isabelle: src/HOL/SPARK/SPARK_Setup.thy@fc65e39ca170 (annotated)

41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	1	(* Title: HOL/SPARK/SPARK_Setup.thy
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	2	Author: Stefan Berghofer
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	3	Copyright: secunet Security Networks AG
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	4
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	5	Setup for SPARK/Ada verification environment.
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	6	*)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	7
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	8	theory SPARK_Setup
72766 47ffeb3448f4 tuned whitespace; wenzelm parents: 72748 diff changeset	9	imports "HOL-Library.Word"
47ffeb3448f4 tuned whitespace; wenzelm parents: 72748 diff changeset	10	keywords "spark_open_vcg" :: thy_load (spark_vcg)
47ffeb3448f4 tuned whitespace; wenzelm parents: 72748 diff changeset	11	and "spark_open" :: thy_load (spark_siv)
47ffeb3448f4 tuned whitespace; wenzelm parents: 72748 diff changeset	12	and "spark_proof_functions" "spark_types" "spark_end" :: thy_decl
47ffeb3448f4 tuned whitespace; wenzelm parents: 72748 diff changeset	13	and "spark_vc" :: thy_goal
47ffeb3448f4 tuned whitespace; wenzelm parents: 72748 diff changeset	14	and "spark_status" :: diag
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	15	begin
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	16
69605 a96320074298 isabelle update -u path_cartouches; wenzelm parents: 66453 diff changeset	17	ML_file \<open>Tools/fdl_lexer.ML\<close>
a96320074298 isabelle update -u path_cartouches; wenzelm parents: 66453 diff changeset	18	ML_file \<open>Tools/fdl_parser.ML\<close>
48891 c0eafbd55de3 prefer ML_file over old uses; wenzelm parents: 46950 diff changeset	19
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	20	text \<open>
41635 f938a6022d2e Replaced smod by standard mod operator to reflect actual behaviour berghofe parents: 41561 diff changeset	21	SPARK version of div, see section 4.4.1.1 of SPARK Proof Manual
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	22	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	23
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	24	definition sdiv :: "int \<Rightarrow> int \<Rightarrow> int" (infixl "sdiv" 70) where
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	25	"a sdiv b = sgn a * sgn b * (\<bar>a\<bar> div \<bar>b\<bar>)"
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	26
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	27	lemma sdiv_minus_dividend: "- a sdiv b = - (a sdiv b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	28	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	29
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	30	lemma sdiv_minus_divisor: "a sdiv - b = - (a sdiv b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	31	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	32
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	33	text \<open>
41635 f938a6022d2e Replaced smod by standard mod operator to reflect actual behaviour berghofe parents: 41561 diff changeset	34	Correspondence between HOL's and SPARK's version of div
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	35	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	36
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	37	lemma sdiv_pos_pos: "0 \<le> a \<Longrightarrow> 0 \<le> b \<Longrightarrow> a sdiv b = a div b"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	38	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	39
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	40	lemma sdiv_pos_neg: "0 \<le> a \<Longrightarrow> b < 0 \<Longrightarrow> a sdiv b = - (a div - b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	41	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	42
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	43	lemma sdiv_neg_pos: "a < 0 \<Longrightarrow> 0 \<le> b \<Longrightarrow> a sdiv b = - (- a div b)"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	44	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	45
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	46	lemma sdiv_neg_neg: "a < 0 \<Longrightarrow> b < 0 \<Longrightarrow> a sdiv b = - a div - b"
41637 55a45051b220 Tuned definition of sdiv. berghofe parents: 41635 diff changeset	47	by (simp add: sdiv_def sgn_if)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	48
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	49
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	50	text \<open>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	51	Updating a function at a set of points. Useful for building arrays.
