76 Cast: "A |-e {P} e {\<lambda>v s. (case v of Null => True |
76 Cast: "A |-e {P} e {\<lambda>v s. (case v of Null => True |
77 | Addr a => obj_class s a <=C C) --> Q v s} ==> |
77 | Addr a => obj_class s a <=C C) --> Q v s} ==> |
78 A |-e {P} Cast C e {Q}" |
78 A |-e {P} Cast C e {Q}" |
79 |
79 |
80 Call: "[| A |-e {P} e1 {Q}; \<forall>a. A |-e {Q a} e2 {R a}; |
80 Call: "[| A |-e {P} e1 {Q}; \<forall>a. A |-e {Q a} e2 {R a}; |
81 \<forall>a p l. A |- {\<lambda>s'. \<exists>s. R a p s \<and> l = s \<and> |
81 \<forall>a p ls. A |- {\<lambda>s'. \<exists>s. R a p s \<and> ls = s \<and> |
82 s' = lupd(This\<mapsto>a)(lupd(Par\<mapsto>p)(reset_locs s))} |
82 s' = lupd(This\<mapsto>a)(lupd(Par\<mapsto>p)(reset_locs s))} |
83 Meth (C,m) {\<lambda>s. S (s<Res>) (set_locs l s)} |] ==> |
83 Meth (C,m) {\<lambda>s. S (s<Res>) (set_locs ls s)} |] ==> |
84 A |-e {P} {C}e1..m(e2) {S}" |
84 A |-e {P} {C}e1..m(e2) {S}" |
85 |
85 |
86 Meth: "\<forall>D. A |- {\<lambda>s'. \<exists>s a. s<This> = Addr a \<and> D = obj_class s a \<and> D <=C C \<and> |
86 Meth: "\<forall>D. A |- {\<lambda>s'. \<exists>s a. s<This> = Addr a \<and> D = obj_class s a \<and> D <=C C \<and> |
87 P s \<and> s' = init_locs D m s} |
87 P s \<and> s' = init_locs D m s} |
88 Impl (D,m) {Q} ==> |
88 Impl (D,m) {Q} ==> |
89 A |- {P} Meth (C,m) {Q}" |
89 A |- {P} Meth (C,m) {Q}" |
90 |
90 |
91 --{* @{text "\<Union>z"} instead of @{text "\<forall>z"} in the conclusion and\\ |
91 --{* @{text "\<Union>Z"} instead of @{text "\<forall>Z"} in the conclusion and\\ |
92 z restricted to type state due to limitations of the inductive package *} |
92 Z restricted to type state due to limitations of the inductive package *} |
93 Impl: "\<forall>z::state. A\<union> (\<Union>z. (\<lambda>Cm. (P z Cm, Impl Cm, Q z Cm))`Ms) ||- |
93 Impl: "\<forall>Z::state. A\<union> (\<Union>Z. (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) ||- |
94 (\<lambda>Cm. (P z Cm, body Cm, Q z Cm))`Ms ==> |
94 (\<lambda>Cm. (P Z Cm, body Cm, Q Z Cm))`Ms ==> |
95 A ||- (\<lambda>Cm. (P z Cm, Impl Cm, Q z Cm))`Ms" |
95 A ||- (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms" |
96 |
96 |
97 --{* structural rules *} |
97 --{* structural rules *} |
98 |
98 |
99 Asm: " a \<in> A ==> A ||- {a}" |
99 Asm: " a \<in> A ==> A ||- {a}" |
100 |
100 |
101 ConjI: " \<forall>c \<in> C. A ||- {c} ==> A ||- C" |
101 ConjI: " \<forall>c \<in> C. A ||- {c} ==> A ||- C" |
102 |
102 |
103 ConjE: "[|A ||- C; c \<in> C |] ==> A ||- {c}" |
103 ConjE: "[|A ||- C; c \<in> C |] ==> A ||- {c}" |
104 |
104 |
105 Conseq:"[| \<forall>z::state. A |- {P' z} c {Q' z}; |
105 --{* Z restricted to type state due to limitations of the inductive package *} |
