10 |
10 |
11 (*** Hoare rules ***) |
11 (*** Hoare rules ***) |
12 |
12 |
13 val SkipRule = prove_goalw thy [Spec_def,Skip_def] |
13 val SkipRule = prove_goalw thy [Spec_def,Skip_def] |
14 "(!!s.p(s) ==> q(s)) ==> Spec p Skip q" |
14 "(!!s.p(s) ==> q(s)) ==> Spec p Skip q" |
15 (fn prems => [fast_tac (HOL_cs addIs prems) 1]); |
15 (fn prems => [fast_tac (!claset addIs prems) 1]); |
16 |
16 |
17 val AssignRule = prove_goalw thy [Spec_def,Assign_def] |
17 val AssignRule = prove_goalw thy [Spec_def,Assign_def] |
18 "(!!s. p s ==> q(%x.if x=v then e s else s x)) ==> Spec p (Assign v e) q" |
18 "(!!s. p s ==> q(%x.if x=v then e s else s x)) ==> Spec p (Assign v e) q" |
19 (fn prems => [fast_tac (HOL_cs addIs prems) 1]); |
19 (fn prems => [fast_tac (!claset addIs prems) 1]); |
20 |
20 |
21 val SeqRule = prove_goalw thy [Spec_def,Seq_def] |
21 val SeqRule = prove_goalw thy [Spec_def,Seq_def] |
22 "[| Spec p c (%s.q s); Spec (%s.q s) c' r |] ==> Spec p (Seq c c') r" |
22 "[| Spec p c (%s.q s); Spec (%s.q s) c' r |] ==> Spec p (Seq c c') r" |
23 (fn prems => [cut_facts_tac prems 1, fast_tac HOL_cs 1]); |
23 (fn prems => [cut_facts_tac prems 1, Fast_tac 1]); |
24 |
24 |
25 val IfRule = prove_goalw thy [Spec_def,Cond_def] |
25 val IfRule = prove_goalw thy [Spec_def,Cond_def] |
26 "[| !!s. p s ==> (b s --> q s) & (~b s --> q' s); \ |
26 "[| !!s. p s ==> (b s --> q s) & (~b s --> q' s); \ |
27 \ Spec (%s.q s) c r; Spec (%s.q' s) c' r |] \ |
27 \ Spec (%s.q s) c r; Spec (%s.q' s) c' r |] \ |
28 \ ==> Spec p (Cond b c c') r" |
28 \ ==> Spec p (Cond b c c') r" |
29 (fn [prem1,prem2,prem3] => |
29 (fn [prem1,prem2,prem3] => |
30 [REPEAT (rtac allI 1), |
30 [REPEAT (rtac allI 1), |
31 REPEAT (rtac impI 1), |
31 REPEAT (rtac impI 1), |
32 dtac prem1 1, |
32 dtac prem1 1, |
33 cut_facts_tac [prem2,prem3] 1, |
33 cut_facts_tac [prem2,prem3] 1, |
34 fast_tac (HOL_cs addIs [prem1]) 1]); |
34 fast_tac (!claset addIs [prem1]) 1]); |
35 |
35 |
36 val strenthen_pre = prove_goalw thy [Spec_def] |
36 val strenthen_pre = prove_goalw thy [Spec_def] |
37 "[| !!s. p s ==> p' s; Spec p' c q |] ==> Spec p c q" |
37 "[| !!s. p s ==> p' s; Spec p' c q |] ==> Spec p c q" |
38 (fn [prem1,prem2] =>[cut_facts_tac [prem2] 1, |
38 (fn [prem1,prem2] =>[cut_facts_tac [prem2] 1, |
39 fast_tac (HOL_cs addIs [prem1]) 1]); |
39 fast_tac (!claset addIs [prem1]) 1]); |
40 |
40 |
41 val [iter_0,iter_Suc] = nat_recs Iter_def; |
41 val [iter_0,iter_Suc] = nat_recs Iter_def; |
42 |
42 |
43 val lemma = prove_goalw thy [Spec_def,While_def] |
43 val lemma = prove_goalw thy [Spec_def,While_def] |
44 "[| Spec (%s.inv s & b s) c inv; !!s. [| inv s; ~b s |] ==> q s |] \ |
44 "[| Spec (%s.inv s & b s) c inv; !!s. [| inv s; ~b s |] ==> q s |] \ |
46 (fn [prem1,prem2] => |
46 (fn [prem1,prem2] => |
47 [REPEAT(rtac allI 1), rtac impI 1, etac exE 1, rtac mp 1, atac 2, |
47 [REPEAT(rtac allI 1), rtac impI 1, etac exE 1, rtac mp 1, atac 2, |
48 etac thin_rl 1, res_inst_tac[("x","s")]spec 1, |
48 etac thin_rl 1, res_inst_tac[("x","s")]spec 1, |
49 res_inst_tac[("x","s'")]spec 1, nat_ind_tac "n" 1, |
49 res_inst_tac[("x","s'")]spec 1, nat_ind_tac "n" 1, |
50 simp_tac (!simpset addsimps [iter_0]) 1, |
50 simp_tac (!simpset addsimps [iter_0]) 1, |
51 fast_tac (HOL_cs addIs [prem2]) 1, |
51 fast_tac (!claset addIs [prem2]) 1, |
52 simp_tac (!simpset addsimps [iter_Suc,Seq_def]) 1, |
52 simp_tac (!simpset addsimps [iter_Suc,Seq_def]) 1, |
53 cut_facts_tac [prem1] 1, fast_tac (HOL_cs addIs [prem2]) 1]); |
53 cut_facts_tac [prem1] 1, fast_tac (!claset addIs [prem2]) 1]); |
54 |
54 |
55 val WhileRule = lemma RSN (2,strenthen_pre); |
55 val WhileRule = lemma RSN (2,strenthen_pre); |
56 |
56 |
57 |
57 |
58 (*** meta_spec used in StateElimTac ***) |
58 (*** meta_spec used in StateElimTac ***) |