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	52	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	53
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	54	definition fun_upds :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a set \<Rightarrow> 'b \<Rightarrow> 'a \<Rightarrow> 'b" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	55	"fun_upds f xs y z = (if z \<in> xs then y else f z)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	56
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	57	syntax
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	58	"_updsbind" :: "['a, 'a] => updbind" ("(2_ [:=]/ _)")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	59
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	60	translations
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	61	"f(xs[:=]y)" == "CONST fun_upds f xs y"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	62
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	63	lemma fun_upds_in [simp]: "z \<in> xs \<Longrightarrow> (f(xs [:=] y)) z = y"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	64	by (simp add: fun_upds_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	65
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	66	lemma fun_upds_notin [simp]: "z \<notin> xs \<Longrightarrow> (f(xs [:=] y)) z = f z"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	67	by (simp add: fun_upds_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	68
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	69	lemma upds_singleton [simp]: "f({x} [:=] y) = f(x := y)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	70	by (simp add: fun_eq_iff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	71
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	72
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	73	text \<open>Enumeration types\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	74
42416 a8a9f4d79196 - renamed enum type class to spark_enum, to avoid confusion with berghofe parents: 41637 diff changeset	75	class spark_enum = ord + finite +
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	76	fixes pos :: "'a \<Rightarrow> int"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	77	assumes range_pos: "range pos = {0..<int (card (UNIV::'a set))}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	78	and less_pos: "(x < y) = (pos x < pos y)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	79	and less_eq_pos: "(x \<le> y) = (pos x \<le> pos y)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	80	begin
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	81
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	82	definition "val = inv pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	83
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	84	definition "succ x = val (pos x + 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	85
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	86	definition "pred x = val (pos x - 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	87
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	88	lemma inj_pos: "inj pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	89	using finite_UNIV
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	90	by (rule eq_card_imp_inj_on) (simp add: range_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	91
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	92	lemma val_pos: "val (pos x) = x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	93	unfolding val_def using inj_pos
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	94	by (rule inv_f_f)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	95
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	96	lemma pos_val: "z \<in> range pos \<Longrightarrow> pos (val z) = z"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	97	unfolding val_def
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	98	by (rule f_inv_into_f)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	99
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	100	subclass linorder
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	101	proof
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	102	fix x::'a and y show "(x < y) = (x \<le> y \<and> \<not> y \<le> x)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	103	by (simp add: less_pos less_eq_pos less_le_not_le)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	104	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	105	fix x::'a show "x \<le> x" by (simp add: less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	106	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	107	fix x::'a and y z assume "x \<le> y" and "y \<le> z"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	108	then show "x \<le> z" by (simp add: less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	109	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	110	fix x::'a and y assume "x \<le> y" and "y \<le> x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	111	with inj_pos show "x = y"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	112	by (auto dest: injD simp add: less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	113	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	114	fix x::'a and y show "x \<le> y \<or> y \<le> x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	115	by (simp add: less_eq_pos linear)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	116	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	117
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	118	definition "first_el = val 0"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	119
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	120	definition "last_el = val (int (card (UNIV::'a set)) - 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	121
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	122	lemma first_el_smallest: "first_el \<le> x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	123	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	124	have "pos x \<in> range pos" by (rule rangeI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	125	then have "pos (val 0) \<le> pos x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	126	by (simp add: range_pos pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	127	then show ?thesis by (simp add: first_el_def less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	128	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	129
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	130	lemma last_el_greatest: "x \<le> last_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	131	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	132	have "pos x \<in> range pos" by (rule rangeI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	133	then have "pos x \<le> pos (val (int (card (UNIV::'a set)) - 1))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	134	by (simp add: range_pos pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	135	then show ?thesis by (simp add: last_el_def less_eq_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	136	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	137
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	138	lemma pos_succ:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	139	assumes "x \<noteq> last_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	140	shows "pos (succ x) = pos x + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	141	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	142	have "x \<le> last_el" by (rule last_el_greatest)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	143	with assms have "x < last_el" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	144	then have "pos x < pos last_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	145	by (simp add: less_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	146	with rangeI [of pos x]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	147	have "pos x + 1 \<in> range pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	148	by (simp add: range_pos last_el_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	149	then show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	150	by (simp add: succ_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	151	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	152
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	153	lemma pos_pred:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	154	assumes "x \<noteq> first_el"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	155	shows "pos (pred x) = pos x - 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	156	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	157	have "first_el \<le> x" by (rule first_el_smallest)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	158	with assms have "first_el < x" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	159	then have "pos first_el < pos x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	160	by (simp add: less_pos)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	161	with rangeI [of pos x]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	162	have "pos x - 1 \<in> range pos"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	163	by (simp add: range_pos first_el_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	164	then show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	165	by (simp add: pred_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	166	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	167
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	168	lemma succ_val: "x \<in> range pos \<Longrightarrow> succ (val x) = val (x + 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	169	by (simp add: succ_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	170
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	171	lemma pred_val: "x \<in> range pos \<Longrightarrow> pred (val x) = val (x - 1)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	172	by (simp add: pred_def pos_val)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	173
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	174	end
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	175
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	176	lemma interval_expand:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	177	"x < y \<Longrightarrow> (z::int) \<in> {x..<y} = (z = x \<or> z \<in> {x+1..<y})"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	178	by auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	179
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	180
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 56798 diff changeset	181	text \<open>Load the package\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	182
69605 a96320074298 isabelle update -u path_cartouches; wenzelm parents: 66453 diff changeset	183	ML_file \<open>Tools/spark_vcs.ML\<close>
a96320074298 isabelle update -u path_cartouches; wenzelm parents: 66453 diff changeset	184	ML_file \<open>Tools/spark_commands.ML\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	185
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	186	end

author	wenzelm
	Fri, 15 Oct 2021 01:44:52 +0200
changeset 74519	fc65e39ca170
parent 72766	47ffeb3448f4
child 80768	c7723cc15de8
permissions	-rw-r--r--