author nipkow
Tue Sep 20 05:48:23 2011 +0200 (2011-09-20)
changeset 45015 fdac1e9880eb
parent 44890 22f665a2e91c
child 45200 1f1897ac7877
permissions -rw-r--r--
Updated IMP to use new induction method
     1 header "Semantic Equivalence up to a Condition"
     3 theory Sem_Equiv
     4 imports Hoare_Sound_Complete
     5 begin
     7 definition
     8   equiv_up_to :: "assn \<Rightarrow> com \<Rightarrow> com \<Rightarrow> bool" ("_ \<Turnstile> _ \<sim> _" [60,0,10] 60)
     9 where
    10   "P \<Turnstile> c \<sim> c' \<equiv> \<forall>s s'. P s \<longrightarrow> (c,s) \<Rightarrow> s' \<longleftrightarrow> (c',s) \<Rightarrow> s'"
    12 definition 
    13   bequiv_up_to :: "assn \<Rightarrow> bexp \<Rightarrow> bexp \<Rightarrow> bool" ("_ \<Turnstile> _ <\<sim>> _" [60,0,10] 60)
    14 where 
    15   "P \<Turnstile> b <\<sim>> b' \<equiv> \<forall>s. P s \<longrightarrow> bval b s = bval b' s"
    17 lemma equiv_up_to_True:
    18   "((\<lambda>_. True) \<Turnstile> c \<sim> c') = (c \<sim> c')"
    19   by (simp add: equiv_def equiv_up_to_def)
    21 lemma equiv_up_to_weaken:
    22   "P \<Turnstile> c \<sim> c' \<Longrightarrow> (\<And>s. P' s \<Longrightarrow> P s) \<Longrightarrow> P' \<Turnstile> c \<sim> c'"
    23   by (simp add: equiv_up_to_def)
    25 lemma equiv_up_toI:
    26   "(\<And>s s'. P s \<Longrightarrow> (c, s) \<Rightarrow> s' = (c', s) \<Rightarrow> s') \<Longrightarrow> P \<Turnstile> c \<sim> c'"
    27   by (unfold equiv_up_to_def) blast
    29 lemma equiv_up_toD1:
    30   "P \<Turnstile> c \<sim> c' \<Longrightarrow> P s \<Longrightarrow> (c, s) \<Rightarrow> s' \<Longrightarrow> (c', s) \<Rightarrow> s'"
    31   by (unfold equiv_up_to_def) blast
    33 lemma equiv_up_toD2:
    34   "P \<Turnstile> c \<sim> c' \<Longrightarrow> P s \<Longrightarrow> (c', s) \<Rightarrow> s' \<Longrightarrow> (c, s) \<Rightarrow> s'"
    35   by (unfold equiv_up_to_def) blast
    38 lemma equiv_up_to_refl [simp, intro!]:
    39   "P \<Turnstile> c \<sim> c"
    40   by (auto simp: equiv_up_to_def)
    42 lemma equiv_up_to_sym:
    43   "(P \<Turnstile> c \<sim> c') = (P \<Turnstile> c' \<sim> c)"
    44   by (auto simp: equiv_up_to_def)
    46 lemma equiv_up_to_trans [trans]:
    47   "P \<Turnstile> c \<sim> c' \<Longrightarrow> P \<Turnstile> c' \<sim> c'' \<Longrightarrow> P \<Turnstile> c \<sim> c''"
    48   by (auto simp: equiv_up_to_def)
    51 lemma bequiv_up_to_refl [simp, intro!]:
    52   "P \<Turnstile> b <\<sim>> b"
    53   by (auto simp: bequiv_up_to_def)
    55 lemma bequiv_up_to_sym:
    56   "(P \<Turnstile> b <\<sim>> b') = (P \<Turnstile> b' <\<sim>> b)"
    57   by (auto simp: bequiv_up_to_def)
    59 lemma bequiv_up_to_trans [trans]:
    60   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P \<Turnstile> b' <\<sim>> b'' \<Longrightarrow> P \<Turnstile> b <\<sim>> b''"
    61   by (auto simp: bequiv_up_to_def)
    64 lemma equiv_up_to_hoare:
    65   "P' \<Turnstile> c \<sim> c' \<Longrightarrow> (\<And>s. P s \<Longrightarrow> P' s) \<Longrightarrow> (\<Turnstile> {P} c {Q}) = (\<Turnstile> {P} c' {Q})"
    66   unfolding hoare_valid_def equiv_up_to_def by blast
    68 lemma equiv_up_to_hoare_eq:
    69   "P \<Turnstile> c \<sim> c' \<Longrightarrow> (\<Turnstile> {P} c {Q}) = (\<Turnstile> {P} c' {Q})"
    70   by (rule equiv_up_to_hoare)
    73 lemma equiv_up_to_semi:
    74   "P \<Turnstile> c \<sim> c' \<Longrightarrow> Q \<Turnstile> d \<sim> d' \<Longrightarrow> \<Turnstile> {P} c {Q} \<Longrightarrow>
    75   P \<Turnstile> (c; d) \<sim> (c'; d')"
    76   by (clarsimp simp: equiv_up_to_def hoare_valid_def) blast
    78 lemma equiv_up_to_while_lemma:
    79   shows "(d,s) \<Rightarrow> s' \<Longrightarrow> 
    80          P \<Turnstile> b <\<sim>> b' \<Longrightarrow>
    81          (\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c' \<Longrightarrow> 
    82          \<Turnstile> {\<lambda>s. P s \<and> bval b s} c {P} \<Longrightarrow> 
    83          P s \<Longrightarrow> 
    84          d = WHILE b DO c \<Longrightarrow> 
