1 header {* \section{The Proof System} *} |
1 header {* \section{The Proof System} *} |
2 |
2 |
3 theory RG_Hoare = RG_Tran: |
3 theory RG_Hoare = RG_Tran: |
4 |
4 |
5 subsection {* Proof System for Component Programs *} |
5 subsection {* Proof System for Component Programs *} |
|
6 |
|
7 declare Un_subset_iff [iff del] |
6 |
8 |
7 constdefs |
9 constdefs |
8 stable :: "'a set \<Rightarrow> ('a \<times> 'a) set \<Rightarrow> bool" |
10 stable :: "'a set \<Rightarrow> ('a \<times> 'a) set \<Rightarrow> bool" |
9 "stable \<equiv> \<lambda>f g. (\<forall>x y. x \<in> f \<longrightarrow> (x, y) \<in> g \<longrightarrow> y \<in> f)" |
11 "stable \<equiv> \<lambda>f g. (\<forall>x y. x \<in> f \<longrightarrow> (x, y) \<in> g \<longrightarrow> y \<in> f)" |
10 |
12 |
1177 length xs=length clist; x \<in> par_cp (ParallelCom xs) s; x\<in>par_assum(pre, rely); |
1179 length xs=length clist; x \<in> par_cp (ParallelCom xs) s; x\<in>par_assum(pre, rely); |
1178 \<forall>i<length clist. clist!i\<in>cp (Some(Com(xs!i))) s; x \<propto> clist \<rbrakk> |
1180 \<forall>i<length clist. clist!i\<in>cp (Some(Com(xs!i))) s; x \<propto> clist \<rbrakk> |
1179 \<Longrightarrow> \<forall>j i. i<length clist \<and> Suc j<length x \<longrightarrow> (clist!i!j) -c\<rightarrow> (clist!i!Suc j) |
1181 \<Longrightarrow> \<forall>j i. i<length clist \<and> Suc j<length x \<longrightarrow> (clist!i!j) -c\<rightarrow> (clist!i!Suc j) |
1180 \<longrightarrow> (snd(clist!i!j), snd(clist!i!Suc j)) \<in> Guar(xs!i)" |
1182 \<longrightarrow> (snd(clist!i!j), snd(clist!i!Suc j)) \<in> Guar(xs!i)" |
1181 apply(unfold par_cp_def) |
1183 apply(unfold par_cp_def) |
|
1184 apply (rule ccontr) |
1182 --{* By contradiction: *} |
1185 --{* By contradiction: *} |
1183 apply(subgoal_tac "True") |
1186 apply (simp del: Un_subset_iff) |
1184 prefer 2 |
|
1185 apply simp |
|
1186 apply(erule_tac Q="True" in contrapos_pp) |
|
1187 apply simp |
|
1188 apply(erule exE) |
1187 apply(erule exE) |
1189 --{* the first c-tran that does not satisfy the guarantee-condition is from @{text "\<sigma>_i"} at step @{text "m"}. *} |
1188 --{* the first c-tran that does not satisfy the guarantee-condition is from @{text "\<sigma>_i"} at step @{text "m"}. *} |
1190 apply(drule_tac n=j and P="\<lambda>j. \<exists>i. ?H i j" in Ex_first_occurrence) |
1189 apply(drule_tac n=j and P="\<lambda>j. \<exists>i. ?H i j" in Ex_first_occurrence) |
1191 apply(erule exE) |
1190 apply(erule exE) |
1192 apply clarify |
1191 apply clarify |
1197 apply(simp add:com_validity_def) |
1196 apply(simp add:com_validity_def) |
1198 apply(erule_tac x=s in allE) |
1197 apply(erule_tac x=s in allE) |
1199 apply(simp add:cp_def comm_def) |
1198 apply(simp add:cp_def comm_def) |
1200 apply(drule_tac c="take (Suc (Suc m)) (clist ! i)" in subsetD) |
1199 apply(drule_tac c="take (Suc (Suc m)) (clist ! i)" in subsetD) |
1201 apply simp |
1200 apply simp |
1202 apply(erule_tac x=i in allE, erule impE, assumption,erule conjE) |
1201 apply (blast intro: takecptn_is_cptn) |
1203 apply(erule takecptn_is_cptn) |
|
1204 apply simp |
1202 apply simp |
1205 apply clarify |
1203 apply clarify |
1206 apply(erule_tac x=m and P="\<lambda>j. ?I j \<and> ?J j \<longrightarrow> ?H j" in allE) |
