[x \<mapsto> 1]\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<SKIP>, s[x \<mapsto> 1]\<rangle>" by (simp add: update_def)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	153	also have "\<langle>\<SKIP>, s[x \<mapsto> 1]\<rangle> \<longrightarrow>\<^sub>1 \<langle>s[x \<mapsto> 1]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	154	finally show ?thesis ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	155	qed
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	156
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	157	lemma
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	158	"s x = 2 \<Longrightarrow> \<langle>\<WHILE> \<lambda>s. s x \<noteq> 1 \<DO> (x:== \<lambda>s. s x+1), s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* s'"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	159	(is "_ \<Longrightarrow> \<langle>?w, _\<rangle> \<longrightarrow>\<^sub>1\<^sup>* s'")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	160	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	161	let ?c = "x:== \<lambda>s. s x+1"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	162	let ?if = "\<IF> \<lambda>s. s x \<noteq> 1 \<THEN> ?c; ?w \<ELSE> \<SKIP>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	163	assume [simp]: "s x = 2"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	164	note update_def [simp]
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	165	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	166	also have "\<langle>?if, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s\<rangle>" by simp
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	167	also have "\<langle>?c; ?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 3]\<rangle>" by (rule Semi1) simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	168	also have "\<langle>?w, s[x \<mapsto> 3]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s[x \<mapsto> 3]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	169	also have "\<langle>?if, s[x \<mapsto> 3]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s[x \<mapsto> 3]\<rangle>" by simp
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	170	also have "\<langle>?c; ?w, s[x \<mapsto> 3]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 4]\<rangle>" by (rule Semi1) simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	171	also have "\<langle>?w, s[x \<mapsto> 4]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s[x \<mapsto> 4]\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	172	also have "\<langle>?if, s[x \<mapsto> 4]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?c; ?w, s[x \<mapsto> 4]\<rangle>" by simp
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	173	also have "\<langle>?c; ?w, s[x \<mapsto> 4]\<rangle> \<longrightarrow>\<^sub>1 \<langle>?w, s[x \<mapsto> 5]\<rangle>" by (rule Semi1) simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	174	oops
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	175
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	176	subsection "Basic properties"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	177
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	178	text {*
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	179	There are no \emph{stuck} programs:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	180	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	181	lemma no_stuck: "\<exists>y. \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1 y"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	182	proof (induct c)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	183	-- "case Semi:"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	184	fix c1 c2 assume "\<exists>y. \<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 y"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	185	then obtain y where "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 y" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	186	then obtain c1' s' where "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle> \<or> \<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1',s'\<rangle>"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	187	by (cases y, cases "fst y") auto
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	188	thus "\<exists>s'. \<langle>c1;c2,s\<rangle> \<longrightarrow>\<^sub>1 s'" by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	189	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	190	-- "case If:"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	191	fix b c1 c2 assume "\<exists>y. \<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1 y" and "\<exists>y. \<langle>c2,s\<rangle> \<longrightarrow>\<^sub>1 y"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	192	thus "\<exists>y. \<langle>\<IF> b \<THEN> c1 \<ELSE> c2, s\<rangle> \<longrightarrow>\<^sub>1 y" by (cases "b s") auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	193	qed auto -- "the rest is trivial"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	194
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	195	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	196	If a configuration does not contain a statement, the program
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	197	has terminated and there is no next configuration:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	198	*}
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	199	lemma stuck [elim!]: "\<langle>s\<rangle> \<longrightarrow>\<^sub>1 y \<Longrightarrow> P"
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	200	by (auto elim: evalc1.elims)
ff2efde4574d tuned kleing parents: 12431 diff changeset	201
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	202	lemma evalc_None_retrancl [simp, dest!]: "\<langle>s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* s' \<Longrightarrow> s' = \<langle>s\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	203	by (induct set: rtrancl) auto
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	204
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	205	(<)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	206	(* FIXME: relpow.simps don't work *)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	207	lemma rel_pow_0 [simp]: "!!R::('a*'a) set. R^0 = Id" by simp
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	208	lemma rel_pow_Suc_0 [simp]: "!!R::('a*'a) set. R^(Suc 0) = R" by simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	209	lemmas [simp del] = relpow.simps
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	210	(>)
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	211	lemma evalc1_None_0 [simp, dest!]: "\<langle>s\<rangle> -n\<rightarrow>\<^sub>1 y = (n = 0 \<and> y = \<langle>s\<rangle>)"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	212	by (cases n) auto
4906 0537ee95d004 fixed translations; wenzelm parents: 4897 diff changeset	213
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	214	lemma SKIP_n: "\<langle>\<SKIP>, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> s' = s \<and> n=1"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	215	by (cases n) auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	216
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	217	subsection "Equivalence to natural semantics (after Nielson and Nielson)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	218
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	219	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	220	We first need two lemmas about semicolon statements:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	221	decomposition and composition.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	222	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	223	lemma semiD:
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	224	"\<langle>c1; c2, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<Longrightarrow>
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	225	\<exists>i j s'. \<langle>c1, s\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<and> \<langle>c2, s'\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<and> n = i+j"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	226	proof (induct n fixing: c1 c2 s s'')
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	227	case 0
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	228	then show ?case by simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	229	next
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	230	case (Suc n)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	231
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	232	from `\<langle>c1; c2, s\<rangle> -Suc n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>`
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	233	obtain y where
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	234	1: "\<langle>c1; c2, s\<rangle> \<longrightarrow>\<^sub>1 y" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	235	n: "y -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	236	by blast
