isabelle: src/HOL/HoareParallel/OG_Hoare.thy@fd3e3d6b37b2 (annotated)

13020 791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	1
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	2	header {* \section{The Proof System} *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	3
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	4	theory OG_Hoare = OG_Tran:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	5
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	6	consts assertions :: "'a ann_com \<Rightarrow> ('a assn) set"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	7	primrec
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	8	"assertions (AnnBasic r f) = {r}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	9	"assertions (AnnSeq c1 c2) = assertions c1 \<union> assertions c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	10	"assertions (AnnCond1 r b c1 c2) = {r} \<union> assertions c1 \<union> assertions c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	11	"assertions (AnnCond2 r b c) = {r} \<union> assertions c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	12	"assertions (AnnWhile r b i c) = {r, i} \<union> assertions c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	13	"assertions (AnnAwait r b c) = {r}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	14
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	15	consts atomics :: "'a ann_com \<Rightarrow> ('a assn \<times> 'a com) set"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	16	primrec
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	17	"atomics (AnnBasic r f) = {(r, Basic f)}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	18	"atomics (AnnSeq c1 c2) = atomics c1 \<union> atomics c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	19	"atomics (AnnCond1 r b c1 c2) = atomics c1 \<union> atomics c2"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	20	"atomics (AnnCond2 r b c) = atomics c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	21	"atomics (AnnWhile r b i c) = atomics c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	22	"atomics (AnnAwait r b c) = {(r \<inter> b, c)}"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	23
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	24	consts com :: "'a ann_triple_op \<Rightarrow> 'a ann_com_op"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	25	primrec "com (c, q) = c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	26
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	27	consts post :: "'a ann_triple_op \<Rightarrow> 'a assn"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	28	primrec "post (c, q) = q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	29
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	30	constdefs interfree_aux :: "('a ann_com_op \<times> 'a assn \<times> 'a ann_com_op) \<Rightarrow> bool"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	31	"interfree_aux \<equiv> \<lambda>(co, q, co'). co'= None \<or>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	32	(\<forall>(r,a) \<in> atomics (the co'). \<parallel>= (q \<inter> r) a q \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	33	(co = None \<or> (\<forall>p \<in> assertions (the co). \<parallel>= (p \<inter> r) a p)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	34
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	35	constdefs interfree :: "(('a ann_triple_op) list) \<Rightarrow> bool"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	36	"interfree Ts \<equiv> \<forall>i j. i < length Ts \<and> j < length Ts \<and> i \<noteq> j \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	37	interfree_aux (com (Ts!i), post (Ts!i), com (Ts!j)) "
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	38
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	39	consts ann_hoare :: "('a ann_com \<times> 'a assn) set"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	40	syntax "_ann_hoare" :: "'a ann_com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(2\<turnstile> _// _)" [60,90] 45)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	41	translations "\<turnstile> c q" \<rightleftharpoons> "(c, q) \<in> ann_hoare"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	42
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	43	consts oghoare :: "('a assn \<times> 'a com \<times> 'a assn) set"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	44	syntax "_oghoare" :: "'a assn \<Rightarrow> 'a com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(3\<parallel>- _//_//_)" [90,55,90] 50)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	45	translations "\<parallel>- p c q" \<rightleftharpoons> "(p, c, q) \<in> oghoare"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	46
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	47	inductive oghoare ann_hoare
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	48	intros
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	49	AnnBasic: "r \<subseteq> {s. f s \<in> q} \<Longrightarrow> \<turnstile> (AnnBasic r f) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	50
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	51	AnnSeq: "\<lbrakk> \<turnstile> c0 pre c1; \<turnstile> c1 q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnSeq c0 c1) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	52
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	53	AnnCond1: "\<lbrakk> r \<inter> b \<subseteq> pre c1; \<turnstile> c1 q; r \<inter> -b \<subseteq> pre c2; \<turnstile> c2 q\<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	54	\<Longrightarrow> \<turnstile> (AnnCond1 r b c1 c2) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	55	AnnCond2: "\<lbrakk> r \<inter> b \<subseteq> pre c; \<turnstile> c q; r \<inter> -b \<subseteq> q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnCond2 r b c) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	56
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	57	AnnWhile: "\<lbrakk> r \<subseteq> i; i \<inter> b \<subseteq> pre c; \<turnstile> c i; i \<inter> -b \<subseteq> q \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	58	\<Longrightarrow> \<turnstile> (AnnWhile r b i c) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	59
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	60	AnnAwait: "\<lbrakk> atom_com c; \<parallel>- (r \<inter> b) c q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnAwait r b c) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	61
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	62	AnnConseq: "\<lbrakk>\<turnstile> c q; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<turnstile> c q'"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	63
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	64
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	65	Parallel: "\<lbrakk> \<forall>i<length Ts. \<exists>c q. Ts!i = (Some c, q) \<and> \<turnstile> c q; interfree Ts \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	66	\<Longrightarrow> \<parallel>- (\<Inter>i\<in>{i. i<length Ts}. pre(the(com(Ts!i))))
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	67	Parallel Ts
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	68	(\<Inter>i\<in>{i. i<length Ts}. post(Ts!i))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	69
