1 (* Title: HOLCF/ex/hoare.ML |
1 (* Title: HOLCF/ex/hoare.ML |
2 ID: $Id$ |
2 ID: $Id$ |
3 Author: Franz Regensburger |
3 Author: Franz Regensburger |
4 Copyright 1993 Technische Universitaet Muenchen |
4 Copyright 1993 Technische Universitaet Muenchen |
5 *) |
5 *) |
6 |
6 |
7 open Hoare; |
7 open Hoare; |
8 |
8 |
9 (* --------- pure HOLCF logic, some little lemmas ------ *) |
9 (* --------- pure HOLCF logic, some little lemmas ------ *) |
10 |
10 |
11 val hoare_lemma2 = prove_goal HOLCF.thy "b~=TT ==> b=FF | b=UU" |
11 val hoare_lemma2 = prove_goal HOLCF.thy "b~=TT ==> b=FF | b=UU" |
12 (fn prems => |
12 (fn prems => |
13 [ |
13 [ |
14 (cut_facts_tac prems 1), |
14 (cut_facts_tac prems 1), |
15 (rtac (Exh_tr RS disjE) 1), |
15 (rtac (Exh_tr RS disjE) 1), |
16 (fast_tac HOL_cs 1), |
16 (fast_tac HOL_cs 1), |
17 (etac disjE 1), |
17 (etac disjE 1), |
18 (contr_tac 1), |
18 (contr_tac 1), |
19 (fast_tac HOL_cs 1) |
19 (fast_tac HOL_cs 1) |
20 ]); |
20 ]); |
21 |
21 |
22 val hoare_lemma3 = prove_goal HOLCF.thy |
22 val hoare_lemma3 = prove_goal HOLCF.thy |
23 " (!k.b1`(iterate k g x) = TT) | (? k. b1`(iterate k g x)~=TT)" |
23 " (!k.b1`(iterate k g x) = TT) | (? k. b1`(iterate k g x)~=TT)" |
24 (fn prems => |
24 (fn prems => |
25 [ |
25 [ |
26 (fast_tac HOL_cs 1) |
26 (fast_tac HOL_cs 1) |
27 ]); |
27 ]); |
28 |
28 |
29 val hoare_lemma4 = prove_goal HOLCF.thy |
29 val hoare_lemma4 = prove_goal HOLCF.thy |
30 "(? k. b1`(iterate k g x) ~= TT) ==> \ |
30 "(? k. b1`(iterate k g x) ~= TT) ==> \ |
31 \ ? k. b1`(iterate k g x) = FF | b1`(iterate k g x) = UU" |
31 \ ? k. b1`(iterate k g x) = FF | b1`(iterate k g x) = UU" |
32 (fn prems => |
32 (fn prems => |
33 [ |
33 [ |
34 (cut_facts_tac prems 1), |
34 (cut_facts_tac prems 1), |
35 (etac exE 1), |
35 (etac exE 1), |
36 (rtac exI 1), |
36 (rtac exI 1), |
37 (rtac hoare_lemma2 1), |
37 (rtac hoare_lemma2 1), |
38 (atac 1) |
38 (atac 1) |
39 ]); |
39 ]); |
40 |
40 |
41 val hoare_lemma5 = prove_goal HOLCF.thy |
41 val hoare_lemma5 = prove_goal HOLCF.thy |
42 "[|(? k. b1`(iterate k g x) ~= TT);\ |
42 "[|(? k. b1`(iterate k g x) ~= TT);\ |
43 \ k=theleast(%n. b1`(iterate n g x) ~= TT)|] ==> \ |
43 \ k=theleast(%n. b1`(iterate n g x) ~= TT)|] ==> \ |
44 \ b1`(iterate k g x)=FF | b1`(iterate k g x)=UU" |
44 \ b1`(iterate k g x)=FF | b1`(iterate k g x)=UU" |
45 (fn prems => |
45 (fn prems => |
46 [ |
46 [ |
47 (cut_facts_tac prems 1), |
47 (cut_facts_tac prems 1), |
48 (hyp_subst_tac 1), |
48 (hyp_subst_tac 1), |
49 (rtac hoare_lemma2 1), |
49 (rtac hoare_lemma2 1), |
50 (etac exE 1), |
50 (etac exE 1), |
51 (etac theleast1 1) |
51 (etac theleast1 1) |
52 ]); |
52 ]); |
53 |
53 |
54 val hoare_lemma6 = prove_goal HOLCF.thy "b=UU ==> b~=TT" |
54 val hoare_lemma6 = prove_goal HOLCF.thy "b=UU ==> b~=TT" |
55 (fn prems => |
55 (fn prems => |
56 [ |
56 [ |
57 (cut_facts_tac prems 1), |
57 (cut_facts_tac prems 1), |
58 (hyp_subst_tac 1), |
58 (hyp_subst_tac 1), |
59 (resolve_tac dist_eq_tr 1) |
59 (resolve_tac dist_eq_tr 1) |
60 ]); |
60 ]); |
61 |
61 |
62 val hoare_lemma7 = prove_goal HOLCF.thy "b=FF ==> b~=TT" |
62 val hoare_lemma7 = prove_goal HOLCF.thy "b=FF ==> b~=TT" |
63 (fn prems => |
63 (fn prems => |
64 [ |
64 [ |
65 (cut_facts_tac prems 1), |
65 (cut_facts_tac prems 1), |
66 (hyp_subst_tac 1), |
66 (hyp_subst_tac 1), |
67 (resolve_tac dist_eq_tr 1) |
67 (resolve_tac dist_eq_tr 1) |
68 ]); |
68 ]); |
69 |
69 |
70 val hoare_lemma8 = prove_goal HOLCF.thy |
70 val hoare_lemma8 = prove_goal HOLCF.thy |
71 "[|(? k. b1`(iterate k g x) ~= TT);\ |
71 "[|(? k. b1`(iterate k g x) ~= TT);\ |
72 \ k=theleast(%n. b1`(iterate n g x) ~= TT)|] ==> \ |
