kleing@44070: header "Semantic Equivalence up to a Condition"
kleing@44070: 
kleing@44070: theory Sem_Equiv
gerwin@48909: imports Big_Step
kleing@44070: begin
kleing@44070: 
gerwin@48909: type_synonym assn = "state \<Rightarrow> bool"
gerwin@48909: 
kleing@44070: definition
kleing@52021:   equiv_up_to :: "assn \<Rightarrow> com \<Rightarrow> com \<Rightarrow> bool" ("_ \<Turnstile> _ \<sim> _" [50,0,10] 50)
kleing@44070: where
kleing@52121:   "(P \<Turnstile> c \<sim> c') = (\<forall>s s'. P s \<longrightarrow> (c,s) \<Rightarrow> s' \<longleftrightarrow> (c',s) \<Rightarrow> s')"
kleing@44070: 
gerwin@48909: definition
kleing@52021:   bequiv_up_to :: "assn \<Rightarrow> bexp \<Rightarrow> bexp \<Rightarrow> bool" ("_ \<Turnstile> _ <\<sim>> _" [50,0,10] 50)
gerwin@48909: where
kleing@52121:   "(P \<Turnstile> b <\<sim>> b') = (\<forall>s. P s \<longrightarrow> bval b s = bval b' s)"
kleing@44070: 
kleing@44070: lemma equiv_up_to_True:
kleing@44070:   "((\<lambda>_. True) \<Turnstile> c \<sim> c') = (c \<sim> c')"
kleing@44070:   by (simp add: equiv_def equiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_to_weaken:
kleing@44070:   "P \<Turnstile> c \<sim> c' \<Longrightarrow> (\<And>s. P' s \<Longrightarrow> P s) \<Longrightarrow> P' \<Turnstile> c \<sim> c'"
kleing@44070:   by (simp add: equiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_toI:
kleing@44070:   "(\<And>s s'. P s \<Longrightarrow> (c, s) \<Rightarrow> s' = (c', s) \<Rightarrow> s') \<Longrightarrow> P \<Turnstile> c \<sim> c'"
kleing@44070:   by (unfold equiv_up_to_def) blast
kleing@44070: 
kleing@44070: lemma equiv_up_toD1:
gerwin@48909:   "P \<Turnstile> c \<sim> c' \<Longrightarrow> (c, s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> (c', s) \<Rightarrow> s'"
kleing@44070:   by (unfold equiv_up_to_def) blast
kleing@44070: 
kleing@44070: lemma equiv_up_toD2:
gerwin@48909:   "P \<Turnstile> c \<sim> c' \<Longrightarrow> (c', s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> (c, s) \<Rightarrow> s'"
kleing@44070:   by (unfold equiv_up_to_def) blast
kleing@44070: 
kleing@44070: 
kleing@44070: lemma equiv_up_to_refl [simp, intro!]:
kleing@44070:   "P \<Turnstile> c \<sim> c"
kleing@44070:   by (auto simp: equiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_to_sym:
kleing@44070:   "(P \<Turnstile> c \<sim> c') = (P \<Turnstile> c' \<sim> c)"
kleing@44070:   by (auto simp: equiv_up_to_def)
kleing@44070: 
kleing@45218: lemma equiv_up_to_trans:
kleing@44070:   "P \<Turnstile> c \<sim> c' \<Longrightarrow> P \<Turnstile> c' \<sim> c'' \<Longrightarrow> P \<Turnstile> c \<sim> c''"
kleing@44070:   by (auto simp: equiv_up_to_def)
kleing@44070: 
kleing@44070: 
kleing@44070: lemma bequiv_up_to_refl [simp, intro!]:
kleing@44070:   "P \<Turnstile> b <\<sim>> b"
kleing@44070:   by (auto simp: bequiv_up_to_def)
kleing@44070: 
kleing@44070: lemma bequiv_up_to_sym:
kleing@44070:   "(P \<Turnstile> b <\<sim>> b') = (P \<Turnstile> b' <\<sim>> b)"
kleing@44070:   by (auto simp: bequiv_up_to_def)
kleing@44070: 
kleing@45218: lemma bequiv_up_to_trans:
kleing@44070:   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P \<Turnstile> b' <\<sim>> b'' \<Longrightarrow> P \<Turnstile> b <\<sim>> b''"