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	70	Basic: "\<parallel>- {s. f s \<in>q} (Basic f) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	71
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	72	Seq: "\<lbrakk> \<parallel>- p c1 r; \<parallel>- r c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Seq c1 c2) q "
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	73
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	74	Cond: "\<lbrakk> \<parallel>- (p \<inter> b) c1 q; \<parallel>- (p \<inter> -b) c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Cond b c1 c2) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	75
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	76	While: "\<lbrakk> \<parallel>- (p \<inter> b) c p \<rbrakk> \<Longrightarrow> \<parallel>- p (While b i c) (p \<inter> -b)"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	77
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	78	Conseq: "\<lbrakk> p' \<subseteq> p; \<parallel>- p c q ; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<parallel>- p' c q'"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	79
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	80	section {* Soundness *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	81	(* In the version Isabelle-10-Sep-1999: HOL: The THEN and ELSE
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	82	parts of conditional expressions (if P then x else y) are no longer
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	83	simplified. (This allows the simplifier to unfold recursive
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	84	functional programs.) To restore the old behaviour, we declare
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	85	@{text "lemmas [cong del] = if_weak_cong"}. *)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	86
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	87	lemmas [cong del] = if_weak_cong
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	88
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	89	lemmas ann_hoare_induct = oghoare_ann_hoare.induct [THEN conjunct2]
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	90	lemmas oghoare_induct = oghoare_ann_hoare.induct [THEN conjunct1]
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	91
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	92	lemmas AnnBasic = oghoare_ann_hoare.AnnBasic
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	93	lemmas AnnSeq = oghoare_ann_hoare.AnnSeq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	94	lemmas AnnCond1 = oghoare_ann_hoare.AnnCond1
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	95	lemmas AnnCond2 = oghoare_ann_hoare.AnnCond2
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	96	lemmas AnnWhile = oghoare_ann_hoare.AnnWhile
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	97	lemmas AnnAwait = oghoare_ann_hoare.AnnAwait
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	98	lemmas AnnConseq = oghoare_ann_hoare.AnnConseq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	99
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	100	lemmas Parallel = oghoare_ann_hoare.Parallel
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	101	lemmas Basic = oghoare_ann_hoare.Basic
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	102	lemmas Seq = oghoare_ann_hoare.Seq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	103	lemmas Cond = oghoare_ann_hoare.Cond
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	104	lemmas While = oghoare_ann_hoare.While
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	105	lemmas Conseq = oghoare_ann_hoare.Conseq
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	106
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	107	subsection {* Soundness of the System for Atomic Programs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	108
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	109	lemma Basic_ntran [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	110	"(Basic f, s) -Pn\<rightarrow> (Parallel Ts, t) \<longrightarrow> All_None Ts \<longrightarrow> t = f s"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	111	apply(induct "n")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	112	apply(simp (no_asm))
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	113	apply(fast dest: rel_pow_Suc_D2 Parallel_empty_lemma elim: transition_cases)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	114	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	115
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	116	lemma SEM_fwhile: "SEM S (p \<inter> b) \<subseteq> p \<Longrightarrow> SEM (fwhile b S k) p \<subseteq> (p \<inter> -b)"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	117	apply (induct "k")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	118	apply(simp (no_asm) add: L3_5v_lemma3)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	119	apply(simp (no_asm) add: L3_5iv L3_5ii Parallel_empty)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	120	apply(rule Un_least)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	121	apply(rule subset_trans)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	122	prefer 2 apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	123	apply(erule L3_5i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	124	apply(simp add: SEM_def sem_def id_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	125	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	126	apply(drule rtrancl_imp_UN_rel_pow)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	127	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	128	apply(drule Basic_ntran)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	129	apply fast+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	130	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	131
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	132	lemma atom_hoare_sound [rule_format (no_asm)]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	133	" \<parallel>- p c q \<longrightarrow> atom_com(c) \<longrightarrow> \<parallel>= p c q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	134	apply (unfold com_validity_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	135	apply(rule oghoare_induct)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	136	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	137	--{Basic}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	138	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	139	apply(fast dest: rtrancl_imp_UN_rel_pow Basic_ntran)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	140	--{* Seq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	141	apply(rule impI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	142	apply(rule subset_trans)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	143	prefer 2 apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	144	apply(simp add: L3_5ii L3_5i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	145	--{* Cond *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	146	apply(rule impI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	147	apply(simp add: L3_5iv)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	148	apply(erule Un_least)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	149	apply assumption
