34 |
34 |
35 constdefs interfree :: "(('a ann_triple_op) list) \<Rightarrow> bool" |
35 constdefs interfree :: "(('a ann_triple_op) list) \<Rightarrow> bool" |
36 "interfree Ts \<equiv> \<forall>i j. i < length Ts \<and> j < length Ts \<and> i \<noteq> j \<longrightarrow> |
36 "interfree Ts \<equiv> \<forall>i j. i < length Ts \<and> j < length Ts \<and> i \<noteq> j \<longrightarrow> |
37 interfree_aux (com (Ts!i), post (Ts!i), com (Ts!j)) " |
37 interfree_aux (com (Ts!i), post (Ts!i), com (Ts!j)) " |
38 |
38 |
39 consts ann_hoare :: "('a ann_com \<times> 'a assn) set" |
39 inductive |
40 syntax "_ann_hoare" :: "'a ann_com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(2\<turnstile> _// _)" [60,90] 45) |
40 oghoare :: "'a assn \<Rightarrow> 'a com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(3\<parallel>- _//_//_)" [90,55,90] 50) |
41 translations "\<turnstile> c q" \<rightleftharpoons> "(c, q) \<in> ann_hoare" |
41 and ann_hoare :: "'a ann_com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(2\<turnstile> _// _)" [60,90] 45) |
42 |
42 where |
43 consts oghoare :: "('a assn \<times> 'a com \<times> 'a assn) set" |
|
44 syntax "_oghoare" :: "'a assn \<Rightarrow> 'a com \<Rightarrow> 'a assn \<Rightarrow> bool" ("(3\<parallel>- _//_//_)" [90,55,90] 50) |
|
45 translations "\<parallel>- p c q" \<rightleftharpoons> "(p, c, q) \<in> oghoare" |
|
46 |
|
47 inductive oghoare ann_hoare |
|
48 intros |
|
49 AnnBasic: "r \<subseteq> {s. f s \<in> q} \<Longrightarrow> \<turnstile> (AnnBasic r f) q" |
43 AnnBasic: "r \<subseteq> {s. f s \<in> q} \<Longrightarrow> \<turnstile> (AnnBasic r f) q" |
50 |
44 |
51 AnnSeq: "\<lbrakk> \<turnstile> c0 pre c1; \<turnstile> c1 q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnSeq c0 c1) q" |
45 | AnnSeq: "\<lbrakk> \<turnstile> c0 pre c1; \<turnstile> c1 q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnSeq c0 c1) q" |
52 |
46 |
53 AnnCond1: "\<lbrakk> r \<inter> b \<subseteq> pre c1; \<turnstile> c1 q; r \<inter> -b \<subseteq> pre c2; \<turnstile> c2 q\<rbrakk> |
47 | AnnCond1: "\<lbrakk> r \<inter> b \<subseteq> pre c1; \<turnstile> c1 q; r \<inter> -b \<subseteq> pre c2; \<turnstile> c2 q\<rbrakk> |
54 \<Longrightarrow> \<turnstile> (AnnCond1 r b c1 c2) q" |
48 \<Longrightarrow> \<turnstile> (AnnCond1 r b c1 c2) q" |
55 AnnCond2: "\<lbrakk> r \<inter> b \<subseteq> pre c; \<turnstile> c q; r \<inter> -b \<subseteq> q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnCond2 r b c) q" |
49 | AnnCond2: "\<lbrakk> r \<inter> b \<subseteq> pre c; \<turnstile> c q; r \<inter> -b \<subseteq> q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnCond2 r b c) q" |
56 |
50 |
57 AnnWhile: "\<lbrakk> r \<subseteq> i; i \<inter> b \<subseteq> pre c; \<turnstile> c i; i \<inter> -b \<subseteq> q \<rbrakk> |
51 | AnnWhile: "\<lbrakk> r \<subseteq> i; i \<inter> b \<subseteq> pre c; \<turnstile> c i; i \<inter> -b \<subseteq> q \<rbrakk> |
58 \<Longrightarrow> \<turnstile> (AnnWhile r b i c) q" |
52 \<Longrightarrow> \<turnstile> (AnnWhile r b i c) q" |
59 |
53 |
60 AnnAwait: "\<lbrakk> atom_com c; \<parallel>- (r \<inter> b) c q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnAwait r b c) q" |
54 | AnnAwait: "\<lbrakk> atom_com c; \<parallel>- (r \<inter> b) c q \<rbrakk> \<Longrightarrow> \<turnstile> (AnnAwait r b c) q" |
61 |
55 |
62 AnnConseq: "\<lbrakk>\<turnstile> c q; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<turnstile> c q'" |
56 | AnnConseq: "\<lbrakk>\<turnstile> c q; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<turnstile> c q'" |
63 |
57 |
64 |
58 |
65 Parallel: "\<lbrakk> \<forall>i<length Ts. \<exists>c q. Ts!i = (Some c, q) \<and> \<turnstile> c q; interfree Ts \<rbrakk> |
59 | Parallel: "\<lbrakk> \<forall>i<length Ts. \<exists>c q. Ts!i = (Some c, q) \<and> \<turnstile> c q; interfree Ts \<rbrakk> |
66 \<Longrightarrow> \<parallel>- (\<Inter>i\<in>{i. i<length Ts}. pre(the(com(Ts!i)))) |
60 \<Longrightarrow> \<parallel>- (\<Inter>i\<in>{i. i<length Ts}. pre(the(com(Ts!i)))) |
67 Parallel Ts |
61 Parallel Ts |
68 (\<Inter>i\<in>{i. i<length Ts}. post(Ts!i))" |
62 (\<Inter>i\<in>{i. i<length Ts}. post(Ts!i))" |
69 |
63 |
70 Basic: "\<parallel>- {s. f s \<in>q} (Basic f) q" |
