isabelle: src/HOL/Hoare/Separation.thy@89da4dcd1fa8 (annotated)

13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	1	(* Title: HOL/Hoare/Separation.thy
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	2	Author: Tobias Nipkow
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	3	Copyright 2003 TUM
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	4
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	5	A first attempt at a nice syntactic embedding of separation logic.
14074 93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	6	Already builds on the theory for list abstractions.
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	7
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	8	If we suppress the H parameter for "List", we have to hardwired this
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	9	into parser and pretty printer, which is not very modular.
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	10	Alternative: some syntax like <P> which stands for P H. No more
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	11	compact, but avoids the funny H.
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	12	*)
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	13
72990 db8f94656024 tuned document, notably authors and sections; wenzelm parents: 69597 diff changeset	14	section \<open>Separation logic\<close>
db8f94656024 tuned document, notably authors and sections; wenzelm parents: 69597 diff changeset	15
db8f94656024 tuned document, notably authors and sections; wenzelm parents: 69597 diff changeset	16	theory Separation
db8f94656024 tuned document, notably authors and sections; wenzelm parents: 69597 diff changeset	17	imports Hoare_Logic_Abort SepLogHeap
db8f94656024 tuned document, notably authors and sections; wenzelm parents: 69597 diff changeset	18	begin
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	19
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	20	text\<open>The semantic definition of a few connectives:\<close>
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	21
80914 d97fdabd9e2b standardize mixfix annotations via "isabelle update -a -u mixfix_cartouches" --- to simplify systematic editing; wenzelm parents: 72990 diff changeset	22	definition ortho :: "heap \<Rightarrow> heap \<Rightarrow> bool" (infix \<open>\<bottom>\<close> 55)
38353 d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	23	where "h1 \<bottom> h2 \<longleftrightarrow> dom h1 \<inter> dom h2 = {}"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	24
38353 d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	25	definition is_empty :: "heap \<Rightarrow> bool"
68451 c34aa23a1fb6 empty -> Map.empty nipkow parents: 67444 diff changeset	26	where "is_empty h \<longleftrightarrow> h = Map.empty"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	27
38353 d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	28	definition singl:: "heap \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> bool"
d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	29	where "singl h x y \<longleftrightarrow> dom h = {x} & h x = Some y"
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	30
38353 d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	31	definition star:: "(heap \<Rightarrow> bool) \<Rightarrow> (heap \<Rightarrow> bool) \<Rightarrow> (heap \<Rightarrow> bool)"
d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	32	where "star P Q = (\<lambda>h. \<exists>h1 h2. h = h1++h2 \<and> h1 \<bottom> h2 \<and> P h1 \<and> Q h2)"
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	33
38353 d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	34	definition wand:: "(heap \<Rightarrow> bool) \<Rightarrow> (heap \<Rightarrow> bool) \<Rightarrow> (heap \<Rightarrow> bool)"
d98baa2cf589 modernized specifications; wenzelm parents: 35416 diff changeset	35	where "wand P Q = (\<lambda>h. \<forall>h'. h' \<bottom> h \<and> P h' \<longrightarrow> Q(h++h'))"
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	36
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	37	text\<open>This is what assertions look like without any syntactic sugar:\<close>
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	38
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	39	lemma "VARS x y z w h
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	40	{star (%h. singl h x y) (%h. singl h z w) h}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	41	SKIP
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	42	{x \<noteq> z}"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	43	apply vcg
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	44	apply(auto simp:star_def ortho_def singl_def)
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	45	done
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	46
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	47	text\<open>Now we add nice input syntax. To suppress the heap parameter
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	48	of the connectives, we assume it is always called H and add/remove it
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	49	upon parsing/printing. Thus every pointer program needs to have a
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	50	program variable H, and assertions should not contain any locally
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	51	bound Hs - otherwise they may bind the implicit H.\<close>
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	52
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	53	syntax
80914 d97fdabd9e2b standardize mixfix annotations via "isabelle update -a -u mixfix_cartouches" --- to simplify systematic editing; wenzelm parents: 72990 diff changeset	54	"_emp" :: "bool" (\<open>emp\<close>)
81189 47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	55	"_singl" :: "nat \<Rightarrow> nat \<Rightarrow> bool" (\<open>(\<open>open_block notation=\<open>mixfix singl\<close>\<close>[_ \<mapsto> _])\<close>)
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	56	"_star" :: "bool \<Rightarrow> bool \<Rightarrow> bool" (infixl \<open>**\<close> 60)
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	57	"_wand" :: "bool \<Rightarrow> bool \<Rightarrow> bool" (infixl \<open>-*\<close> 60)
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	58
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	59	syntax_consts
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	60	"_emp" \<rightleftharpoons> is_empty and
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	61	"_singl" \<rightleftharpoons> singl and
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	62	"_star" \<rightleftharpoons> star and
47a0dfee26ea more inner-syntax markup; wenzelm parents: 80914 diff changeset	63	"_wand" \<rightleftharpoons> wand
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	64
17781 32bb237158a5 print_translation: does not handle _idtdummy; wenzelm parents: 16417 diff changeset	65	(* FIXME does not handle "_idtdummy" *)
67444 100247708f31 clarified comments; wenzelm parents: 67410 diff changeset	66	ML \<open>