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	237
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	238	from 1
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	239	show "\<exists>i j s'. \<langle>c1, s\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<and> \<langle>c2, s'\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<and> Suc n = i+j"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	240	(is "\<exists>i j s'. ?Q i j s'")
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	241	proof (cases set: evalc1)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	242	case Semi1
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	243	then obtain s' where
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	244	"y = \<langle>c2, s'\<rangle>" and "\<langle>c1, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle>"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	245	by auto
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	246	with 1 n have "?Q 1 n s'" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	247	thus ?thesis by blast
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	248	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	249	case Semi2
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	250	then obtain c1' s' where
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	251	y: "y = \<langle>c1'; c2, s'\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	252	c1: "\<langle>c1, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1', s'\<rangle>"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	253	by auto
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	254	with n have "\<langle>c1'; c2, s'\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	255	with Suc.hyps obtain i j s0 where
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	256	c1': "\<langle>c1',s'\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s0\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	257	c2: "\<langle>c2,s0\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	258	i: "n = i+j"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	259	by fast
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	260
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	261	from c1 c1'
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	262	have "\<langle>c1,s\<rangle> -(i+1)\<rightarrow>\<^sub>1 \<langle>s0\<rangle>" by (auto intro: rel_pow_Suc_I2)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	263	with c2 i
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	264	have "?Q (i+1) j s0" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	265	thus ?thesis by blast
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	266	qed auto -- "the remaining cases cannot occur"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	267	qed
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	268
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	269
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	270	lemma semiI:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	271	"\<langle>c0,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<Longrightarrow> \<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle> \<Longrightarrow> \<langle>c0; c1, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	272	proof (induct n fixing: c0 s s'')
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	273	case 0
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	274	from `\<langle>c0,s\<rangle> -(0::nat)\<rightarrow>\<^sub>1 \<langle>s''\<rangle>`
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	275	have False by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	276	thus ?case ..
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	277	next
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	278	case (Suc n)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	279	note c0 = `\<langle>c0,s\<rangle> -Suc n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>`
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	280	note c1 = `\<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>`
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	281	note IH = `\<And>c0 s s''.
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	282	\<langle>c0,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle> \<Longrightarrow> \<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle> \<Longrightarrow> \<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>`
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	283	from c0 obtain y where
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	284	1: "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1 y" and n: "y -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	285	from 1 obtain c0' s0' where
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	286	"y = \<langle>s0'\<rangle> \<or> y = \<langle>c0', s0'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	287	by (cases y, cases "fst y") auto
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	288	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	289	{ assume y: "y = \<langle>s0'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	290	with n have "s'' = s0'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	291	with y 1 have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1, s''\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	292	with c1 have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (blast intro: rtrancl_trans)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	293	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	294	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	295	{ assume y: "y = \<langle>c0', s0'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	296	with n have "\<langle>c0', s0'\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	297	with IH c1 have "\<langle>c0'; c1,s0'\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	298	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	299	from y 1 have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0'; c1,s0'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	300	hence "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c0'; c1,s0'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	301	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	302	have "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (blast intro: rtrancl_trans)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	303	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	304	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	305	show "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	306	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	307
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	308	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	309	The easy direction of the equivalence proof:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	310	*}
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	311	lemma evalc_imp_evalc1:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	312	assumes "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	313	shows "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	314	using prems
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	315	proof induct
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	316	fix s show "\<langle>\<SKIP>,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" by auto
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	317	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	318	fix x a s show "\<langle>x :== a ,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s[x\<mapsto>a s]\<rangle>" by auto
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	319	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	320	fix c0 c1 s s'' s'
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	321	assume "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s''\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	322	then obtain n where "\<langle>c0,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by (blast dest: rtrancl_imp_rel_pow)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	323	moreover
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	324	assume "\<langle>c1,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	325	ultimately
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	326	show "\<langle>c0; c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (rule semiI)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	327	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	328	fix s::state and b c0 c1 s'
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	329	assume "b s"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	330	hence "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c0,s\<rangle>" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	331	also assume "\<langle>c0,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	332	finally show "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" .