1204 apply(erule_tac x=m and P="\<lambda>j. ?I j \<and> ?J j \<longrightarrow> ?H j" in allE) |
1207 apply (simp add:conjoin_def same_length_def) |
1205 apply (simp add:conjoin_def same_length_def) |
1208 apply(simp add:assum_def) |
1206 apply(simp add:assum_def del: Un_subset_iff) |
1209 apply(rule conjI) |
1207 apply(rule conjI) |
1210 apply(erule_tac x=i and P="\<lambda>j. ?H j \<longrightarrow> ?I j \<in>cp (?K j) (?J j)" in allE) |
1208 apply(erule_tac x=i and P="\<lambda>j. ?H j \<longrightarrow> ?I j \<in>cp (?K j) (?J j)" in allE) |
1211 apply(simp add:cp_def par_assum_def) |
1209 apply(simp add:cp_def par_assum_def) |
1212 apply(drule_tac c="s" in subsetD,simp) |
1210 apply(drule_tac c="s" in subsetD,simp) |
1213 apply simp |
1211 apply simp |
1214 apply clarify |
1212 apply clarify |
1215 apply(erule_tac x=i and P="\<lambda>j. ?H j \<longrightarrow> ?M \<union> UNION (?S j) (?T j) \<subseteq> (?L j)" in allE) |
1213 apply(erule_tac x=i and P="\<lambda>j. ?H j \<longrightarrow> ?M \<union> UNION (?S j) (?T j) \<subseteq> (?L j)" in allE) |
1216 apply simp |
1214 apply(simp del: Un_subset_iff) |
1217 apply(erule subsetD) |
1215 apply(erule subsetD) |
1218 apply simp |
1216 apply simp |
1219 apply(simp add:conjoin_def compat_label_def) |
1217 apply(simp add:conjoin_def compat_label_def) |
1220 apply clarify |
1218 apply clarify |
1221 apply(erule_tac x=ia and P="\<lambda>j. ?H j \<longrightarrow> (?P j) \<or> ?Q j" in allE,simp) |
1219 apply(erule_tac x=ia and P="\<lambda>j. ?H j \<longrightarrow> (?P j) \<or> ?Q j" in allE,simp) |
1239 apply(erule_tac x=ib and P="\<lambda>j. (?T j) \<longrightarrow> (\<forall>i. (?H j i) \<longrightarrow> (snd (?d j i))=(snd (?e j i)))" in allE,simp) |
1237 apply(erule_tac x=ib and P="\<lambda>j. (?T j) \<longrightarrow> (\<forall>i. (?H j i) \<longrightarrow> (snd (?d j i))=(snd (?e j i)))" in allE,simp) |
1240 --{* or an e-tran in @{text "\<sigma>"}, |
1238 --{* or an e-tran in @{text "\<sigma>"}, |
1241 therefore it satisfies @{text "rely \<or> guar_{ib}"} *} |
1239 therefore it satisfies @{text "rely \<or> guar_{ib}"} *} |
1242 apply (force simp add:par_assum_def same_state_def) |
1240 apply (force simp add:par_assum_def same_state_def) |
1243 done |
1241 done |
|
1242 |
1244 |
1243 |
1245 lemma three [rule_format]: |
1244 lemma three [rule_format]: |
1246 "\<lbrakk> xs\<noteq>[]; \<forall>i<length xs. rely \<union> (\<Union>j\<in>{j. j < length xs \<and> j \<noteq> i}. Guar (xs ! j)) |
1245 "\<lbrakk> xs\<noteq>[]; \<forall>i<length xs. rely \<union> (\<Union>j\<in>{j. j < length xs \<and> j \<noteq> i}. Guar (xs ! j)) |
1247 \<subseteq> Rely (xs ! i); |
1246 \<subseteq> Rely (xs ! i); |
1248 pre \<subseteq> (\<Inter>i\<in>{i. i < length xs}. Pre (xs ! i)); |
1247 pre \<subseteq> (\<Inter>i\<in>{i. i < length xs}. Pre (xs ! i)); |
1280 \<forall>i < length xs. |
1279 \<forall>i < length xs. |
1281 \<Turnstile> Com (xs ! i) sat [Pre (xs ! i), Rely (xs ! i), Guar (xs ! i), Post (xs ! i)]; |
1280 \<Turnstile> Com (xs ! i) sat [Pre (xs ! i), Rely (xs ! i), Guar (xs ! i), Post (xs ! i)]; |
1282 x \<in> par_cp (ParallelCom xs) s; x \<in> par_assum (pre, rely); Suc i < length x; |