72 \ k=theleast(%n. b1`(iterate n g x) ~= TT)|] ==> \ |
73 \ !m. m < k --> b1`(iterate m g x)=TT" |
73 \ !m. m < k --> b1`(iterate m g x)=TT" |
74 (fn prems => |
74 (fn prems => |
75 [ |
75 [ |
76 (cut_facts_tac prems 1), |
76 (cut_facts_tac prems 1), |
77 (hyp_subst_tac 1), |
77 (hyp_subst_tac 1), |
78 (etac exE 1), |
78 (etac exE 1), |
79 (strip_tac 1), |
79 (strip_tac 1), |
80 (res_inst_tac [("p","b1`(iterate m g x)")] trE 1), |
80 (res_inst_tac [("p","b1`(iterate m g x)")] trE 1), |
81 (atac 2), |
81 (atac 2), |
82 (rtac (le_less_trans RS less_anti_refl) 1), |
82 (rtac (le_less_trans RS less_anti_refl) 1), |
83 (atac 2), |
83 (atac 2), |
84 (rtac theleast2 1), |
84 (rtac theleast2 1), |
85 (etac hoare_lemma6 1), |
85 (etac hoare_lemma6 1), |
86 (rtac (le_less_trans RS less_anti_refl) 1), |
86 (rtac (le_less_trans RS less_anti_refl) 1), |
87 (atac 2), |
87 (atac 2), |
88 (rtac theleast2 1), |
88 (rtac theleast2 1), |
89 (etac hoare_lemma7 1) |
89 (etac hoare_lemma7 1) |
90 ]); |
90 ]); |
91 |
91 |
92 |
92 |
93 val hoare_lemma28 = prove_goal HOLCF.thy |
93 val hoare_lemma28 = prove_goal HOLCF.thy |
94 "b1`(y::'a)=(UU::tr) ==> b1`UU = UU" |
94 "b1`(y::'a)=(UU::tr) ==> b1`UU = UU" |
95 (fn prems => |
95 (fn prems => |
96 [ |
96 [ |
97 (cut_facts_tac prems 1), |
97 (cut_facts_tac prems 1), |
98 (etac (flat_tr RS flat_codom RS disjE) 1), |
98 (etac (flat_tr RS flat_codom RS disjE) 1), |
99 (atac 1), |
99 (atac 1), |
100 (etac spec 1) |
100 (etac spec 1) |
101 ]); |
101 ]); |
102 |
102 |
103 |
103 |
104 (* ----- access to definitions ----- *) |
104 (* ----- access to definitions ----- *) |
105 |
105 |
106 val p_def2 = prove_goalw Hoare.thy [p_def] |
106 val p_def2 = prove_goalw Hoare.thy [p_def] |
107 "p = fix`(LAM f x. If b1`x then f`(g`x) else x fi)" |
107 "p = fix`(LAM f x. If b1`x then f`(g`x) else x fi)" |
108 (fn prems => |
108 (fn prems => |
109 [ |
109 [ |
110 (rtac refl 1) |
110 (rtac refl 1) |
111 ]); |
111 ]); |
112 |
112 |
113 val q_def2 = prove_goalw Hoare.thy [q_def] |
113 val q_def2 = prove_goalw Hoare.thy [q_def] |
114 "q = fix`(LAM f x. If b1`x orelse b2`x then \ |
114 "q = fix`(LAM f x. If b1`x orelse b2`x then \ |
115 \ f`(g`x) else x fi)" |
115 \ f`(g`x) else x fi)" |
116 (fn prems => |
116 (fn prems => |
117 [ |
117 [ |
118 (rtac refl 1) |
118 (rtac refl 1) |
119 ]); |
119 ]); |
120 |
120 |
121 |
121 |
122 val p_def3 = prove_goal Hoare.thy |
122 val p_def3 = prove_goal Hoare.thy |
123 "p`x = If b1`x then p`(g`x) else x fi" |
123 "p`x = If b1`x then p`(g`x) else x fi" |
124 (fn prems => |
124 (fn prems => |
125 [ |
125 [ |
126 (fix_tac3 p_def 1), |
126 (fix_tac3 p_def 1), |
127 (Simp_tac 1) |
127 (Simp_tac 1) |
128 ]); |
128 ]); |
129 |
129 |
130 val q_def3 = prove_goal Hoare.thy |
130 val q_def3 = prove_goal Hoare.thy |
131 "q`x = If b1`x orelse b2`x then q`(g`x) else x fi" |
131 "q`x = If b1`x orelse b2`x then q`(g`x) else x fi" |
132 (fn prems => |
132 (fn prems => |
133 [ |
133 [ |
134 (fix_tac3 q_def 1), |
134 (fix_tac3 q_def 1), |
135 (Simp_tac 1) |
135 (Simp_tac 1) |
136 ]); |
136 ]); |
137 |
137 |
138 (** --------- proves about iterations of p and q ---------- **) |
138 (** --------- proves about iterations of p and q ---------- **) |
139 |
139 |
140 val hoare_lemma9 = prove_goal Hoare.thy |
140 val hoare_lemma9 = prove_goal Hoare.thy |
141 "(! m. m< Suc k --> b1`(iterate m g x)=TT) -->\ |
141 "(! m. m< Suc k --> b1`(iterate m g x)=TT) -->\ |
142 \ p`(iterate k g x)=p`x" |
142 \ p`(iterate k g x)=p`x" |
143 (fn prems => |
143 (fn prems => |
144 [ |
144 [ |
145 (nat_ind_tac "k" 1), |
145 (nat_ind_tac "k" 1), |
146 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