106 \<forall>s t. (\<forall>z. P' z s --> Q' z t) --> (P s --> Q t) |] ==> |
106 Conseq:"[| \<forall>Z::state. A |- {P' Z} c {Q' Z}; |
|
107 \<forall>s t. (\<forall>Z. P' Z s --> Q' Z t) --> (P s --> Q t) |] ==> |
107 A |- {P} c {Q }" |
108 A |- {P} c {Q }" |
108 |
109 |
109 --{* z restricted to type state due to limitations of the inductive package *} |
110 --{* Z restricted to type state due to limitations of the inductive package *} |
110 eConseq:"[| \<forall>z::state. A |-e {P' z} c {Q' z}; |
111 eConseq:"[| \<forall>Z::state. A |-e {P' Z} e {Q' Z}; |
111 \<forall>s v t. (\<forall>z. P' z s --> Q' z v t) --> (P s --> Q v t) |] ==> |
112 \<forall>s v t. (\<forall>Z. P' Z s --> Q' Z v t) --> (P s --> Q v t) |] ==> |
112 A |-e {P} c {Q }" |
113 A |-e {P} e {Q }" |
113 |
114 |
|
115 |
|
116 subsection "Fully polymorphic variants" |
|
117 |
|
118 axioms |
|
119 Conseq:"[| \<forall>Z. A |- {P' Z} c {Q' Z}; |
|
120 \<forall>s t. (\<forall>Z. P' Z s --> Q' Z t) --> (P s --> Q t) |] ==> |
|
121 A |- {P} c {Q }" |
|
122 |
|
123 eConseq:"[| \<forall>Z. A |-e {P' Z} e {Q' Z}; |
|
124 \<forall>s v t. (\<forall>Z. P' Z s --> Q' Z v t) --> (P s --> Q v t) |] ==> |
|
125 A |-e {P} e {Q }" |
|
126 |
|
127 Impl: "\<forall>Z. A\<union> (\<Union>Z. (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) ||- |
|
128 (\<lambda>Cm. (P Z Cm, body Cm, Q Z Cm))`Ms ==> |
|
129 A ||- (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms" |
114 |
130 |
115 subsection "Derived Rules" |
131 subsection "Derived Rules" |
116 |
132 |
117 lemma Conseq1: "\<lbrakk>A \<turnstile> {P'} c {Q}; \<forall>s. P s \<longrightarrow> P' s\<rbrakk> \<Longrightarrow> A \<turnstile> {P} c {Q}" |
133 lemma Conseq1: "\<lbrakk>A \<turnstile> {P'} c {Q}; \<forall>s. P s \<longrightarrow> P' s\<rbrakk> \<Longrightarrow> A \<turnstile> {P} c {Q}" |
118 apply (rule hoare_ehoare.Conseq) |
134 apply (rule hoare_ehoare.Conseq) |
144 apply (drule hoare_ehoare.ConjE) |
160 apply (drule hoare_ehoare.ConjE) |
145 apply fast |
161 apply fast |
146 apply assumption |
162 apply assumption |
147 done |
163 done |
148 |
164 |
149 lemma Union: "A |\<turnstile> (\<Union>z. C z) = (\<forall>z. A |\<turnstile> C z)" |
165 lemma Thin_lemma: |
|
166 "(A' |\<turnstile> C \<longrightarrow> (\<forall>A. A' \<subseteq> A \<longrightarrow> A |\<turnstile> C )) \<and> |
|
167 (A' \<turnstile>\<^sub>e {P} e {Q} \<longrightarrow> (\<forall>A. A' \<subseteq> A \<longrightarrow> A \<turnstile>\<^sub>e {P} e {Q}))" |
|
168 apply (rule hoare_ehoare.induct) |
|
169 apply (tactic "ALLGOALS(EVERY'[Clarify_tac, REPEAT o smp_tac 1])") |
|