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	150	--{* While *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	151	apply(rule impI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	152	apply(simp add: L3_5v)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	153	apply(rule UN_least)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	154	apply(drule SEM_fwhile)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	155	apply assumption
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	156	--{* Conseq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	157	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	158	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	159	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	160
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	161	subsection {* Soundness of the System for Component Programs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	162
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	163	inductive_cases ann_transition_cases:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	164	"(None,s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	165	"(Some (AnnBasic r f),s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	166	"(Some (AnnSeq c1 c2), s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	167	"(Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	168	"(Some (AnnCond2 r b c), s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	169	"(Some (AnnWhile r b I c), s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	170	"(Some (AnnAwait r b c),s) -1\<rightarrow> t"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	171
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	172	text {* Strong Soundness for Component Programs:*}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	173
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	174	lemma ann_hoare_case_analysis [rule_format]: "\<turnstile> C q' \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	175	((\<forall>r f. C = AnnBasic r f \<longrightarrow> (\<exists>q. r \<subseteq> {s. f s \<in> q} \<and> q \<subseteq> q')) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	176	(\<forall>c0 c1. C = AnnSeq c0 c1 \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and> \<turnstile> c0 pre c1 \<and> \<turnstile> c1 q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	177	(\<forall>r b c1 c2. C = AnnCond1 r b c1 c2 \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	178	r \<inter> b \<subseteq> pre c1 \<and> \<turnstile> c1 q \<and> r \<inter> -b \<subseteq> pre c2 \<and> \<turnstile> c2 q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	179	(\<forall>r b c. C = AnnCond2 r b c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	180	(\<exists>q. q \<subseteq> q' \<and> r \<inter> b \<subseteq> pre c \<and> \<turnstile> c q \<and> r \<inter> -b \<subseteq> q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	181	(\<forall>r i b c. C = AnnWhile r b i c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	182	(\<exists>q. q \<subseteq> q' \<and> r \<subseteq> i \<and> i \<inter> b \<subseteq> pre c \<and> \<turnstile> c i \<and> i \<inter> -b \<subseteq> q)) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	183	(\<forall>r b c. C = AnnAwait r b c \<longrightarrow> (\<exists>q. q \<subseteq> q' \<and> \<parallel>- (r \<inter> b) c q)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	184	apply(rule ann_hoare_induct)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	185	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	186	apply(rule_tac x=q in exI,simp)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	187	apply(rule conjI,clarify,simp,clarify,rule_tac x=qa in exI,fast)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	188	apply(clarify,simp,clarify,rule_tac x=qa in exI,fast)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	189	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	190
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	191	lemma Help: "(transition \<inter> {(v,v,u). True}) = (transition)"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	192	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	193	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	194
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	195	lemma Strong_Soundness_aux_aux [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	196	"(co, s) -1\<rightarrow> (co', t) \<longrightarrow> (\<forall>c. co = Some c \<longrightarrow> s\<in> pre c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	197	(\<forall>q. \<turnstile> c q \<longrightarrow> (if co' = None then t\<in>q else t \<in> pre(the co') \<and> \<turnstile> (the co') q )))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	198	apply(rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	199	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	200	--{* Basic *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	201	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	202	apply(frule ann_hoare_case_analysis)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	203	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	204	--{* Seq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	205	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	206	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	207	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	208	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	209	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	210	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	211	apply(rule conjI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	212	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	213	apply(rule AnnSeq,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	214	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	215	--{* Cond1 *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	216	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	217	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	218	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	219	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	220	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	221	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	222	--{* Cond2 *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	223	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	224	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	225	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	226	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	227	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	228	apply(fast intro: AnnConseq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	229	--{* While *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	230	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	231	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	232	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	233	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	234	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	235	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	236	apply(rule AnnSeq)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	237	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	238	apply(rule AnnWhile)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	239	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	240	apply(fast)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	241	--{* Await *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	242	apply(frule ann_hoare_case_analysis,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	243	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	244	apply(drule atom_hoare_sound)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	245	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	246	apply(simp add: com_validity_def SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	247	apply(simp add: Help All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	248	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	249	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	250