100247708f31 clarified comments; wenzelm parents: 67410 diff changeset	67	\<comment> \<open>\<open>free_tr\<close> takes care of free vars in the scope of separation logic connectives:
100247708f31 clarified comments; wenzelm parents: 67410 diff changeset	68	they are implicitly applied to the heap\<close>
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	69	fun free_tr(t as Free _) = t $ Syntax.free "H"
67444 100247708f31 clarified comments; wenzelm parents: 67410 diff changeset	70	\<^cancel>\<open>\| free_tr((list as Free("List",_))$ p $ ps) = list $ Syntax.free "H" $ p $ ps\<close>
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	71	\| free_tr t = t
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	72
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	73	fun emp_tr [] = Syntax.const \<^const_syntax>\<open>is_empty\<close> $ Syntax.free "H"
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	74	\| emp_tr ts = raise TERM ("emp_tr", ts);
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	75	fun singl_tr [p, q] = Syntax.const \<^const_syntax>\<open>singl\<close> $ Syntax.free "H" $ p $ q
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	76	\| singl_tr ts = raise TERM ("singl_tr", ts);
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	77	fun star_tr [P,Q] = Syntax.const \<^const_syntax>\<open>star\<close> $
44241 7943b69f0188 modernized signature of Term.absfree/absdummy; wenzelm parents: 38353 diff changeset	78	absfree ("H", dummyT) (free_tr P) $ absfree ("H", dummyT) (free_tr Q) $
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	79	Syntax.free "H"
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	80	\| star_tr ts = raise TERM ("star_tr", ts);
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	81	fun wand_tr [P, Q] = Syntax.const \<^const_syntax>\<open>wand\<close> $
44241 7943b69f0188 modernized signature of Term.absfree/absdummy; wenzelm parents: 38353 diff changeset	82	absfree ("H", dummyT) P $ absfree ("H", dummyT) Q $ Syntax.free "H"
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	83	\| wand_tr ts = raise TERM ("wand_tr", ts);
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	84	\<close>
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	85
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	86	parse_translation \<open>
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	87	[(\<^syntax_const>\<open>_emp\<close>, K emp_tr),
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	88	(\<^syntax_const>\<open>_singl\<close>, K singl_tr),
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	89	(\<^syntax_const>\<open>_star\<close>, K star_tr),
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	90	(\<^syntax_const>\<open>_wand\<close>, K wand_tr)]
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	91	\<close>
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	92
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	93	text\<open>Now it looks much better:\<close>
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	94
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	95	lemma "VARS H x y z w
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	96	{[x\<mapsto>y] ** [z\<mapsto>w]}
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	97	SKIP
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	98	{x \<noteq> z}"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	99	apply vcg
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	100	apply(auto simp:star_def ortho_def singl_def)
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	101	done
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	102
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	103	lemma "VARS H x y z w
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	104	{emp ** emp}
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	105	SKIP
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	106	{emp}"
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	107	apply vcg
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	108	apply(auto simp:star_def ortho_def is_empty_def)
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	109	done
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	110
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	111	text\<open>But the output is still unreadable. Thus we also strip the heap
6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	112	parameters upon output:\<close>
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	113
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	114	ML \<open>
35113 1a0c129bb2e0 modernized translations; wenzelm parents: 35101 diff changeset	115	local
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	116
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	117	fun strip (Abs(_,_,(t as Const("_free",_) $ Free _) $ Bound 0)) = t
ad1c28671a93 First working version nipkow parents: 13875 diff changeset	118	\| strip (Abs(_,_,(t as Free _) $ Bound 0)) = t
67444 100247708f31 clarified comments; wenzelm parents: 67410 diff changeset	119	\<^cancel>\<open>\| strip (Abs(_,_,((list as Const("List",_))$ Bound 0 $ p $ ps))) = list$p$ps\<close>
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	120	\| strip (Abs(_,_,(t as Const("_var",_) $ Var _) $ Bound 0)) = t
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	121	\| strip (Abs(_,_,P)) = P
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	122	\| strip (Const(\<^const_syntax>\<open>is_empty\<close>,_)) = Syntax.const \<^syntax_const>\<open>_emp\<close>
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	123	\| strip t = t;
35113 1a0c129bb2e0 modernized translations; wenzelm parents: 35101 diff changeset	124
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	125	in
35113 1a0c129bb2e0 modernized translations; wenzelm parents: 35101 diff changeset	126
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	127	fun is_empty_tr' [_] = Syntax.const \<^syntax_const>\<open>_emp\<close>
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	128	fun singl_tr' [_,p,q] = Syntax.const \<^syntax_const>\<open>_singl\<close> $ p $ q
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	129	fun star_tr' [P,Q,_] = Syntax.const \<^syntax_const>\<open>_star\<close> $ strip P $ strip Q
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	130	fun wand_tr' [P,Q,_] = Syntax.const \<^syntax_const>\<open>_wand\<close> $ strip P $ strip Q
35113 1a0c129bb2e0 modernized translations; wenzelm parents: 35101 diff changeset	131
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	132	end
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	133	\<close>
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	134
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	135	print_translation \<open>
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	136	[(\<^const_syntax>\<open>is_empty\<close>, K is_empty_tr'),
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	137	(\<^const_syntax>\<open>singl\<close>, K singl_tr'),
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	138	(\<^const_syntax>\<open>star\<close>, K star_tr'),
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 68451 diff changeset	139	(\<^const_syntax>\<open>wand\<close>, K wand_tr')]
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	140	\<close>
