isabelle: comparison src/HOL/IMP/Hoare.ML

equal deleted inserted replaced

-:85ecd3439e01
+:03f096efa26d
 (*  Title:      HOL/IMP/Hoare.ML
 ID:         $Id$
 Author:     Tobias Nipkow
 Copyright   1995 TUM
-Soundness of Hoare rules wrt denotational semantics
+Soundness (and part of) relative completeness of Hoare rules
+wrt denotational semantics
 *)
 open Hoare;
-goalw Hoare.thy [spec_def] "!P c Q. ({{P}}c{{Q}}) --> spec P c Q";
+goalw Hoare.thy [hoare_valid_def] "!P c Q. ({{P}}c{{Q}}) --> |= {{P}}c{{Q}}";
 by (rtac hoare.mutual_induct 1);
 by(ALLGOALS Asm_simp_tac);
 by(fast_tac rel_cs 1);
 by(fast_tac HOL_cs 1);
 by (rtac allI 1);
 by(eres_inst_tac [("x","a")] allE 1);
 by (safe_tac comp_cs);
 by(ALLGOALS Asm_full_simp_tac);
 qed "hoare_sound";
-(*
+goalw Hoare.thy [swp_def] "swp Skip Q = Q";
-fun while_tac inv ss i =
+by(Simp_tac 1);
-EVERY[res_inst_tac[("P",inv)] hoare_conseq i, atac i, rtac hoare_while i,
+br ext 1;
-asm_full_simp_tac ss (i+1)];
+by(fast_tac HOL_cs 1);
+qed "swp_Skip";
-fun assign_tac ss = EVERY'[rtac hoare_assign, simp_tac ss,
+goalw Hoare.thy [swp_def] "swp (x:=a) Q = (%s.Q(s[A a s/x]))";
-TRY o (strip_tac THEN' atac)];
+by(Simp_tac 1);
+br ext 1;
+by(fast_tac HOL_cs 1);
+qed "swp_Ass";
-fun hoare_tac ss =
+goalw Hoare.thy [swp_def] "swp (c;d) Q = swp c (swp d Q)";
-REPEAT(STATE(fn th => FIRST'[rtac hoare_seq, assign_tac ss] (nprems_of th)));
+by(Simp_tac 1);
+br ext 1;
+by(fast_tac comp_cs 1);
+qed "swp_Semi";
-(* example *)
+goalw Hoare.thy [swp_def]
-val prems = goal Hoare.thy
+"swp (IF b THEN c ELSE d) Q = (%s. (B b s --> swp c Q s) & \
-"[| u ~= y; u ~= z; y ~= z |] ==> \
+\                                    (~B b s --> swp d Q s))";
-\  {{%s.s(x)=i & s(y)=j}} \
+by(Simp_tac 1);
-\  z := X x; (u := N 0; \
+br ext 1;
-\  while noti(ROp op = (X u) (X y)) \
+by(fast_tac comp_cs 1);
-\             do (u := Op1 Suc (X u); z := Op1 Suc (X z))) \
+qed "swp_If";
-\  {{%s. s(z)=i+j}}";
-val ss = !simpset addsimps (eq_sym_conv::assign_def::prems);
+goalw Hoare.thy [swp_def]
-by(hoare_tac ss);
+"!!s. B b s ==> swp (WHILE b DO c) Q s = swp (c;WHILE b DO c) Q s";
-by(while_tac "%s.s z = i + s u & s y = j" ss 3);
+by(stac C_While_If 1);
-by(hoare_tac ss);
+by(Asm_simp_tac 1);
-result();
+qed "swp_While_True";
-*)
+goalw Hoare.thy [swp_def] "!!s. ~B b s ==> swp (WHILE b DO c) Q s = Q s";
+by(stac C_While_If 1);
+by(Asm_simp_tac 1);
+by(fast_tac HOL_cs 1);
+qed "swp_While_False";
+Addsimps [swp_Skip,swp_Ass,swp_Semi,swp_If,swp_While_True,swp_While_False];
+Delsimps [C_while];
+goalw Hoare.thy [hoare_valid_def,swp_def]
+"!!c. |= {{P}}c{{Q}} ==> !s. P s --> swp c Q s";
+by(fast_tac HOL_cs 1);
+qed "swp_is_weakest";
+goal Hoare.thy "!Q. {{swp c Q}} c {{Q}}";
+by(com.induct_tac "c" 1);
+by(ALLGOALS Simp_tac);
+by(fast_tac (HOL_cs addIs [hoare.skip]) 1);
+by(fast_tac (HOL_cs addIs [hoare.ass]) 1);
+by(fast_tac (HOL_cs addIs [hoare.semi]) 1);
+by(safe_tac (HOL_cs addSIs [hoare.If]));
+br hoare.conseq 1;
+by(fast_tac HOL_cs 2);
+by(fast_tac HOL_cs 2);
+by(fast_tac HOL_cs 1);
+br hoare.conseq 1;
+by(fast_tac HOL_cs 2);
+by(fast_tac HOL_cs 2);
+by(fast_tac HOL_cs 1);
+br hoare.conseq 1;
+br hoare.While 2;
+be thin_rl 1;
+by(fast_tac HOL_cs 1);
+br hoare.conseq 1;
+be thin_rl 3;
+br allI 3;
+br impI 3;
+ba 3;
+by(fast_tac HOL_cs 2);
+by(safe_tac HOL_cs);
+by(rotate_tac ~1 1);
+by(Asm_full_simp_tac 1);
+by(rotate_tac ~1 1);
+by(Asm_full_simp_tac 1);
+bind_thm("swp_is_pre", result() RS spec);
+goal Hoare.thy "!!c. |= {{P}}c{{Q}} ==> {{P}}c{{Q}}";
+br (swp_is_pre RSN (2,hoare.conseq)) 1;
+by(fast_tac HOL_cs 2);
+be swp_is_weakest 1;
+qed "hoare_relative_complete";

changeset 1481	03f096efa26d
parent 1465	5d7a7e439cec
child 1486	7b95d7b49f7a