170 apply (blast intro: hoare_ehoare.Skip) |
|
171 apply (blast intro: hoare_ehoare.Comp) |
|
172 apply (blast intro: hoare_ehoare.Cond) |
|
173 apply (blast intro: hoare_ehoare.Loop) |
|
174 apply (blast intro: hoare_ehoare.LAcc) |
|
175 apply (blast intro: hoare_ehoare.LAss) |
|
176 apply (blast intro: hoare_ehoare.FAcc) |
|
177 apply (blast intro: hoare_ehoare.FAss) |
|
178 apply (blast intro: hoare_ehoare.NewC) |
|
179 apply (blast intro: hoare_ehoare.Cast) |
|
180 apply (erule hoare_ehoare.Call) |
|
181 apply (rule, drule spec, erule conjE, tactic "smp_tac 1 1", assumption) |
|
182 apply blast |
|
183 apply (blast intro!: hoare_ehoare.Meth) |
|
184 apply (blast intro!: hoare_ehoare.Impl) |
|
185 apply (blast intro!: hoare_ehoare.Asm) |
|
186 apply (blast intro: hoare_ehoare.ConjI) |
|
187 apply (blast intro: hoare_ehoare.ConjE) |
|
188 apply (rule hoare_ehoare.Conseq) |
|
189 apply (rule, drule spec, erule conjE, tactic "smp_tac 1 1", assumption+) |
|
190 apply (rule hoare_ehoare.eConseq) |
|
191 apply (rule, drule spec, erule conjE, tactic "smp_tac 1 1", assumption+) |
|
192 done |
|
193 |
|
194 lemma cThin: "\<lbrakk>A' |\<turnstile> C; A' \<subseteq> A\<rbrakk> \<Longrightarrow> A |\<turnstile> C" |
|
195 by (erule (1) conjunct1 [OF Thin_lemma, rule_format]) |
|
196 |
|
197 lemma eThin: "\<lbrakk>A' \<turnstile>\<^sub>e {P} e {Q}; A' \<subseteq> A\<rbrakk> \<Longrightarrow> A \<turnstile>\<^sub>e {P} e {Q}" |
|
198 by (erule (1) conjunct2 [OF Thin_lemma, rule_format]) |
|
199 |
|
200 |
|
201 lemma Union: "A |\<turnstile> (\<Union>Z. C Z) = (\<forall>Z. A |\<turnstile> C Z)" |
150 by (auto intro: hoare_ehoare.ConjI hoare_ehoare.ConjE) |
202 by (auto intro: hoare_ehoare.ConjI hoare_ehoare.ConjE) |
151 |
203 |
152 lemma Impl1: |
204 lemma Impl1': |
153 "\<lbrakk>\<forall>z::state. A\<union> (\<Union>z. (\<lambda>Cm. (P z Cm, Impl Cm, Q z Cm))`Ms) |\<turnstile> |
205 "\<lbrakk>\<forall>Z. A\<union> (\<Union>Z. (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) |\<turnstile> |
154 (\<lambda>Cm. (P z Cm, body Cm, Q z Cm))`Ms; |
206 (\<lambda>Cm. (P Z Cm, body Cm, Q Z Cm))`Ms; |
155 Cm \<in> Ms\<rbrakk> \<Longrightarrow> |
207 Cm \<in> Ms\<rbrakk> \<Longrightarrow> |
156 A \<turnstile> {P z Cm} Impl Cm {Q z Cm}" |
208 A \<turnstile> {P Z Cm} Impl Cm {Q Z Cm}" |
157 apply (drule hoare_ehoare.Impl) |
209 apply (drule Impl) |
158 apply (erule Weaken) |
210 apply (erule Weaken) |
159 apply (auto del: image_eqI intro: rev_image_eqI) |
211 apply (auto del: image_eqI intro: rev_image_eqI) |
160 done |
212 done |
161 |
213 |
|
214 lemmas Impl1 = AxSem.Impl [of _ _ _ "{Cm}", simplified, standard] |
|
215 |
162 end |
216 end |