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	333	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	334	fix s::state and b c0 c1 s'
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	335	assume "\<not>b s"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	336	hence "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c1,s\<rangle>" by simp
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	337	also assume "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	338	finally show "\<langle>\<IF> b \<THEN> c0 \<ELSE> c1,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" .
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	339	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	340	fix b c and s::state
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	341	assume b: "\<not>b s"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	342	let ?if = "\<IF> b \<THEN> c; \<WHILE> b \<DO> c \<ELSE> \<SKIP>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	343	have "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" by blast
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	344	also have "\<langle>?if,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<SKIP>, s\<rangle>" by (simp add: b)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	345	also have "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s\<rangle>" by blast
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	346	finally show "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" ..
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	347	next
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	348	fix b c s s'' s'
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	349	let ?w = "\<WHILE> b \<DO> c"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	350	let ?if = "\<IF> b \<THEN> c; ?w \<ELSE> \<SKIP>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	351	assume w: "\<langle>?w,s''\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	352	assume c: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s''\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	353	assume b: "b s"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	354	have "\<langle>?w,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>?if, s\<rangle>" by blast
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	355	also have "\<langle>?if, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c; ?w, s\<rangle>" by (simp add: b)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	356	also
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	357	from c obtain n where "\<langle>c,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" by (blast dest: rtrancl_imp_rel_pow)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	358	with w have "\<langle>c; ?w,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by - (rule semiI)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	359	finally show "\<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" ..
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	360	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	361
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	362	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	363	Finally, the equivalence theorem:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	364	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	365	theorem evalc_equiv_evalc1:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	366	"\<langle>c, s\<rangle> \<longrightarrow>\<^sub>c s' = \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	367	proof
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	368	assume "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	369	show "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>" by (rule evalc_imp_evalc1)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	370	next
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	371	assume "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	372	then obtain n where "\<langle>c, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by (blast dest: rtrancl_imp_rel_pow)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	373	moreover
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	374	have "\<langle>c, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	375	proof (induct fixing: c s s' rule: less_induct)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	376	fix n
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	377	assume IH: "\<And>m c s s'. m < n \<Longrightarrow> \<langle>c,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle> \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	378	fix c s s'
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	379	assume c: "\<langle>c, s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	380	then obtain m where n: "n = Suc m" by (cases n) auto
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	381	with c obtain y where
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	382	c': "\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1 y" and m: "y -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by blast
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	383	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	384	proof (cases c)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	385	case SKIP
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	386	with c n show ?thesis by auto
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	387	next
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	388	case Assign
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	389	with c n show ?thesis by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	390	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	391	fix c1 c2 assume semi: "c = (c1; c2)"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	392	with c obtain i j s'' where
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	393	c1: "\<langle>c1, s\<rangle> -i\<rightarrow>\<^sub>1 \<langle>s''\<rangle>" and
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	394	c2: "\<langle>c2, s''\<rangle> -j\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" and
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	395	ij: "n = i+j"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	396	by (blast dest: semiD)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	397	from c1 c2 obtain
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	398	"0 < i" and "0 < j" by (cases i, auto, cases j, auto)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	399	with ij obtain
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	400	i: "i < n" and j: "j < n" by simp
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	401	from IH i c1
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	402	have "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>c s''" .
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	403	moreover
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	404	from IH j c2
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	405	have "\<langle>c2,s''\<rangle> \<longrightarrow>\<^sub>c s'" .