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	251	lemma Strong_Soundness_aux: "\<lbrakk> (Some c, s) -*\<rightarrow> (co, t); s \<in> pre c; \<turnstile> c q \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	252	\<Longrightarrow> if co = None then t \<in> q else t \<in> pre (the co) \<and> \<turnstile> (the co) q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	253	apply(erule rtrancl_induct2)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	254	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	255	apply(case_tac "a")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	256	apply(fast elim: ann_transition_cases)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	257	apply(erule Strong_Soundness_aux_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	258	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	259	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	260	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	261
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	262	lemma Strong_Soundness: "\<lbrakk> (Some c, s)-*\<rightarrow>(co, t); s \<in> pre c; \<turnstile> c q \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	263	\<Longrightarrow> if co = None then t\<in>q else t \<in> pre (the co)"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	264	apply(force dest:Strong_Soundness_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	265	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	266
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	267	lemma ann_hoare_sound: "\<turnstile> c q \<Longrightarrow> \<Turnstile> c q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	268	apply (unfold ann_com_validity_def ann_SEM_def ann_sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	269	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	270	apply(drule Strong_Soundness)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	271	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	272	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	273
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	274	subsection {* Soundness of the System for Parallel Programs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	275
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	276	lemma Parallel_length_post_P1: "(Parallel Ts,s) -P1\<rightarrow> (R', t) \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	277	(\<exists>Rs. R' = (Parallel Rs) \<and> (length Rs) = (length Ts) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	278	(\<forall>i. i<length Ts \<longrightarrow> post(Rs ! i) = post(Ts ! i)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	279	apply(erule transition_cases)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	280	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	281	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	282	apply(case_tac "i=ia")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	283	apply simp+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	284	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	285
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	286	lemma Parallel_length_post_PStar: "(Parallel Ts,s) -P*\<rightarrow> (R',t) \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	287	(\<exists>Rs. R' = (Parallel Rs) \<and> (length Rs) = (length Ts) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	288	(\<forall>i. i<length Ts \<longrightarrow> post(Ts ! i) = post(Rs ! i)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	289	apply(erule rtrancl_induct2)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	290	apply(simp_all)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	291	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	292	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	293	apply(drule Parallel_length_post_P1)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	294	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	295	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	296
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	297	lemma assertions_lemma: "pre c \<in> assertions c"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	298	apply(rule ann_com_com.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	299	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	300	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	301
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	302	lemma interfree_aux1 [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	303	"(c,s) -1\<rightarrow> (r,t) \<longrightarrow> (interfree_aux(c1, q1, c) \<longrightarrow> interfree_aux(c1, q1, r))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	304	apply (rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	305	apply(safe)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	306	prefer 13
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	307	apply (rule TrueI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	308	apply (simp_all add:interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	309	apply force+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	310	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	311
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	312	lemma interfree_aux2 [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	313	"(c,s) -1\<rightarrow> (r,t) \<longrightarrow> (interfree_aux(c, q, a) \<longrightarrow> interfree_aux(r, q, a) )"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	314	apply (rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	315	apply(force simp add:interfree_aux_def)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	316	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	317
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	318	lemma interfree_lemma: "\<lbrakk> (Some c, s) -1\<rightarrow> (r, t);interfree Ts ; i<length Ts;
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	319	Ts!i = (Some c, q) \<rbrakk> \<Longrightarrow> interfree (Ts[i:= (r, q)])"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	320	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	321	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	322	apply(case_tac "i=j")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	323	apply(drule_tac t = "ia" in not_sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	324	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	325	apply(force elim: interfree_aux1)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	326	apply(force elim: interfree_aux2 simp add:nth_list_update)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	327	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	328
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	329	text {* Strong Soundness Theorem for Parallel Programs:*}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	330