kleing@44070:   by (auto simp: bequiv_up_to_def)
kleing@44070: 
gerwin@48909: lemma bequiv_up_to_subst:
gerwin@48909:   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P s \<Longrightarrow> bval b s = bval b' s"
gerwin@48909:   by (simp add: bequiv_up_to_def)
kleing@44070: 
kleing@44070: 
nipkow@47818: lemma equiv_up_to_seq:
gerwin@48909:   "P \<Turnstile> c \<sim> c' \<Longrightarrow> Q \<Turnstile> d \<sim> d' \<Longrightarrow>
gerwin@48909:   (\<And>s s'. (c,s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> Q s') \<Longrightarrow>
nipkow@52046:   P \<Turnstile> (c;; d) \<sim> (c';; d')"
gerwin@48909:   by (clarsimp simp: equiv_up_to_def) blast
kleing@44070: 
kleing@44070: lemma equiv_up_to_while_lemma:
gerwin@48909:   shows "(d,s) \<Rightarrow> s' \<Longrightarrow>
kleing@44070:          P \<Turnstile> b <\<sim>> b' \<Longrightarrow>
gerwin@48909:          (\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c' \<Longrightarrow>
gerwin@48909:          (\<And>s s'. (c, s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> bval b s \<Longrightarrow> P s') \<Longrightarrow>
gerwin@48909:          P s \<Longrightarrow>
gerwin@48909:          d = WHILE b DO c \<Longrightarrow>
gerwin@48909:          (WHILE b' DO c', s) \<Rightarrow> s'"
nipkow@45015: proof (induction rule: big_step_induct)
kleing@44070:   case (WhileTrue b s1 c s2 s3)
gerwin@48909:   hence IH: "P s2 \<Longrightarrow> (WHILE b' DO c', s2) \<Rightarrow> s3" by auto
kleing@44070:   from WhileTrue.prems
kleing@44070:   have "P \<Turnstile> b <\<sim>> b'" by simp
kleing@44070:   with `bval b s1` `P s1`
kleing@44070:   have "bval b' s1" by (simp add: bequiv_up_to_def)
kleing@44070:   moreover
kleing@44070:   from WhileTrue.prems
kleing@44070:   have "(\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c'" by simp
kleing@44070:   with `bval b s1` `P s1` `(c, s1) \<Rightarrow> s2`
kleing@44070:   have "(c', s1) \<Rightarrow> s2" by (simp add: equiv_up_to_def)
kleing@44070:   moreover
kleing@44070:   from WhileTrue.prems
gerwin@48909:   have "\<And>s s'. (c,s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> bval b s \<Longrightarrow> P s'" by simp
kleing@44070:   with `P s1` `bval b s1` `(c, s1) \<Rightarrow> s2`
gerwin@48909:   have "P s2" by simp
kleing@44070:   hence "(WHILE b' DO c', s2) \<Rightarrow> s3" by (rule IH)
gerwin@48909:   ultimately
kleing@44070:   show ?case by blast
kleing@44070: next
kleing@44070:   case WhileFalse
kleing@44070:   thus ?case by (auto simp: bequiv_up_to_def)
gerwin@48909: qed (fastforce simp: equiv_up_to_def bequiv_up_to_def)+
kleing@44070: 
kleing@44070: lemma bequiv_context_subst:
kleing@44070:   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> (P s \<and> bval b s) = (P s \<and> bval b' s)"
kleing@44070:   by (auto simp: bequiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_to_while:
gerwin@48909:   assumes b: "P \<Turnstile> b <\<sim>> b'"
gerwin@48909:   assumes c: "(\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c'"
gerwin@48909:   assumes I: "\<And>s s'. (c, s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> bval b s \<Longrightarrow> P s'"
gerwin@48909:   shows "P \<Turnstile> WHILE b DO c \<sim> WHILE b' DO c'"