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	141
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	142	text\<open>Now the intermediate proof states are also readable:\<close>
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	143
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	144	lemma "VARS H x y z w
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	145	{[x\<mapsto>y] ** [z\<mapsto>w]}
13867 1fdecd15437f just a few mods to a few thms nipkow parents: 13857 diff changeset	146	y := w
13857 11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	147	{x \<noteq> z}"
11d7c5a8dbb7 * empty log message * nipkow parents: diff changeset	148	apply vcg
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	149	apply(auto simp:star_def ortho_def singl_def)
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	150	done
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	151
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	152	lemma "VARS H x y z w
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	153	{emp ** emp}
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	154	SKIP
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	155	{emp}"
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	156	apply vcg
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	157	apply(auto simp:star_def ortho_def is_empty_def)
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	158	done
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	159
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	160	text\<open>So far we have unfolded the separation logic connectives in
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	161	proofs. Here comes a simple example of a program proof that uses a law
62042 6c6ccf573479 isabelle update_cartouches -c -t; wenzelm parents: 52143 diff changeset	162	of separation logic instead.\<close>
13903 ad1c28671a93 First working version nipkow parents: 13875 diff changeset	163
67410 64d928bacddd prefer formal comments; wenzelm parents: 62042 diff changeset	164	\<comment> \<open>a law of separation logic\<close>
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	165	lemma star_comm: "P Q = Q P"
18447 da548623916a removed or modified some instances of [iff] paulson parents: 17781 diff changeset	166	by(auto simp add:star_def ortho_def dest: map_add_comm)
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	167
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	168	lemma "VARS H x y z w
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	169	{P ** Q}
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	170	SKIP
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	171	{Q ** P}"
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	172	apply vcg
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	173	apply(simp add: star_comm)
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	174	done
12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	175
14074 93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	176
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	177	lemma "VARS H
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	178	{p\<noteq>0 \<and> [p \<mapsto> x] ** List H q qs}
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	179	H := H(p \<mapsto> q)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	180	{List H p (p#qs)}"
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	181	apply vcg
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	182	apply(simp add: star_def ortho_def singl_def)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	183	apply clarify
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	184	apply(subgoal_tac "p \<notin> set qs")
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	185	prefer 2
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	186	apply(blast dest:list_in_heap)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	187	apply simp
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	188	done
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	189
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	190	lemma "VARS H p q r
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	191	{List H p Ps ** List H q Qs}
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	192	WHILE p \<noteq> 0
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	193	INV {\<exists>ps qs. (List H p ps ** List H q qs) \<and> rev ps @ qs = rev Ps @ Qs}
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	194	DO r := p; p := the(H p); H := H(r \<mapsto> q); q := r OD
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	195	{List H q (rev Ps @ Qs)}"
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	196	apply vcg
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	197	apply(simp_all add: star_def ortho_def singl_def)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	198
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 44241 diff changeset	199	apply fastforce
14074 93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	200
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	201	apply (clarsimp simp add:List_non_null)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	202	apply(rename_tac ps')
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	203	apply(rule_tac x = ps' in exI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	204	apply(rule_tac x = "p#qs" in exI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	205	apply simp
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	206	apply(rule_tac x = "h1(p:=None)" in exI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	207	apply(rule_tac x = "h2(p\<mapsto>q)" in exI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	208	apply simp
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	209	apply(rule conjI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	210	apply(rule ext)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	211	apply(simp add:map_add_def split:option.split)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	212	apply(rule conjI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	213	apply blast
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	214	apply(simp add:map_add_def split:option.split)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	215	apply(rule conjI)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	216	apply(subgoal_tac "p \<notin> set qs")
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	217	prefer 2
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	218	apply(blast dest:list_in_heap)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	219	apply(simp)
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	220	apply fast
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	221
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 44241 diff changeset	222	apply(fastforce)
14074 93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	223	done
93dfce3b6f86 * empty log message * nipkow parents: 14028 diff changeset	224
13875 12997e3ddd8d * empty log message * nipkow parents: 13867 diff changeset	225	end

author	wenzelm
	Wed, 23 Jul 2025 14:53:21 +0200
changeset 82898	89da4dcd1fa8
parent 81189	47a0dfee26ea
permissions	-rw-r--r--