146 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
147 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
147 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
148 (strip_tac 1), |
148 (strip_tac 1), |
149 (res_inst_tac [("s","p`(iterate k1 g x)")] trans 1), |
149 (res_inst_tac [("s","p`(iterate k1 g x)")] trans 1), |
150 (rtac trans 1), |
150 (rtac trans 1), |
151 (rtac (p_def3 RS sym) 2), |
151 (rtac (p_def3 RS sym) 2), |
152 (res_inst_tac [("s","TT"),("t","b1`(iterate k1 g x)")] ssubst 1), |
152 (res_inst_tac [("s","TT"),("t","b1`(iterate k1 g x)")] ssubst 1), |
153 (rtac mp 1), |
153 (rtac mp 1), |
154 (etac spec 1), |
154 (etac spec 1), |
155 (Simp_tac 1), |
155 (Simp_tac 1), |
156 (simp_tac HOLCF_ss 1), |
156 (simp_tac HOLCF_ss 1), |
157 (etac mp 1), |
157 (etac mp 1), |
158 (strip_tac 1), |
158 (strip_tac 1), |
159 (rtac mp 1), |
159 (rtac mp 1), |
160 (etac spec 1), |
160 (etac spec 1), |
161 (etac less_trans 1), |
161 (etac less_trans 1), |
162 (Simp_tac 1) |
162 (Simp_tac 1) |
163 ]); |
163 ]); |
164 trace_simp := false; |
164 trace_simp := false; |
165 val hoare_lemma24 = prove_goal Hoare.thy |
165 val hoare_lemma24 = prove_goal Hoare.thy |
166 "(! m. m< Suc k --> b1`(iterate m g x)=TT) --> \ |
166 "(! m. m< Suc k --> b1`(iterate m g x)=TT) --> \ |
167 \ q`(iterate k g x)=q`x" |
167 \ q`(iterate k g x)=q`x" |
168 (fn prems => |
168 (fn prems => |
169 [ |
169 [ |
170 (nat_ind_tac "k" 1), |
170 (nat_ind_tac "k" 1), |
171 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
171 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
172 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
172 (simp_tac (!simpset delsimps [less_Suc_eq]) 1), |
173 (strip_tac 1), |
173 (strip_tac 1), |
174 (res_inst_tac [("s","q`(iterate k1 g x)")] trans 1), |
174 (res_inst_tac [("s","q`(iterate k1 g x)")] trans 1), |
175 (rtac trans 1), |
175 (rtac trans 1), |
176 (rtac (q_def3 RS sym) 2), |
176 (rtac (q_def3 RS sym) 2), |
177 (res_inst_tac [("s","TT"),("t","b1`(iterate k1 g x)")] ssubst 1), |
177 (res_inst_tac [("s","TT"),("t","b1`(iterate k1 g x)")] ssubst 1), |
178 (rtac mp 1), |
178 (rtac mp 1), |
179 (etac spec 1), |
179 (etac spec 1), |
180 (Simp_tac 1), |
180 (Simp_tac 1), |
181 (simp_tac HOLCF_ss 1), |
181 (simp_tac HOLCF_ss 1), |
182 (etac mp 1), |
182 (etac mp 1), |
183 (strip_tac 1), |
183 (strip_tac 1), |
184 (rtac mp 1), |
184 (rtac mp 1), |
185 (etac spec 1), |
185 (etac spec 1), |
186 (etac less_trans 1), |
186 (etac less_trans 1), |
187 (Simp_tac 1) |
187 (Simp_tac 1) |
188 ]); |
188 ]); |
189 |
189 |
190 (* -------- results about p for case (? k. b1`(iterate k g x)~=TT) ------- *) |
190 (* -------- results about p for case (? k. b1`(iterate k g x)~=TT) ------- *) |
191 |
191 |
192 |
192 |
193 val hoare_lemma10 = (hoare_lemma8 RS (hoare_lemma9 RS mp)); |
193 val hoare_lemma10 = (hoare_lemma8 RS (hoare_lemma9 RS mp)); |
201 val hoare_lemma11 = prove_goal Hoare.thy |
201 val hoare_lemma11 = prove_goal Hoare.thy |
202 "(? n.b1`(iterate n g x) ~= TT) ==>\ |
202 "(? n.b1`(iterate n g x) ~= TT) ==>\ |
203 \ k=theleast(%n.b1`(iterate n g x) ~= TT) & b1`(iterate k g x)=FF \ |
203 \ k=theleast(%n.b1`(iterate n g x) ~= TT) & b1`(iterate k g x)=FF \ |
204 \ --> p`x = iterate k g x" |
204 \ --> p`x = iterate k g x" |
205 (fn prems => |
205 (fn prems => |
206 [ |
206 [ |
207 (cut_facts_tac prems 1), |
207 (cut_facts_tac prems 1), |
208 (res_inst_tac [("n","k")] natE 1), |
208 (res_inst_tac [("n","k")] natE 1), |
209 (hyp_subst_tac 1), |
209 (hyp_subst_tac 1), |
210 (Simp_tac 1), |
210 (Simp_tac 1), |
211 (strip_tac 1), |
211 (strip_tac 1), |
212 (etac conjE 1), |
212 (etac conjE 1), |
