10 |
10 |
11 (*** Hoare rules ***) |
11 (*** Hoare rules ***) |
12 |
12 |
13 val SkipRule = prove_goalw thy [Spec_def,Skip_def] |
13 val SkipRule = prove_goalw thy [Spec_def,Skip_def] |
14 "(!!s. p(s) ==> q(s)) ==> Spec p Skip q" |
14 "(!!s. p(s) ==> q(s)) ==> Spec p Skip q" |
15 (fn prems => [fast_tac (!claset addIs prems) 1]); |
15 (fn prems => [fast_tac (claset() addIs prems) 1]); |
16 |
16 |
17 val AssignRule = prove_goalw thy [Spec_def,Assign_def] |
17 val AssignRule = prove_goalw thy [Spec_def,Assign_def] |
18 "(!!s. p s ==> q(%x. if x=v then e s else s x)) ==> Spec p (Assign v e) q" |
18 "(!!s. p s ==> q(%x. if x=v then e s else s x)) ==> Spec p (Assign v e) q" |
19 (fn prems => [fast_tac (!claset addIs prems) 1]); |
19 (fn prems => [fast_tac (claset() addIs prems) 1]); |
20 |
20 |
21 val SeqRule = prove_goalw thy [Spec_def,Seq_def] |
21 val SeqRule = prove_goalw thy [Spec_def,Seq_def] |
22 "[| Spec p c (%s. q s); Spec (%s. q s) c' r |] ==> Spec p (Seq c c') r" |
22 "[| Spec p c (%s. q s); Spec (%s. q s) c' r |] ==> Spec p (Seq c c') r" |
23 (fn prems => [cut_facts_tac prems 1, Fast_tac 1]); |
23 (fn prems => [cut_facts_tac prems 1, Fast_tac 1]); |
24 |
24 |
29 (fn [prem1,prem2,prem3] => |
29 (fn [prem1,prem2,prem3] => |
30 [REPEAT (rtac allI 1), |
30 [REPEAT (rtac allI 1), |
31 REPEAT (rtac impI 1), |
31 REPEAT (rtac impI 1), |
32 dtac prem1 1, |
32 dtac prem1 1, |
33 cut_facts_tac [prem2,prem3] 1, |
33 cut_facts_tac [prem2,prem3] 1, |
34 fast_tac (!claset addIs [prem1]) 1]); |
34 fast_tac (claset() addIs [prem1]) 1]); |
35 |
35 |
36 val strenthen_pre = prove_goalw thy [Spec_def] |
36 val strenthen_pre = prove_goalw thy [Spec_def] |
37 "[| !!s. p s ==> p' s; Spec p' c q |] ==> Spec p c q" |
37 "[| !!s. p s ==> p' s; Spec p' c q |] ==> Spec p c q" |
38 (fn [prem1,prem2] =>[cut_facts_tac [prem2] 1, |
38 (fn [prem1,prem2] =>[cut_facts_tac [prem2] 1, |
39 fast_tac (!claset addIs [prem1]) 1]); |
39 fast_tac (claset() addIs [prem1]) 1]); |
40 |
40 |
41 val lemma = prove_goalw thy [Spec_def,While_def] |
41 val lemma = prove_goalw thy [Spec_def,While_def] |
42 "[| Spec (%s. I s & b s) c I; !!s. [| I s; ~b s |] ==> q s |] \ |
42 "[| Spec (%s. I s & b s) c I; !!s. [| I s; ~b s |] ==> q s |] \ |
43 \ ==> Spec I (While b I c) q" |
43 \ ==> Spec I (While b I c) q" |
44 (fn [prem1,prem2] => |
44 (fn [prem1,prem2] => |
45 [REPEAT(rtac allI 1), rtac impI 1, etac exE 1, rtac mp 1, atac 2, |
45 [REPEAT(rtac allI 1), rtac impI 1, etac exE 1, rtac mp 1, atac 2, |
46 etac thin_rl 1, res_inst_tac[("x","s")]spec 1, |
46 etac thin_rl 1, res_inst_tac[("x","s")]spec 1, |
47 res_inst_tac[("x","s'")]spec 1, nat_ind_tac "n" 1, |
47 res_inst_tac[("x","s'")]spec 1, nat_ind_tac "n" 1, |
48 Simp_tac 1, |
48 Simp_tac 1, |
49 fast_tac (!claset addIs [prem2]) 1, |
49 fast_tac (claset() addIs [prem2]) 1, |
50 simp_tac (!simpset addsimps [Seq_def]) 1, |
50 simp_tac (simpset() addsimps [Seq_def]) 1, |
51 cut_facts_tac [prem1] 1, fast_tac (!claset addIs [prem2]) 1]); |
51 cut_facts_tac [prem1] 1, fast_tac (claset() addIs [prem2]) 1]); |
52 |
52 |
53 val WhileRule = lemma RSN (2,strenthen_pre); |
53 val WhileRule = lemma RSN (2,strenthen_pre); |
54 |
54 |
55 |
55 |
56 (*** meta_spec used in StateElimTac ***) |
56 (*** meta_spec used in StateElimTac ***) |