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	331	lemma Parallel_Strong_Soundness_Seq_aux:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	332	"\<lbrakk>interfree Ts; i<length Ts; com(Ts ! i) = Some(AnnSeq c0 c1) \<rbrakk>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	333	\<Longrightarrow> interfree (Ts[i:=(Some c0, pre c1)])"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	334	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	335	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	336	apply(case_tac "i=j")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	337	apply(force simp add: nth_list_update interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	338	apply(case_tac "i=ia")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	339	apply(erule_tac x=ia in allE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	340	apply(force simp add:interfree_aux_def assertions_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	341	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	342	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	343
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	344	lemma Parallel_Strong_Soundness_Seq [rule_format (no_asm)]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	345	"\<lbrakk> \<forall>i<length Ts. (if com(Ts!i) = None then b \<in> post(Ts!i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	346	else b \<in> pre(the(com(Ts!i))) \<and> \<turnstile> the(com(Ts!i)) post(Ts!i));
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	347	com(Ts ! i) = Some(AnnSeq c0 c1); i<length Ts; interfree Ts \<rbrakk> \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	348	(\<forall>ia<length Ts. (if com(Ts[i:=(Some c0, pre c1)]! ia) = None
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	349	then b \<in> post(Ts[i:=(Some c0, pre c1)]! ia)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	350	else b \<in> pre(the(com(Ts[i:=(Some c0, pre c1)]! ia))) \<and>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	351	\<turnstile> the(com(Ts[i:=(Some c0, pre c1)]! ia)) post(Ts[i:=(Some c0, pre c1)]! ia)))
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	352	\<and> interfree (Ts[i:= (Some c0, pre c1)])"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	353	apply(rule conjI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	354	apply safe
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	355	apply(case_tac "i=ia")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	356	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	357	apply(force dest: ann_hoare_case_analysis)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	358	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	359	apply(fast elim: Parallel_Strong_Soundness_Seq_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	360	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	361
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	362	lemma Parallel_Strong_Soundness_aux_aux [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	363	"(Some c, b) -1\<rightarrow> (co, t) \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	364	(\<forall>Ts. i<length Ts \<longrightarrow> com(Ts ! i) = Some c \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	365	(\<forall>i<length Ts. (if com(Ts ! i) = None then b\<in>post(Ts!i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	366	else b\<in>pre(the(com(Ts!i))) \<and> \<turnstile> the(com(Ts!i)) post(Ts!i))) \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	367	interfree Ts \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	368	(\<forall>j. j<length Ts \<and> i\<noteq>j \<longrightarrow> (if com(Ts!j) = None then t\<in>post(Ts!j)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	369	else t\<in>pre(the(com(Ts!j))) \<and> \<turnstile> the(com(Ts!j)) post(Ts!j))) )"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	370	apply(rule ann_transition_transition.induct [THEN conjunct1])
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	371	apply safe
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	372	prefer 11
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	373	apply(rule TrueI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	374	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	375	--{* Basic *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	376	apply(erule_tac x = "i" in all_dupE, erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	377	apply(erule_tac x = "j" in allE , erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	378	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	379	apply(erule_tac x = "j" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	380	apply(erule_tac x = "i" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	381	apply(drule_tac t = "i" in not_sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	382	apply(case_tac "com(Ts ! j)=None")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	383	apply(force intro: converse_rtrancl_into_rtrancl
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	384	simp add: interfree_aux_def com_validity_def SEM_def sem_def All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	385	apply(simp add:interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	386	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	387	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	388	apply(erule_tac x="pre y" in ballE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	389	apply(force intro: converse_rtrancl_into_rtrancl
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	390	simp add: com_validity_def SEM_def sem_def All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	391	apply(simp add:assertions_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	392	--{* Seqs *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	393	apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	394	apply(drule Parallel_Strong_Soundness_Seq,simp+)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	395	apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	396	apply(drule Parallel_Strong_Soundness_Seq,simp+)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	397	--{* Await *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	398	apply(rule_tac x = "i" in allE , assumption , erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	399	apply(erule_tac x = "j" in allE , erule (1) notE impE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	400	apply(simp add: interfree_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	401	apply(erule_tac x = "j" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	402	apply(erule_tac x = "i" in allE,simp)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	403	apply(drule_tac t = "i" in not_sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	404	apply(case_tac "com(Ts ! j)=None")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	405	apply(force intro: converse_rtrancl_into_rtrancl simp add: interfree_aux_def
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	406	com_validity_def SEM_def sem_def All_None_def Help)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	407	apply(simp add:interfree_aux_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	408	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	409	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	410	apply(erule_tac x="pre y" in ballE)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	411	apply(force intro: converse_rtrancl_into_rtrancl