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	406	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	407	note semi
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	408	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	409	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	410	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	411	fix b c1 c2 assume If: "c = \<IF> b \<THEN> c1 \<ELSE> c2"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	412	{ assume True: "b s = True"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	413	with If c n
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	414	have "\<langle>c1,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by auto
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	415	with n IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	416	have "\<langle>c1,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	417	with If True
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	418	have "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	419	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	420	moreover
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	421	{ assume False: "b s = False"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	422	with If c n
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	423	have "\<langle>c2,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>" by auto
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	424	with n IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	425	have "\<langle>c2,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	426	with If False
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	427	have "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	428	}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	429	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	430	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by (cases "b s") auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	431	next
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	432	fix b c' assume w: "c = \<WHILE> b \<DO> c'"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	433	with c n
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	434	have "\<langle>\<IF> b \<THEN> c'; \<WHILE> b \<DO> c' \<ELSE> \<SKIP>,s\<rangle> -m\<rightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	435	(is "\<langle>?if,_\<rangle> -m\<rightarrow>\<^sub>1 _") by auto
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	436	with n IH
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	437	have "\<langle>\<IF> b \<THEN> c'; \<WHILE> b \<DO> c' \<ELSE> \<SKIP>,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	438	moreover note unfold_while [of b c']
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	439	-- {* @{thm unfold_while [of b c']} *}
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	440	ultimately
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	441	have "\<langle>\<WHILE> b \<DO> c',s\<rangle> \<longrightarrow>\<^sub>c s'" by (blast dest: equivD2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	442	with w show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	443	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	444	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	445	ultimately
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	446	show "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s'" by blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	447	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	448
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	449
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	450	subsection "Winskel's Proof"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	451
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	452	declare rel_pow_0_E [elim!]
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	453
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	454	text {*
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	455	Winskel's small step rules are a bit different \cite{Winskel};
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	456	we introduce their equivalents as derived rules:
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	457	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	458	lemma whileFalse1 [intro]:
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	459	"\<not> b s \<Longrightarrow> \<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" (is "_ \<Longrightarrow> \<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>")
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	460	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	461	assume "\<not>b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	462	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	463	also have "\<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<SKIP>, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	464	also have "\<langle>\<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	465	finally show "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	466	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	467
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	468	lemma whileTrue1 [intro]:
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	469	"b s \<Longrightarrow> \<langle>\<WHILE> b \<DO> c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c;\<WHILE> b \<DO> c, s\<rangle>"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	470	(is "_ \<Longrightarrow> \<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c;?w,s\<rangle>")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	471	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	472	assume "b s"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	473	have "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	474	also have "\<langle>\<IF> b \<THEN> c;?w \<ELSE> \<SKIP>, s\<rangle> \<longrightarrow>\<^sub>1 \<langle>c;?w, s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	475	finally show "\<langle>?w, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>c;?w,s\<rangle>" ..
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	476	qed
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	477
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	478	inductive_cases evalc1_SEs:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	479	"\<langle>\<SKIP>,s\<rangle> \<longrightarrow>\<^sub>1 t"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	480	"\<langle>x:==a,s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	481	"\<langle>c1;c2, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	482	"\<langle>\<IF> b \<THEN> c1 \<ELSE> c2, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	483	"\<langle>\<WHILE> b \<DO> c, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	484
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	485	inductive_cases evalc1_E: "\<langle>\<WHILE> b \<DO> c, s\<rangle> \<longrightarrow>\<^sub>1 t"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	486
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	487	declare evalc1_SEs [elim!]