    85          (WHILE b' DO c', s) \<Rightarrow> s'"  
    86 proof (induction rule: big_step_induct)
    87   case (WhileTrue b s1 c s2 s3)
    88   note IH = WhileTrue.IH(2) [OF WhileTrue.prems(1-3) _ WhileTrue.prems(5)]
    89   from WhileTrue.prems
    90   have "P \<Turnstile> b <\<sim>> b'" by simp
    91   with `bval b s1` `P s1`
    92   have "bval b' s1" by (simp add: bequiv_up_to_def)
    93   moreover
    94   from WhileTrue.prems
    95   have "(\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c'" by simp
    96   with `bval b s1` `P s1` `(c, s1) \<Rightarrow> s2`
    97   have "(c', s1) \<Rightarrow> s2" by (simp add: equiv_up_to_def)
    98   moreover
    99   from WhileTrue.prems
   100   have "\<Turnstile> {\<lambda>s. P s \<and> bval b s} c {P}" by simp
   101   with `P s1` `bval b s1` `(c, s1) \<Rightarrow> s2`
   102   have "P s2" by (simp add: hoare_valid_def)
   103   hence "(WHILE b' DO c', s2) \<Rightarrow> s3" by (rule IH)
   104   ultimately 
   105   show ?case by blast
   106 next
   107   case WhileFalse
   108   thus ?case by (auto simp: bequiv_up_to_def)
   109 qed (fastforce simp: equiv_up_to_def bequiv_up_to_def hoare_valid_def)+
   111 lemma bequiv_context_subst:
   112   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> (P s \<and> bval b s) = (P s \<and> bval b' s)"
   113   by (auto simp: bequiv_up_to_def)
   115 lemma equiv_up_to_while:
   116   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> (\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c' \<Longrightarrow> 
   117    \<Turnstile> {\<lambda>s. P s \<and> bval b s} c {P} \<Longrightarrow> 
   118    P \<Turnstile> WHILE b DO c \<sim> WHILE b' DO c'"
   119   apply (safe intro!: equiv_up_toI)
   120    apply (auto intro: equiv_up_to_while_lemma)[1]
   121   apply (simp add: equiv_up_to_hoare_eq bequiv_context_subst)
   122   apply (drule equiv_up_to_sym [THEN iffD1])
   123   apply (drule bequiv_up_to_sym [THEN iffD1])
   124   apply (auto intro: equiv_up_to_while_lemma)[1]
   125   done
   127 lemma equiv_up_to_while_weak:
   128   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P \<Turnstile> c \<sim> c' \<Longrightarrow> \<Turnstile> {P} c {P} \<Longrightarrow> 
   129    P \<Turnstile> WHILE b DO c \<sim> WHILE b' DO c'"
   130   by (fastforce elim!: equiv_up_to_while equiv_up_to_weaken 
   131                simp: hoare_valid_def)
   133 lemma equiv_up_to_if:
   134   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> (\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c' \<Longrightarrow> (\<lambda>s. P s \<and> \<not>bval b s) \<Turnstile> d \<sim> d' \<Longrightarrow>
   135    P \<Turnstile> IF b THEN c ELSE d \<sim> IF b' THEN c' ELSE d'"
   136   by (auto simp: bequiv_up_to_def equiv_up_to_def)
   138 lemma equiv_up_to_if_weak:
   139   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P \<Turnstile> c \<sim> c' \<Longrightarrow> P \<Turnstile> d \<sim> d' \<Longrightarrow>
   140    P \<Turnstile> IF b THEN c ELSE d \<sim> IF b' THEN c' ELSE d'"
   141   by (fastforce elim!: equiv_up_to_if equiv_up_to_weaken)
   143 lemma equiv_up_to_if_True [intro!]:
   144   "(\<And>s. P s \<Longrightarrow> bval b s) \<Longrightarrow> P \<Turnstile> IF b THEN c1 ELSE c2 \<sim> c1"
   145   by (auto simp: equiv_up_to_def) 
   147 lemma equiv_up_to_if_False [intro!]:
   148   "(\<And>s. P s \<Longrightarrow> \<not> bval b s) \<Longrightarrow> P \<Turnstile> IF b THEN c1 ELSE c2 \<sim> c2"
   149   by (auto simp: equiv_up_to_def)
   151 lemma equiv_up_to_while_False [intro!]:
   152   "(\<And>s. P s \<Longrightarrow> \<not> bval b s) \<Longrightarrow> P \<Turnstile> WHILE b DO c \<sim> SKIP"
   153   by (auto simp: equiv_up_to_def)
   155 lemma while_never: "(c, s) \<Rightarrow> u \<Longrightarrow> c \<noteq> WHILE (B True) DO c'"
   156  by (induct rule: big_step_induct) auto
   158 lemma equiv_up_to_while_True [intro!,simp]:
   159   "P \<Turnstile> WHILE B True DO c \<sim> WHILE B True DO SKIP"
   160   unfolding equiv_up_to_def
   161   by (blast dest: while_never)
   164 end