213 (rtac trans 1), |
213 (rtac trans 1), |
214 (rtac p_def3 1), |
214 (rtac p_def3 1), |
215 (asm_simp_tac HOLCF_ss 1), |
215 (asm_simp_tac HOLCF_ss 1), |
216 (eres_inst_tac |
216 (eres_inst_tac |
217 [("s","0"),("t","theleast(%n. b1`(iterate n g x) ~= TT)")] subst 1), |
217 [("s","0"),("t","theleast(%n. b1`(iterate n g x) ~= TT)")] subst 1), |
218 (Simp_tac 1), |
218 (Simp_tac 1), |
219 (hyp_subst_tac 1), |
219 (hyp_subst_tac 1), |
220 (strip_tac 1), |
220 (strip_tac 1), |
221 (etac conjE 1), |
221 (etac conjE 1), |
222 (rtac trans 1), |
222 (rtac trans 1), |
223 (etac (hoare_lemma10 RS sym) 1), |
223 (etac (hoare_lemma10 RS sym) 1), |
224 (atac 1), |
224 (atac 1), |
225 (rtac trans 1), |
225 (rtac trans 1), |
226 (rtac p_def3 1), |
226 (rtac p_def3 1), |
227 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
227 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
228 (rtac (hoare_lemma8 RS spec RS mp) 1), |
228 (rtac (hoare_lemma8 RS spec RS mp) 1), |
229 (atac 1), |
229 (atac 1), |
230 (atac 1), |
230 (atac 1), |
231 (Simp_tac 1), |
231 (Simp_tac 1), |
232 (simp_tac HOLCF_ss 1), |
232 (simp_tac HOLCF_ss 1), |
233 (rtac trans 1), |
233 (rtac trans 1), |
234 (rtac p_def3 1), |
234 (rtac p_def3 1), |
235 (simp_tac (!simpset delsimps [iterate_Suc] |
235 (simp_tac (!simpset delsimps [iterate_Suc] |
236 addsimps [iterate_Suc RS sym]) 1), |
236 addsimps [iterate_Suc RS sym]) 1), |
237 (eres_inst_tac [("s","FF")] ssubst 1), |
237 (eres_inst_tac [("s","FF")] ssubst 1), |
238 (simp_tac HOLCF_ss 1) |
238 (simp_tac HOLCF_ss 1) |
239 ]); |
239 ]); |
240 |
240 |
241 val hoare_lemma12 = prove_goal Hoare.thy |
241 val hoare_lemma12 = prove_goal Hoare.thy |
242 "(? n. b1`(iterate n g x) ~= TT) ==>\ |
242 "(? n. b1`(iterate n g x) ~= TT) ==>\ |
243 \ k=theleast(%n. b1`(iterate n g x)~=TT) & b1`(iterate k g x)=UU \ |
243 \ k=theleast(%n. b1`(iterate n g x)~=TT) & b1`(iterate k g x)=UU \ |
244 \ --> p`x = UU" |
244 \ --> p`x = UU" |
245 (fn prems => |
245 (fn prems => |
246 [ |
246 [ |
247 (cut_facts_tac prems 1), |
247 (cut_facts_tac prems 1), |
248 (res_inst_tac [("n","k")] natE 1), |
248 (res_inst_tac [("n","k")] natE 1), |
249 (hyp_subst_tac 1), |
249 (hyp_subst_tac 1), |
250 (Simp_tac 1), |
250 (Simp_tac 1), |
251 (strip_tac 1), |
251 (strip_tac 1), |
252 (etac conjE 1), |
252 (etac conjE 1), |
253 (rtac trans 1), |
253 (rtac trans 1), |
254 (rtac p_def3 1), |
254 (rtac p_def3 1), |
255 (asm_simp_tac HOLCF_ss 1), |
255 (asm_simp_tac HOLCF_ss 1), |
256 (hyp_subst_tac 1), |
256 (hyp_subst_tac 1), |
257 (Simp_tac 1), |
257 (Simp_tac 1), |
258 (strip_tac 1), |
258 (strip_tac 1), |
259 (etac conjE 1), |
259 (etac conjE 1), |
260 (rtac trans 1), |
260 (rtac trans 1), |
261 (rtac (hoare_lemma10 RS sym) 1), |
261 (rtac (hoare_lemma10 RS sym) 1), |
262 (atac 1), |
262 (atac 1), |
263 (atac 1), |
263 (atac 1), |
264 (rtac trans 1), |
264 (rtac trans 1), |
265 (rtac p_def3 1), |
265 (rtac p_def3 1), |
266 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
266 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
267 (rtac (hoare_lemma8 RS spec RS mp) 1), |
267 (rtac (hoare_lemma8 RS spec RS mp) 1), |
268 (atac 1), |
268 (atac 1), |
269 (atac 1), |
269 (atac 1), |
270 (Simp_tac 1), |
270 (Simp_tac 1), |
271 (asm_simp_tac HOLCF_ss 1), |
271 (asm_simp_tac HOLCF_ss 1), |
272 (rtac trans 1), |
272 (rtac trans 1), |
273 (rtac p_def3 1), |
273 (rtac p_def3 1), |
274 (asm_simp_tac HOLCF_ss 1) |
274 (asm_simp_tac HOLCF_ss 1) |
275 ]); |
275 ]); |
276 |
276 |
277 (* -------- results about p for case (! k. b1`(iterate k g x)=TT) ------- *) |
277 (* -------- results about p for case (! k. b1`(iterate k g x)=TT) ------- *) |