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	488
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	489	lemma evalc_impl_evalc1: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s1 \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s1\<rangle>"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	490	apply (induct set: evalc)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	491
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	492	-- SKIP
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	493	apply blast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	494
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	495	-- ASSIGN
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	496	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	497
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	498	-- SEMI
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	499	apply (fast dest: rtrancl_imp_UN_rel_pow intro: semiI)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	500
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	501	-- IF
12566 fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	502	apply (fast intro: converse_rtrancl_into_rtrancl)
fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	503	apply (fast intro: converse_rtrancl_into_rtrancl)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	504
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	505	-- WHILE
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	506	apply fast
12566 fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	507	apply (fast dest: rtrancl_imp_UN_rel_pow intro: converse_rtrancl_into_rtrancl semiI)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	508
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	509	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	510
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	511
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	512	lemma lemma2:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	513	"\<langle>c;d,s\<rangle> -n\<rightarrow>\<^sub>1 \<langle>u\<rangle> \<Longrightarrow> \<exists>t m. \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle> \<and> \<langle>d,t\<rangle> -m\<rightarrow>\<^sub>1 \<langle>u\<rangle> \<and> m \<le> n"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	514	apply (induct n fixing: c d s u)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	515	-- "case n = 0"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	516	apply fastsimp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	517	-- "induction step"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	518	apply (fast intro!: le_SucI le_refl dest!: rel_pow_Suc_D2
12566 fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	519	elim!: rel_pow_imp_rtrancl converse_rtrancl_into_rtrancl)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	520	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	521
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	522	lemma evalc1_impl_evalc:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	523	"\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle> \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c t"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	524	apply (induct c fixing: s t)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	525	apply (safe dest!: rtrancl_imp_UN_rel_pow)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	526
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	527	-- SKIP
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	528	apply (simp add: SKIP_n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	529
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	530	-- ASSIGN
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	531	apply (fastsimp elim: rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	532
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	533	-- SEMI
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	534	apply (fast dest!: rel_pow_imp_rtrancl lemma2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	535
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	536	-- IF
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	537	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	538	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	539	apply (fast dest!: rel_pow_imp_rtrancl)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	540
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	541	-- "WHILE, induction on the length of the computation"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	542	apply (rename_tac b c s t n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	543	apply (erule_tac P = "?X -n\<rightarrow>\<^sub>1 ?Y" in rev_mp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	544	apply (rule_tac x = "s" in spec)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	545	apply (induct_tac n rule: nat_less_induct)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	546	apply (intro strip)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	547	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	548	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	549	apply (erule evalc1_E)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	550
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	551	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	552	apply (case_tac "b x")
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	553	-- WhileTrue
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	554	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	555	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	556	apply (clarify dest!: lemma2)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	557	apply atomize
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	558	apply (erule allE, erule allE, erule impE, assumption)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	559	apply (erule_tac x=mb in allE, erule impE, fastsimp)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	560	apply blast
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	561	-- WhileFalse
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	562	apply (erule rel_pow_E2)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	563	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	564	apply (simp add: SKIP_n)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	565	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	566
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	567
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	568	text {* proof of the equivalence of evalc and evalc1 *}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	569	lemma evalc1_eq_evalc: "(\<langle>c, s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle>) = (\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c t)"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	570	by (fast elim!: evalc1_impl_evalc evalc_impl_evalc1)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	571
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	572
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	573	subsection "A proof without n"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	574
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	575	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	576	The inductions are a bit awkward to write in this section,
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	577	because @{text None} as result statement in the small step
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	578	semantics doesn't have a direct counterpart in the big step
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	579	semantics.
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	580
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	581	Winskel's small step rule set (using the @{text "\<SKIP>"} statement
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	582	to indicate termination) is better suited for this proof.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	583	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	584
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	585	lemma my_lemma1:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	586	assumes "\<langle>c1,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s2\<rangle>"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	587	and "\<langle>c2,s2\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	588	shows "\<langle>c1;c2,s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3"
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	589	proof -