64 | Basic: "\<parallel>- {s. f s \<in>q} (Basic f) q" |
71 |
65 |
72 Seq: "\<lbrakk> \<parallel>- p c1 r; \<parallel>- r c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Seq c1 c2) q " |
66 | Seq: "\<lbrakk> \<parallel>- p c1 r; \<parallel>- r c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Seq c1 c2) q " |
73 |
67 |
74 Cond: "\<lbrakk> \<parallel>- (p \<inter> b) c1 q; \<parallel>- (p \<inter> -b) c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Cond b c1 c2) q" |
68 | Cond: "\<lbrakk> \<parallel>- (p \<inter> b) c1 q; \<parallel>- (p \<inter> -b) c2 q \<rbrakk> \<Longrightarrow> \<parallel>- p (Cond b c1 c2) q" |
75 |
69 |
76 While: "\<lbrakk> \<parallel>- (p \<inter> b) c p \<rbrakk> \<Longrightarrow> \<parallel>- p (While b i c) (p \<inter> -b)" |
70 | While: "\<lbrakk> \<parallel>- (p \<inter> b) c p \<rbrakk> \<Longrightarrow> \<parallel>- p (While b i c) (p \<inter> -b)" |
77 |
71 |
78 Conseq: "\<lbrakk> p' \<subseteq> p; \<parallel>- p c q ; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<parallel>- p' c q'" |
72 | Conseq: "\<lbrakk> p' \<subseteq> p; \<parallel>- p c q ; q \<subseteq> q' \<rbrakk> \<Longrightarrow> \<parallel>- p' c q'" |
79 |
73 |
80 section {* Soundness *} |
74 section {* Soundness *} |
81 (* In the version Isabelle-10-Sep-1999: HOL: The THEN and ELSE |
75 (* In the version Isabelle-10-Sep-1999: HOL: The THEN and ELSE |
82 parts of conditional expressions (if P then x else y) are no longer |
76 parts of conditional expressions (if P then x else y) are no longer |
83 simplified. (This allows the simplifier to unfold recursive |
77 simplified. (This allows the simplifier to unfold recursive |
145 done |
139 done |
146 |
140 |
147 subsection {* Soundness of the System for Component Programs *} |
141 subsection {* Soundness of the System for Component Programs *} |
148 |
142 |
149 inductive_cases ann_transition_cases: |
143 inductive_cases ann_transition_cases: |
150 "(None,s) -1\<rightarrow> t" |
144 "(None,s) -1\<rightarrow> (c', s')" |
151 "(Some (AnnBasic r f),s) -1\<rightarrow> t" |
145 "(Some (AnnBasic r f),s) -1\<rightarrow> (c', s')" |
152 "(Some (AnnSeq c1 c2), s) -1\<rightarrow> t" |
146 "(Some (AnnSeq c1 c2), s) -1\<rightarrow> (c', s')" |
153 "(Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> t" |
147 "(Some (AnnCond1 r b c1 c2), s) -1\<rightarrow> (c', s')" |
154 "(Some (AnnCond2 r b c), s) -1\<rightarrow> t" |
148 "(Some (AnnCond2 r b c), s) -1\<rightarrow> (c', s')" |
155 "(Some (AnnWhile r b I c), s) -1\<rightarrow> t" |
149 "(Some (AnnWhile r b I c), s) -1\<rightarrow> (c', s')" |
156 "(Some (AnnAwait r b c),s) -1\<rightarrow> t" |
150 "(Some (AnnAwait r b c),s) -1\<rightarrow> (c', s')" |
157 |
151 |
158 text {* Strong Soundness for Component Programs:*} |
152 text {* Strong Soundness for Component Programs:*} |
159 |
153 |
160 lemma ann_hoare_case_analysis [rule_format]: "\<turnstile> C q' \<longrightarrow> |
154 lemma ann_hoare_case_analysis [rule_format]: "\<turnstile> C q' \<longrightarrow> |
161 ((\<forall>r f. C = AnnBasic r f \<longrightarrow> (\<exists>q. r \<subseteq> {s. f s \<in> q} \<and> q \<subseteq> q')) \<and> |
155 ((\<forall>r f. C = AnnBasic r f \<longrightarrow> (\<exists>q. r \<subseteq> {s. f s \<in> q} \<and> q \<subseteq> q')) \<and> |
172 apply(rule_tac x=q in exI,simp)+ |
166 apply(rule_tac x=q in exI,simp)+ |
173 apply(rule conjI,clarify,simp,clarify,rule_tac x=qa in exI,fast)+ |
167 apply(rule conjI,clarify,simp,clarify,rule_tac x=qa in exI,fast)+ |
174 apply(clarify,simp,clarify,rule_tac x=qa in exI,fast) |
168 apply(clarify,simp,clarify,rule_tac x=qa in exI,fast) |
175 done |
169 done |
176 |
170 |
177 lemma Help: "(transition \<inter> {(v,v,u). True}) = (transition)" |
171 lemma Help: "(transition \<inter> {(x,y). True}) = (transition)" |
178 apply force |
172 apply force |
179 done |
173 done |
180 |
174 |
181 lemma Strong_Soundness_aux_aux [rule_format]: |
175 lemma Strong_Soundness_aux_aux [rule_format]: |
182 "(co, s) -1\<rightarrow> (co', t) \<longrightarrow> (\<forall>c. co = Some c \<longrightarrow> s\<in> pre c \<longrightarrow> |
176 "(co, s) -1\<rightarrow> (co', t) \<longrightarrow> (\<forall>c. co = Some c \<longrightarrow> s\<in> pre c \<longrightarrow> |