278 |
278 |
279 val fernpass_lemma = prove_goal Hoare.thy |
279 val fernpass_lemma = prove_goal Hoare.thy |
280 "(! k. b1`(iterate k g x)=TT) ==> !k.p`(iterate k g x) = UU" |
280 "(! k. b1`(iterate k g x)=TT) ==> !k.p`(iterate k g x) = UU" |
281 (fn prems => |
281 (fn prems => |
282 [ |
282 [ |
283 (cut_facts_tac prems 1), |
283 (cut_facts_tac prems 1), |
284 (rtac (p_def2 RS ssubst) 1), |
284 (rtac (p_def2 RS ssubst) 1), |
285 (rtac fix_ind 1), |
285 (rtac fix_ind 1), |
286 (rtac adm_all 1), |
286 (rtac adm_all 1), |
287 (rtac allI 1), |
287 (rtac allI 1), |
288 (rtac adm_eq 1), |
288 (rtac adm_eq 1), |
289 (cont_tacR 1), |
289 (cont_tacR 1), |
290 (rtac allI 1), |
290 (rtac allI 1), |
291 (rtac (strict_fapp1 RS ssubst) 1), |
291 (rtac (strict_fapp1 RS ssubst) 1), |
292 (rtac refl 1), |
292 (rtac refl 1), |
293 (Simp_tac 1), |
293 (Simp_tac 1), |
294 (rtac allI 1), |
294 (rtac allI 1), |
295 (res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1), |
295 (res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1), |
296 (etac spec 1), |
296 (etac spec 1), |
297 (asm_simp_tac HOLCF_ss 1), |
297 (asm_simp_tac HOLCF_ss 1), |
298 (rtac (iterate_Suc RS subst) 1), |
298 (rtac (iterate_Suc RS subst) 1), |
299 (etac spec 1) |
299 (etac spec 1) |
300 ]); |
300 ]); |
301 |
301 |
302 val hoare_lemma16 = prove_goal Hoare.thy |
302 val hoare_lemma16 = prove_goal Hoare.thy |
303 "(! k. b1`(iterate k g x)=TT) ==> p`x = UU" |
303 "(! k. b1`(iterate k g x)=TT) ==> p`x = UU" |
304 (fn prems => |
304 (fn prems => |
305 [ |
305 [ |
306 (cut_facts_tac prems 1), |
306 (cut_facts_tac prems 1), |
307 (res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1), |
307 (res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1), |
308 (etac (fernpass_lemma RS spec) 1) |
308 (etac (fernpass_lemma RS spec) 1) |
309 ]); |
309 ]); |
310 |
310 |
311 (* -------- results about q for case (! k. b1`(iterate k g x)=TT) ------- *) |
311 (* -------- results about q for case (! k. b1`(iterate k g x)=TT) ------- *) |
312 |
312 |
313 val hoare_lemma17 = prove_goal Hoare.thy |
313 val hoare_lemma17 = prove_goal Hoare.thy |
314 "(! k. b1`(iterate k g x)=TT) ==> !k.q`(iterate k g x) = UU" |
314 "(! k. b1`(iterate k g x)=TT) ==> !k.q`(iterate k g x) = UU" |
315 (fn prems => |
315 (fn prems => |
316 [ |
316 [ |
317 (cut_facts_tac prems 1), |
317 (cut_facts_tac prems 1), |
318 (rtac (q_def2 RS ssubst) 1), |
318 (rtac (q_def2 RS ssubst) 1), |
319 (rtac fix_ind 1), |
319 (rtac fix_ind 1), |
320 (rtac adm_all 1), |
320 (rtac adm_all 1), |
321 (rtac allI 1), |
321 (rtac allI 1), |
322 (rtac adm_eq 1), |
322 (rtac adm_eq 1), |
323 (cont_tacR 1), |
323 (cont_tacR 1), |
324 (rtac allI 1), |
324 (rtac allI 1), |
325 (rtac (strict_fapp1 RS ssubst) 1), |
325 (rtac (strict_fapp1 RS ssubst) 1), |
326 (rtac refl 1), |
326 (rtac refl 1), |
327 (rtac allI 1), |
327 (rtac allI 1), |
328 (Simp_tac 1), |
328 (Simp_tac 1), |
329 (res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1), |
329 (res_inst_tac [("s","TT"),("t","b1`(iterate k g x)")] ssubst 1), |
330 (etac spec 1), |
330 (etac spec 1), |
331 (asm_simp_tac HOLCF_ss 1), |
331 (asm_simp_tac HOLCF_ss 1), |
332 (rtac (iterate_Suc RS subst) 1), |
332 (rtac (iterate_Suc RS subst) 1), |
333 (etac spec 1) |
333 (etac spec 1) |
334 ]); |
334 ]); |
335 |
335 |
336 val hoare_lemma18 = prove_goal Hoare.thy |
336 val hoare_lemma18 = prove_goal Hoare.thy |
337 "(! k. b1`(iterate k g x)=TT) ==> q`x = UU" |
337 "(! k. b1`(iterate k g x)=TT) ==> q`x = UU" |
338 (fn prems => |
338 (fn prems => |
339 [ |
339 [ |
340 (cut_facts_tac prems 1), |
340 (cut_facts_tac prems 1), |