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	590	-- {* The induction rule needs @{text P} to be a function of @{term "Some c1"} *}
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	591	from prems
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	592	have "\<langle>(\<lambda>c. if c = None then c2 else the c; c2) (Some c1),s1\<rangle> \<longrightarrow>\<^sub>1\<^sup>* cs3"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	593	apply (induct rule: converse_rtrancl_induct2)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	594	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	595	apply (rename_tac c s')
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	596	apply simp
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	597	apply (rule conjI)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	598	apply fast
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	599	apply clarify
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	600	apply (case_tac c)
12566 fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	601	apply (auto intro: converse_rtrancl_into_rtrancl)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	602	done
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	603	then show ?thesis by simp
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	604	qed
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	605
13524 604d0f3622d6 * empty log message * wenzelm parents: 12566 diff changeset	606	lemma evalc_impl_evalc1': "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>c s1 \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>s1\<rangle>"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	607	apply (induct set: evalc)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	608
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	609	-- SKIP
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	610	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	611
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	612	-- ASSIGN
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	613	apply fast
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	614
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	615	-- SEMI
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	616	apply (fast intro: my_lemma1)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	617
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	618	-- IF
12566 fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	619	apply (fast intro: converse_rtrancl_into_rtrancl)
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	620	apply (fast intro: converse_rtrancl_into_rtrancl)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	621
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	622	-- WHILE
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	623	apply fast
12566 fe20540bcf93 renamed rtrancl_into_rtrancl2 to converse_rtrancl_into_rtrancl nipkow parents: 12546 diff changeset	624	apply (fast intro: converse_rtrancl_into_rtrancl my_lemma1)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	625
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	626	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	627
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	628	text {*
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	629	The opposite direction is based on a Coq proof done by Ranan Fraer and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	630	Yves Bertot. The following sketch is from an email by Ranan Fraer.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	631
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	632	\begin{verbatim}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	633	First we've broke it into 2 lemmas:
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	634
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	635	Lemma 1
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	636	((c,s) --> (SKIP,t)) => (<c,s> -c-> t)
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	637
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	638	This is a quick one, dealing with the cases skip, assignment
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	639	and while_false.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	640
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	641	Lemma 2
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	642	((c,s) -*-> (c',s')) /\ <c',s'> -c'-> t
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	643	=>
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	644	<c,s> -c-> t
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	645
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	646	This is proved by rule induction on the -*-> relation
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	647	and the induction step makes use of a third lemma:
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	648
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	649	Lemma 3
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	650	((c,s) --> (c',s')) /\ <c',s'> -c'-> t
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	651	=>
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	652	<c,s> -c-> t
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	653
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	654	This captures the essence of the proof, as it shows that <c',s'>
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	655	behaves as the continuation of <c,s> with respect to the natural
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	656	semantics.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	657	The proof of Lemma 3 goes by rule induction on the --> relation,
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	658	dealing with the cases sequence1, sequence2, if_true, if_false and
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	659	while_true. In particular in the case (sequence1) we make use again
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	660	of Lemma 1.
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	661	\end{verbatim}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	662	*}
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	663
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	664	inductive_cases evalc1_term_cases: "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1 \<langle>s'\<rangle>"
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	665
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	666	lemma FB_lemma3:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	667	"(c,s) \<longrightarrow>\<^sub>1 (c',s') \<Longrightarrow> c \<noteq> None \<Longrightarrow>
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	668	\<langle>if c'=None then \<SKIP> else the c',s'\<rangle> \<longrightarrow>\<^sub>c t \<Longrightarrow> \<langle>the c,s\<rangle> \<longrightarrow>\<^sub>c t"
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	669	by (induct fixing: t set: evalc1)
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	670	(auto elim!: evalc1_term_cases equivD2 [OF unfold_while])
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	671
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	672	lemma FB_lemma2:
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	673	"(c,s) \<longrightarrow>\<^sub>1\<^sup>* (c',s') \<Longrightarrow> c \<noteq> None \<Longrightarrow>
2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	674	\<langle>if c' = None then \<SKIP> else the c',s'\<rangle> \<longrightarrow>\<^sub>c t \<Longrightarrow> \<langle>the c,s\<rangle> \<longrightarrow>\<^sub>c t"
18447 da548623916a removed or modified some instances of [iff] paulson parents: 18372 diff changeset	675	apply (induct rule: converse_rtrancl_induct2, force)
12434 ff2efde4574d tuned kleing parents: 12431 diff changeset	676	apply (fastsimp elim!: evalc1_term_cases intro: FB_lemma3)
12431 07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	677	done
07ec657249e5 converted to Isar kleing parents: 9364 diff changeset	678
13524 604d0f3622d6 * empty log message * wenzelm parents: 12566 diff changeset	679	lemma evalc1_impl_evalc': "\<langle>c,s\<rangle> \<longrightarrow>\<^sub>1\<^sup>* \<langle>t\<rangle> \<Longrightarrow> \<langle>c,s\<rangle> \<longrightarrow>\<^sub>c t"
18372 2bffdf62fe7f tuned proofs; wenzelm parents: 16417 diff changeset	680	by (fastsimp dest: FB_lemma2)
1700 afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	681
afd3b60660db Natural and Transition semantics. nipkow parents: diff changeset	682	end

author	paulson
	Wed, 21 Dec 2005 12:02:57 +0100
changeset 18447	da548623916a
parent 18372	2bffdf62fe7f
child 18557	60a0f9caa0a2
permissions	-rw-r--r--