1281 x \<in> par_cp (ParallelCom xs) s; x \<in> par_assum (pre, rely); Suc i < length x; |
1283 x ! i -pc\<rightarrow> x ! Suc i\<rbrakk> |
1282 x ! i -pc\<rightarrow> x ! Suc i\<rbrakk> |
1284 \<Longrightarrow> (snd (x ! i), snd (x ! Suc i)) \<in> guar" |
1283 \<Longrightarrow> (snd (x ! i), snd (x ! Suc i)) \<in> guar" |
1285 apply(simp add: ParallelCom_def) |
1284 apply(simp add: ParallelCom_def del: Un_subset_iff) |
1286 apply(subgoal_tac "(map (Some \<circ> fst) xs)\<noteq>[]") |
1285 apply(subgoal_tac "(map (Some \<circ> fst) xs)\<noteq>[]") |
1287 prefer 2 |
1286 prefer 2 |
1288 apply simp |
1287 apply simp |
1289 apply(frule rev_subsetD) |
1288 apply(frule rev_subsetD) |
1290 apply(erule one [THEN equalityD1]) |
1289 apply(erule one [THEN equalityD1]) |
1291 apply(erule subsetD) |
1290 apply(erule subsetD) |
1292 apply simp |
1291 apply (simp del: Un_subset_iff) |
1293 apply clarify |
1292 apply clarify |
1294 apply(drule_tac pre=pre and rely=rely and x=x and s=s and xs=xs and clist=clist in two) |
1293 apply(drule_tac pre=pre and rely=rely and x=x and s=s and xs=xs and clist=clist in two) |
1295 apply(assumption+) |
1294 apply(assumption+) |
1296 apply(erule sym) |
1295 apply(erule sym) |
1297 apply(simp add:ParallelCom_def) |
1296 apply(simp add:ParallelCom_def) |
1330 (\<Inter>i\<in>{i. i < length xs}. Post (xs ! i)) \<subseteq> post; |
1329 (\<Inter>i\<in>{i. i < length xs}. Post (xs ! i)) \<subseteq> post; |
1331 \<forall>i < length xs. |
1330 \<forall>i < length xs. |
1332 \<Turnstile> Com (xs ! i) sat [Pre (xs ! i), Rely (xs ! i), Guar (xs ! i), Post (xs ! i)]; |
1331 \<Turnstile> Com (xs ! i) sat [Pre (xs ! i), Rely (xs ! i), Guar (xs ! i), Post (xs ! i)]; |
1333 x \<in> par_cp (ParallelCom xs) s; x \<in> par_assum (pre, rely); |
1332 x \<in> par_cp (ParallelCom xs) s; x \<in> par_assum (pre, rely); |
1334 All_None (fst (last x)) \<rbrakk> \<Longrightarrow> snd (last x) \<in> post" |
1333 All_None (fst (last x)) \<rbrakk> \<Longrightarrow> snd (last x) \<in> post" |
1335 apply(simp add: ParallelCom_def) |
1334 apply(simp add: ParallelCom_def del: Un_subset_iff) |
1336 apply(subgoal_tac "(map (Some \<circ> fst) xs)\<noteq>[]") |
1335 apply(subgoal_tac "(map (Some \<circ> fst) xs)\<noteq>[]") |
1337 prefer 2 |
1336 prefer 2 |
1338 apply simp |
1337 apply simp |
1339 apply(frule rev_subsetD) |
1338 apply(frule rev_subsetD) |
1340 apply(erule one [THEN equalityD1]) |
1339 apply(erule one [THEN equalityD1]) |
1341 apply(erule subsetD) |
1340 apply(erule subsetD) |
1342 apply simp |
1341 apply(simp del: Un_subset_iff) |
1343 apply clarify |
1342 apply clarify |
1344 apply(subgoal_tac "\<forall>i<length clist. clist!i\<in>assum(Pre(xs!i), Rely(xs!i))") |
1343 apply(subgoal_tac "\<forall>i<length clist. clist!i\<in>assum(Pre(xs!i), Rely(xs!i))") |
1345 apply(erule_tac x=i and P="\<lambda>i. ?H i \<longrightarrow> \<Turnstile> (?J i) sat [?I i,?K i,?M i,?N i]" in allE,erule impE,assumption) |
1344 apply(erule_tac x=i and P="\<lambda>i. ?H i \<longrightarrow> \<Turnstile> (?J i) sat [?I i,?K i,?M i,?N i]" in allE,erule impE,assumption) |
1346 apply(simp add:com_validity_def) |
1345 apply(simp add:com_validity_def) |
1347 apply(erule_tac x=s in allE) |
1346 apply(erule_tac x=s in allE) |