341 (res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1), |
341 (res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1), |
342 (etac (hoare_lemma17 RS spec) 1) |
342 (etac (hoare_lemma17 RS spec) 1) |
343 ]); |
343 ]); |
344 |
344 |
345 val hoare_lemma19 = prove_goal Hoare.thy |
345 val hoare_lemma19 = prove_goal Hoare.thy |
346 "(!k. (b1::'a->tr)`(iterate k g x)=TT) ==> b1`(UU::'a) = UU | (!y.b1`(y::'a)=TT)" |
346 "(!k. (b1::'a->tr)`(iterate k g x)=TT) ==> b1`(UU::'a) = UU | (!y.b1`(y::'a)=TT)" |
347 (fn prems => |
347 (fn prems => |
348 [ |
348 [ |
349 (cut_facts_tac prems 1), |
349 (cut_facts_tac prems 1), |
350 (rtac (flat_tr RS flat_codom) 1), |
350 (rtac (flat_tr RS flat_codom) 1), |
351 (res_inst_tac [("t","x1")] (iterate_0 RS subst) 1), |
351 (res_inst_tac [("t","x1")] (iterate_0 RS subst) 1), |
352 (etac spec 1) |
352 (etac spec 1) |
353 ]); |
353 ]); |
354 |
354 |
355 val hoare_lemma20 = prove_goal Hoare.thy |
355 val hoare_lemma20 = prove_goal Hoare.thy |
356 "(! y. b1`(y::'a)=TT) ==> !k.q`(iterate k g (x::'a)) = UU" |
356 "(! y. b1`(y::'a)=TT) ==> !k.q`(iterate k g (x::'a)) = UU" |
357 (fn prems => |
357 (fn prems => |
358 [ |
358 [ |
359 (cut_facts_tac prems 1), |
359 (cut_facts_tac prems 1), |
360 (rtac (q_def2 RS ssubst) 1), |
360 (rtac (q_def2 RS ssubst) 1), |
361 (rtac fix_ind 1), |
361 (rtac fix_ind 1), |
362 (rtac adm_all 1), |
362 (rtac adm_all 1), |
363 (rtac allI 1), |
363 (rtac allI 1), |
364 (rtac adm_eq 1), |
364 (rtac adm_eq 1), |
365 (cont_tacR 1), |
365 (cont_tacR 1), |
366 (rtac allI 1), |
366 (rtac allI 1), |
367 (rtac (strict_fapp1 RS ssubst) 1), |
367 (rtac (strict_fapp1 RS ssubst) 1), |
368 (rtac refl 1), |
368 (rtac refl 1), |
369 (rtac allI 1), |
369 (rtac allI 1), |
370 (Simp_tac 1), |
370 (Simp_tac 1), |
371 (res_inst_tac [("s","TT"),("t","b1`(iterate k g (x::'a))")] ssubst 1), |
371 (res_inst_tac [("s","TT"),("t","b1`(iterate k g (x::'a))")] ssubst 1), |
372 (etac spec 1), |
372 (etac spec 1), |
373 (asm_simp_tac HOLCF_ss 1), |
373 (asm_simp_tac HOLCF_ss 1), |
374 (rtac (iterate_Suc RS subst) 1), |
374 (rtac (iterate_Suc RS subst) 1), |
375 (etac spec 1) |
375 (etac spec 1) |
376 ]); |
376 ]); |
377 |
377 |
378 val hoare_lemma21 = prove_goal Hoare.thy |
378 val hoare_lemma21 = prove_goal Hoare.thy |
379 "(! y. b1`(y::'a)=TT) ==> q`(x::'a) = UU" |
379 "(! y. b1`(y::'a)=TT) ==> q`(x::'a) = UU" |
380 (fn prems => |
380 (fn prems => |
381 [ |
381 [ |
382 (cut_facts_tac prems 1), |
382 (cut_facts_tac prems 1), |
383 (res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1), |
383 (res_inst_tac [("F1","g"),("t","x")] (iterate_0 RS subst) 1), |
384 (etac (hoare_lemma20 RS spec) 1) |
384 (etac (hoare_lemma20 RS spec) 1) |
385 ]); |
385 ]); |
386 |
386 |
387 val hoare_lemma22 = prove_goal Hoare.thy |
387 val hoare_lemma22 = prove_goal Hoare.thy |
388 "b1`(UU::'a)=UU ==> q`(UU::'a) = UU" |
388 "b1`(UU::'a)=UU ==> q`(UU::'a) = UU" |
389 (fn prems => |
389 (fn prems => |
390 [ |
390 [ |
391 (cut_facts_tac prems 1), |
391 (cut_facts_tac prems 1), |
392 (rtac (q_def3 RS ssubst) 1), |
392 (rtac (q_def3 RS ssubst) 1), |
393 (asm_simp_tac HOLCF_ss 1) |
393 (asm_simp_tac HOLCF_ss 1) |
394 ]); |
394 ]); |
395 |
395 |
396 (* -------- results about q for case (? k. b1`(iterate k g x) ~= TT) ------- *) |
396 (* -------- results about q for case (? k. b1`(iterate k g x) ~= TT) ------- *) |
397 |
397 |
398 val hoare_lemma25 = (hoare_lemma8 RS (hoare_lemma24 RS mp) ); |
398 val hoare_lemma25 = (hoare_lemma8 RS (hoare_lemma24 RS mp) ); |
399 (* |
399 (* |
405 val hoare_lemma26 = prove_goal Hoare.thy |
405 val hoare_lemma26 = prove_goal Hoare.thy |