gerwin@48909: proof -
gerwin@48909:   from b have b': "P \<Turnstile> b' <\<sim>> b" by (simp add: bequiv_up_to_sym)
gerwin@48909: 
gerwin@48909:   from c b have c': "(\<lambda>s. P s \<and> bval b' s) \<Turnstile> c' \<sim> c"
gerwin@48909:     by (simp add: equiv_up_to_sym bequiv_context_subst)
gerwin@48909: 
gerwin@48909:   from I
gerwin@48909:   have I': "\<And>s s'. (c', s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> bval b' s \<Longrightarrow> P s'"
gerwin@48909:     by (auto dest!: equiv_up_toD1 [OF c'] simp: bequiv_up_to_subst [OF b'])
gerwin@48909: 
gerwin@48909:   note equiv_up_to_while_lemma [OF _ b c]
gerwin@48909:        equiv_up_to_while_lemma [OF _ b' c']
gerwin@48909:   thus ?thesis using I I' by (auto intro!: equiv_up_toI)
gerwin@48909: qed
kleing@44070: 
kleing@44070: lemma equiv_up_to_while_weak:
gerwin@48909:   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P \<Turnstile> c \<sim> c' \<Longrightarrow>
gerwin@48909:    (\<And>s s'. (c, s) \<Rightarrow> s' \<Longrightarrow> P s \<Longrightarrow> bval b s \<Longrightarrow> P s') \<Longrightarrow>
kleing@44070:    P \<Turnstile> WHILE b DO c \<sim> WHILE b' DO c'"
gerwin@48909:   by (fastforce elim!: equiv_up_to_while equiv_up_to_weaken)
kleing@44070: 
kleing@44070: lemma equiv_up_to_if:
huffman@44261:   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> (\<lambda>s. P s \<and> bval b s) \<Turnstile> c \<sim> c' \<Longrightarrow> (\<lambda>s. P s \<and> \<not>bval b s) \<Turnstile> d \<sim> d' \<Longrightarrow>
kleing@44070:    P \<Turnstile> IF b THEN c ELSE d \<sim> IF b' THEN c' ELSE d'"
kleing@44070:   by (auto simp: bequiv_up_to_def equiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_to_if_weak:
kleing@44070:   "P \<Turnstile> b <\<sim>> b' \<Longrightarrow> P \<Turnstile> c \<sim> c' \<Longrightarrow> P \<Turnstile> d \<sim> d' \<Longrightarrow>
kleing@44070:    P \<Turnstile> IF b THEN c ELSE d \<sim> IF b' THEN c' ELSE d'"
nipkow@44890:   by (fastforce elim!: equiv_up_to_if equiv_up_to_weaken)
kleing@44070: 
kleing@44070: lemma equiv_up_to_if_True [intro!]:
kleing@44070:   "(\<And>s. P s \<Longrightarrow> bval b s) \<Longrightarrow> P \<Turnstile> IF b THEN c1 ELSE c2 \<sim> c1"
gerwin@48909:   by (auto simp: equiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_to_if_False [intro!]:
kleing@44070:   "(\<And>s. P s \<Longrightarrow> \<not> bval b s) \<Longrightarrow> P \<Turnstile> IF b THEN c1 ELSE c2 \<sim> c2"
kleing@44070:   by (auto simp: equiv_up_to_def)
kleing@44070: 
kleing@44070: lemma equiv_up_to_while_False [intro!]:
kleing@44070:   "(\<And>s. P s \<Longrightarrow> \<not> bval b s) \<Longrightarrow> P \<Turnstile> WHILE b DO c \<sim> SKIP"
kleing@44070:   by (auto simp: equiv_up_to_def)
kleing@44070: 
nipkow@45200: lemma while_never: "(c, s) \<Rightarrow> u \<Longrightarrow> c \<noteq> WHILE (Bc True) DO c'"
kleing@44070:  by (induct rule: big_step_induct) auto
gerwin@48909: 
kleing@44070: lemma equiv_up_to_while_True [intro!,simp]:
nipkow@45200:   "P \<Turnstile> WHILE Bc True DO c \<sim> WHILE Bc True DO SKIP"
kleing@44070:   unfolding equiv_up_to_def
kleing@44070:   by (blast dest: while_never)
kleing@44070: 
kleing@44070: 
huffman@44261: end