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	412	simp add: com_validity_def SEM_def sem_def All_None_def Help)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	413	apply(simp add:assertions_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	414	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	415
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	416	lemma Parallel_Strong_Soundness_aux [rule_format]:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	417	"\<lbrakk>(Ts',s) -P*\<rightarrow> (Rs',t); Ts' = (Parallel Ts); interfree Ts;
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	418	\<forall>i. i<length Ts \<longrightarrow> (\<exists>c q. (Ts ! i) = (Some c, q) \<and> s\<in>(pre c) \<and> \<turnstile> c q ) \<rbrakk> \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	419	\<forall>Rs. Rs' = (Parallel Rs) \<longrightarrow> (\<forall>j. j<length Rs \<longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	420	(if com(Rs ! j) = None then t\<in>post(Ts ! j)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	421	else t\<in>pre(the(com(Rs ! j))) \<and> \<turnstile> the(com(Rs ! j)) post(Ts ! j))) \<and> interfree Rs"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	422	apply(erule rtrancl_induct2)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	423	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	424	--{* Base *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	425	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	426	--{* Induction step *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	427	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	428	apply(drule Parallel_length_post_PStar)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	429	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	430	apply (ind_cases "(Parallel Ts, s) -P1\<rightarrow> (Parallel Rs, t)")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	431	apply(rule conjI)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	432	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	433	apply(case_tac "i=j")
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	434	apply(simp split del:split_if)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	435	apply(erule Strong_Soundness_aux_aux,simp+)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	436	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	437	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	438	apply(simp split del: split_if)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	439	apply(erule Parallel_Strong_Soundness_aux_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	440	apply(simp_all add: split del:split_if)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	441	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	442	apply(rule interfree_lemma)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	443	apply simp_all
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	444	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	445
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	446	lemma Parallel_Strong_Soundness:
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	447	"\<lbrakk>(Parallel Ts, s) -P*\<rightarrow> (Parallel Rs, t); interfree Ts; j<length Rs;
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	448	\<forall>i. i<length Ts \<longrightarrow> (\<exists>c q. Ts ! i = (Some c, q) \<and> s\<in>pre c \<and> \<turnstile> c q) \<rbrakk> \<Longrightarrow>
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	449	if com(Rs ! j) = None then t\<in>post(Ts ! j) else t\<in>pre (the(com(Rs ! j)))"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	450	apply(drule Parallel_Strong_Soundness_aux)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	451	apply simp+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	452	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	453
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	454	lemma oghoare_sound [rule_format (no_asm)]: "\<parallel>- p c q \<longrightarrow> \<parallel>= p c q"
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	455	apply (unfold com_validity_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	456	apply(rule oghoare_induct)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	457	apply(rule TrueI)+
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	458	--{* Parallel *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	459	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	460	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	461	apply(frule Parallel_length_post_PStar)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	462	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	463	apply(drule_tac j=i in Parallel_Strong_Soundness)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	464	apply clarify
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	465	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	466	apply force
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	467	apply simp
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	468	apply(erule_tac V = "\<forall>i. ?P i" in thin_rl)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	469	apply(drule_tac s = "length Rs" in sym)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	470	apply(erule allE, erule impE, assumption)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	471	apply(force dest: nth_mem simp add: All_None_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	472	--{* Basic *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	473	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	474	apply(force dest: rtrancl_imp_UN_rel_pow Basic_ntran)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	475	--{* Seq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	476	apply(rule subset_trans)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	477	prefer 2 apply assumption
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	478	apply(simp add: L3_5ii L3_5i)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	479	--{* Cond *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	480	apply(simp add: L3_5iv)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	481	apply(erule Un_least)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	482	apply assumption
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	483	--{* While *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	484	apply(simp add: L3_5v)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	485	apply(rule UN_least)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	486	apply(drule SEM_fwhile)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	487	apply assumption
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	488	--{* Conseq *}
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	489	apply(simp add: SEM_def sem_def)
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	490	apply auto
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	491	done
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	492
791e3b4c4039 HoareParallel Theories prensani parents: diff changeset	493	end

author	berghofe
	Mon, 30 Sep 2002 16:14:02 +0200
changeset 13601	fd3e3d6b37b2
parent 13020	791e3b4c4039
child 14398	c5c47703f763
permissions	-rw-r--r--