406 "(? n. b1`(iterate n g x)~=TT) ==>\ |
406 "(? n. b1`(iterate n g x)~=TT) ==>\ |
407 \ k=theleast(%n. b1`(iterate n g x) ~= TT) & b1`(iterate k g x) =FF \ |
407 \ k=theleast(%n. b1`(iterate n g x) ~= TT) & b1`(iterate k g x) =FF \ |
408 \ --> q`x = q`(iterate k g x)" |
408 \ --> q`x = q`(iterate k g x)" |
409 (fn prems => |
409 (fn prems => |
410 [ |
410 [ |
411 (cut_facts_tac prems 1), |
411 (cut_facts_tac prems 1), |
412 (res_inst_tac [("n","k")] natE 1), |
412 (res_inst_tac [("n","k")] natE 1), |
413 (hyp_subst_tac 1), |
413 (hyp_subst_tac 1), |
414 (strip_tac 1), |
414 (strip_tac 1), |
415 (Simp_tac 1), |
415 (Simp_tac 1), |
416 (hyp_subst_tac 1), |
416 (hyp_subst_tac 1), |
417 (strip_tac 1), |
417 (strip_tac 1), |
418 (etac conjE 1), |
418 (etac conjE 1), |
419 (rtac trans 1), |
419 (rtac trans 1), |
420 (rtac (hoare_lemma25 RS sym) 1), |
420 (rtac (hoare_lemma25 RS sym) 1), |
421 (atac 1), |
421 (atac 1), |
422 (atac 1), |
422 (atac 1), |
423 (rtac trans 1), |
423 (rtac trans 1), |
424 (rtac q_def3 1), |
424 (rtac q_def3 1), |
425 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
425 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
426 (rtac (hoare_lemma8 RS spec RS mp) 1), |
426 (rtac (hoare_lemma8 RS spec RS mp) 1), |
427 (atac 1), |
427 (atac 1), |
428 (atac 1), |
428 (atac 1), |
429 (Simp_tac 1), |
429 (Simp_tac 1), |
430 (simp_tac HOLCF_ss 1) |
430 (simp_tac HOLCF_ss 1) |
431 ]); |
431 ]); |
432 |
432 |
433 |
433 |
434 val hoare_lemma27 = prove_goal Hoare.thy |
434 val hoare_lemma27 = prove_goal Hoare.thy |
435 "(? n. b1`(iterate n g x) ~= TT) ==>\ |
435 "(? n. b1`(iterate n g x) ~= TT) ==>\ |
436 \ k=theleast(%n. b1`(iterate n g x)~=TT) & b1`(iterate k g x)=UU \ |
436 \ k=theleast(%n. b1`(iterate n g x)~=TT) & b1`(iterate k g x)=UU \ |
437 \ --> q`x = UU" |
437 \ --> q`x = UU" |
438 (fn prems => |
438 (fn prems => |
439 [ |
439 [ |
440 (cut_facts_tac prems 1), |
440 (cut_facts_tac prems 1), |
441 (res_inst_tac [("n","k")] natE 1), |
441 (res_inst_tac [("n","k")] natE 1), |
442 (hyp_subst_tac 1), |
442 (hyp_subst_tac 1), |
443 (Simp_tac 1), |
443 (Simp_tac 1), |
444 (strip_tac 1), |
444 (strip_tac 1), |
445 (etac conjE 1), |
445 (etac conjE 1), |
446 (rtac (q_def3 RS ssubst) 1), |
446 (rtac (q_def3 RS ssubst) 1), |
447 (asm_simp_tac HOLCF_ss 1), |
447 (asm_simp_tac HOLCF_ss 1), |
448 (hyp_subst_tac 1), |
448 (hyp_subst_tac 1), |
449 (Simp_tac 1), |
449 (Simp_tac 1), |
450 (strip_tac 1), |
450 (strip_tac 1), |
451 (etac conjE 1), |
451 (etac conjE 1), |
452 (rtac trans 1), |
452 (rtac trans 1), |
453 (rtac (hoare_lemma25 RS sym) 1), |
453 (rtac (hoare_lemma25 RS sym) 1), |
454 (atac 1), |
454 (atac 1), |
455 (atac 1), |
455 (atac 1), |
456 (rtac trans 1), |
456 (rtac trans 1), |
457 (rtac q_def3 1), |
457 (rtac q_def3 1), |
458 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
458 (res_inst_tac [("s","TT"),("t","b1`(iterate xa g x)")] ssubst 1), |
459 (rtac (hoare_lemma8 RS spec RS mp) 1), |
459 (rtac (hoare_lemma8 RS spec RS mp) 1), |
460 (atac 1), |
460 (atac 1), |
461 (atac 1), |
461 (atac 1), |
462 (Simp_tac 1), |
462 (Simp_tac 1), |
463 (asm_simp_tac HOLCF_ss 1), |
463 (asm_simp_tac HOLCF_ss 1), |
464 (rtac trans 1), |
464 (rtac trans 1), |
465 (rtac q_def3 1), |
465 (rtac q_def3 1), |
466 (asm_simp_tac HOLCF_ss 1) |
466 (asm_simp_tac HOLCF_ss 1) |
467 ]); |
467 ]); |
468 |
468 |
469 (* ------- (! k. b1`(iterate k g x)=TT) ==> q o p = q ----- *) |
469 (* ------- (! k. b1`(iterate k g x)=TT) ==> q o p = q ----- *) |
470 |
470 |
471 val hoare_lemma23 = prove_goal Hoare.thy |
471 val hoare_lemma23 = prove_goal Hoare.thy |
472 "(! k. b1`(iterate k g x)=TT) ==> q`(p`x) = q`x" |
