|
8177
|
1 |
(* Title: HOL/IMPP/EvenOdd.ML
|
|
|
2 |
ID: $Id$
|
|
|
3 |
Author: David von Oheimb
|
|
|
4 |
Copyright 1999 TUM
|
|
|
5 |
*)
|
|
|
6 |
|
|
|
7 |
section "even";
|
|
|
8 |
|
|
|
9 |
Goalw [even_def] "even 0";
|
|
|
10 |
by (Simp_tac 1);
|
|
|
11 |
qed "even_0";
|
|
|
12 |
Addsimps [even_0];
|
|
|
13 |
|
|
|
14 |
Goalw [even_def] "even 1 = False";
|
|
|
15 |
by (Clarsimp_tac 1);
|
|
|
16 |
bd dvd_imp_le 1;
|
|
|
17 |
by Auto_tac;
|
|
|
18 |
qed "not_even_1";
|
|
|
19 |
Addsimps [not_even_1];
|
|
|
20 |
|
|
|
21 |
Goalw [even_def] "even (Suc (Suc n)) = even n";
|
|
8791
|
22 |
by (subgoal_tac "Suc (Suc n) = n+#2" 1);
|
|
8177
|
23 |
by (Simp_tac 2);
|
|
|
24 |
be ssubst 1;
|
|
|
25 |
br dvd_reduce 1;
|
|
|
26 |
qed "even_step";
|
|
|
27 |
Addsimps[even_step];
|
|
|
28 |
|
|
|
29 |
|
|
|
30 |
section "Arg, Res";
|
|
|
31 |
|
|
|
32 |
Addsimps[Arg_neq_Res,Arg_neq_Res RS not_sym];
|
|
|
33 |
Addsimps[Even_neq_Odd, Even_neq_Odd RS not_sym];
|
|
|
34 |
|
|
|
35 |
Goalw [Z_eq_Arg_plus_def] "(Z=Arg+n) Z s = (Z = s<Arg>+n)";
|
|
|
36 |
br refl 1;
|
|
|
37 |
qed "Z_eq_Arg_plus_def2";
|
|
|
38 |
|
|
|
39 |
Goalw [Res_ok_def] "Res_ok Z s = (even Z = (s<Res> = 0))";
|
|
|
40 |
br refl 1;
|
|
|
41 |
qed "Res_ok_def2";
|
|
|
42 |
|
|
|
43 |
val Arg_Res_css = (claset(),simpset()addsimps[Z_eq_Arg_plus_def2,Res_ok_def2]);
|
|
|
44 |
|
|
|
45 |
Goalw [body_def, bodies_def] "body Odd = Some odd";
|
|
|
46 |
by Auto_tac;
|
|
|
47 |
qed "body_Odd";
|
|
|
48 |
Goalw [body_def, bodies_def] "body Even = Some evn";
|
|
|
49 |
by Auto_tac;
|
|
|
50 |
qed "body_Even";
|
|
|
51 |
Addsimps[body_Odd, body_Even];
|
|
|
52 |
|
|
|
53 |
section "verification";
|
|
|
54 |
|
|
|
55 |
Goalw [odd_def] "{{Z=Arg+0}. BODY Even .{Res_ok}}|-{Z=Arg+1}. odd .{Res_ok}";
|
|
|
56 |
br hoare_derivs.If 1;
|
|
|
57 |
br (hoare_derivs.Ass RS conseq1) 1;
|
|
|
58 |
by (clarsimp_tac Arg_Res_css 1);
|
|
|
59 |
br export_s 1;
|
|
|
60 |
br (hoare_derivs.Call RS conseq1) 1;
|
|
|
61 |
by (res_inst_tac [("P","Z=Arg+2")] conseq12 1);
|
|
|
62 |
br single_asm 1;
|
|
|
63 |
by (auto_tac Arg_Res_css);
|
|
|
64 |
qed "Odd_lemma";
|
|
|
65 |
|
|
|
66 |
Goalw [evn_def] "{{Z=Arg+1}. BODY Odd .{Res_ok}}|-{Z=Arg+0}. evn .{Res_ok}";
|
|
|
67 |
br hoare_derivs.If 1;
|
|
|
68 |
br (hoare_derivs.Ass RS conseq1) 1;
|
|
|
69 |
by (clarsimp_tac Arg_Res_css 1);
|
|
|
70 |
br hoare_derivs.Comp 1;
|
|
|
71 |
br hoare_derivs.Ass 2;
|
|
|
72 |
by (Clarsimp_tac 1);
|
|
|
73 |
by (res_inst_tac [("Q","%Z s. ?P Z s & Res_ok Z s")] hoare_derivs.Comp 1);
|
|
|
74 |
br export_s 1;
|
|
|
75 |
by (res_inst_tac [("I1","%Z l. Z = l Arg & 0 < Z"),
|
|
|
76 |
("Q1","Res_ok")] (Call_invariant RS conseq12) 1);
|
|
|
77 |
br (single_asm RS conseq2) 1;
|
|
|
78 |
by (clarsimp_tac Arg_Res_css 1);
|
|
|
79 |
by (force_tac Arg_Res_css 1);
|
|
|
80 |
br export_s 1;
|
|
|
81 |
by (res_inst_tac [("I1","%Z l. even Z = (l Res = 0)"),
|
|
|
82 |
("Q1","%Z s. even Z = (s<Arg>=0)")]
|
|
|
83 |
(Call_invariant RS conseq12) 1);
|
|
|
84 |
br (single_asm RS conseq2) 1;
|
|
|
85 |
by (clarsimp_tac Arg_Res_css 1);
|
|
|
86 |
by (force_tac Arg_Res_css 1);
|
|
|
87 |
qed "Even_lemma";
|
|
|
88 |
|
|
|
89 |
|
|
|
90 |
Goal "{}|-{Z=Arg+0}. BODY Even .{Res_ok}";
|
|
|
91 |
br BodyN 1;
|
|
|
92 |
by (Simp_tac 1);
|
|
|
93 |
br (Even_lemma RS hoare_derivs.cut) 1;
|
|
|
94 |
br BodyN 1;
|
|
|
95 |
by (Simp_tac 1);
|
|
|
96 |
br (Odd_lemma RS thin) 1;
|
|
|
97 |
by (Simp_tac 1);
|
|
|
98 |
qed "Even_ok_N";
|
|
|
99 |
|
|
|
100 |
Goal "{}|-{Z=Arg+0}. BODY Even .{Res_ok}";
|
|
|
101 |
br conseq1 1;
|
|
|
102 |
by (res_inst_tac [("Procs","{Odd, Even}"), ("pn","Even"),
|
|
|
103 |
("P","%pn. Z=Arg+(if pn = Odd then 1 else 0)"),
|
|
|
104 |
("Q","%pn. Res_ok")] Body1 1);
|
|
|
105 |
by Auto_tac;
|
|
|
106 |
br hoare_derivs.insert 1;
|
|
|
107 |
br (Odd_lemma RS thin) 1;
|
|
|
108 |
by (Simp_tac 1);
|
|
|
109 |
br (Even_lemma RS thin) 1;
|
|
|
110 |
by (Simp_tac 1);
|
|
|
111 |
qed "Even_ok_S";
|