472 "(! k. b1`(iterate k g x)=TT) ==> q`(p`x) = q`x" |
473 (fn prems => |
473 (fn prems => |
474 [ |
474 [ |
475 (cut_facts_tac prems 1), |
475 (cut_facts_tac prems 1), |
476 (rtac (hoare_lemma16 RS ssubst) 1), |
476 (rtac (hoare_lemma16 RS ssubst) 1), |
477 (atac 1), |
477 (atac 1), |
478 (rtac (hoare_lemma19 RS disjE) 1), |
478 (rtac (hoare_lemma19 RS disjE) 1), |
479 (atac 1), |
479 (atac 1), |
480 (rtac (hoare_lemma18 RS ssubst) 1), |
480 (rtac (hoare_lemma18 RS ssubst) 1), |
481 (atac 1), |
481 (atac 1), |
482 (rtac (hoare_lemma22 RS ssubst) 1), |
482 (rtac (hoare_lemma22 RS ssubst) 1), |
483 (atac 1), |
483 (atac 1), |
484 (rtac refl 1), |
484 (rtac refl 1), |
485 (rtac (hoare_lemma21 RS ssubst) 1), |
485 (rtac (hoare_lemma21 RS ssubst) 1), |
486 (atac 1), |
486 (atac 1), |
487 (rtac (hoare_lemma21 RS ssubst) 1), |
487 (rtac (hoare_lemma21 RS ssubst) 1), |
488 (atac 1), |
488 (atac 1), |
489 (rtac refl 1) |
489 (rtac refl 1) |
490 ]); |
490 ]); |
491 |
491 |
492 (* ------------ ? k. b1~(iterate k g x) ~= TT ==> q o p = q ----- *) |
492 (* ------------ ? k. b1~(iterate k g x) ~= TT ==> q o p = q ----- *) |
493 |
493 |
494 val hoare_lemma29 = prove_goal Hoare.thy |
494 val hoare_lemma29 = prove_goal Hoare.thy |
495 "? k. b1`(iterate k g x) ~= TT ==> q`(p`x) = q`x" |
495 "? k. b1`(iterate k g x) ~= TT ==> q`(p`x) = q`x" |
496 (fn prems => |
496 (fn prems => |
497 [ |
497 [ |
498 (cut_facts_tac prems 1), |
498 (cut_facts_tac prems 1), |
499 (rtac (hoare_lemma5 RS disjE) 1), |
499 (rtac (hoare_lemma5 RS disjE) 1), |
500 (atac 1), |
500 (atac 1), |
501 (rtac refl 1), |
501 (rtac refl 1), |
502 (rtac (hoare_lemma11 RS mp RS ssubst) 1), |
502 (rtac (hoare_lemma11 RS mp RS ssubst) 1), |
503 (atac 1), |
503 (atac 1), |
504 (rtac conjI 1), |
504 (rtac conjI 1), |
505 (rtac refl 1), |
505 (rtac refl 1), |
506 (atac 1), |
506 (atac 1), |
507 (rtac (hoare_lemma26 RS mp RS subst) 1), |
507 (rtac (hoare_lemma26 RS mp RS subst) 1), |
508 (atac 1), |
508 (atac 1), |
509 (rtac conjI 1), |
509 (rtac conjI 1), |
510 (rtac refl 1), |
510 (rtac refl 1), |
511 (atac 1), |
511 (atac 1), |
512 (rtac refl 1), |
512 (rtac refl 1), |
513 (rtac (hoare_lemma12 RS mp RS ssubst) 1), |
513 (rtac (hoare_lemma12 RS mp RS ssubst) 1), |
514 (atac 1), |
514 (atac 1), |
515 (rtac conjI 1), |
515 (rtac conjI 1), |
516 (rtac refl 1), |
516 (rtac refl 1), |
517 (atac 1), |
517 (atac 1), |
518 (rtac (hoare_lemma22 RS ssubst) 1), |
518 (rtac (hoare_lemma22 RS ssubst) 1), |
519 (rtac (hoare_lemma28 RS ssubst) 1), |
519 (rtac (hoare_lemma28 RS ssubst) 1), |
520 (atac 1), |
520 (atac 1), |
521 (rtac refl 1), |
521 (rtac refl 1), |
522 (rtac sym 1), |
522 (rtac sym 1), |
523 (rtac (hoare_lemma27 RS mp RS ssubst) 1), |
523 (rtac (hoare_lemma27 RS mp RS ssubst) 1), |
524 (atac 1), |
524 (atac 1), |
525 (rtac conjI 1), |
525 (rtac conjI 1), |
526 (rtac refl 1), |
526 (rtac refl 1), |
527 (atac 1), |
527 (atac 1), |
528 (rtac refl 1) |
528 (rtac refl 1) |
529 ]); |
529 ]); |
530 |
530 |
531 (* ------ the main prove q o p = q ------ *) |
531 (* ------ the main prove q o p = q ------ *) |
532 |
532 |
533 val hoare_main = prove_goal Hoare.thy "q oo p = q" |
533 val hoare_main = prove_goal Hoare.thy "q oo p = q" |
534 (fn prems => |
534 (fn prems => |
535 [ |
535 [ |
536 (rtac ext_cfun 1), |
536 (rtac ext_cfun 1), |
537 (rtac (cfcomp2 RS ssubst) 1), |
537 (rtac (cfcomp2 RS ssubst) 1), |
538 (rtac (hoare_lemma3 RS disjE) 1), |
538 (rtac (hoare_lemma3 RS disjE) 1), |
539 (etac hoare_lemma23 1), |
539 (etac hoare_lemma23 1), |
540 (etac hoare_lemma29 1) |
540 (etac hoare_lemma29 1) |
541 ]); |
541 ]); |
542 |
542 |
543 |
543 |