diff -r 11402be6e4b0 -r 06c1998340a8 src/HOL/NanoJava/AxSem.thy --- a/src/HOL/NanoJava/AxSem.thy Tue Aug 07 22:42:22 2001 +0200 +++ b/src/HOL/NanoJava/AxSem.thy Wed Aug 08 12:36:48 2001 +0200 @@ -9,102 +9,150 @@ theory AxSem = State: types assn = "state => bool" - triple = "assn \ stmt \ assn" + vassn = "val \ assn" + triple = "assn \ stmt \ assn" + etriple = "assn \ expr \ vassn" translations "assn" \ (type)"state => bool" - "triple" \ (type)"assn \ stmt \ assn" + "vassn" \ (type)"val => assn" + "triple" \ (type)"assn \ stmt \ assn" + "etriple" \ (type)"assn \ expr \ vassn" -consts hoare :: "(triple set \ triple set) set" +consts hoare :: "(triple set \ triple set) set" +consts ehoare :: "(triple set \ etriple ) set" syntax (xsymbols) "@hoare" :: "[triple set, triple set ] => bool" ("_ |\/ _" [61,61] 60) "@hoare1" :: "[triple set, assn,stmt,assn] => bool" ("_ \/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3]60) +"@ehoare" :: "[triple set, etriple ] => bool" ("_ |\e/ _"[61,61]60) +"@ehoare1" :: "[triple set, assn,expr,vassn]=> bool" + ("_ \e/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3]60) syntax "@hoare" :: "[triple set, triple set ] => bool" ("_ ||-/ _" [61,61] 60) "@hoare1" :: "[triple set, assn,stmt,assn] => bool" ("_ |-/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3] 60) +"@ehoare" :: "[triple set, etriple ] => bool" ("_ ||-e/ _"[61,61] 60) +"@ehoare1" :: "[triple set, assn,expr,vassn]=> bool" + ("_ |-e/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3] 60) -translations "A |\ C" \ "(A,C) \ hoare" - "A \ {P}c{Q}" \ "A |\ {(P,c,Q)}" +translations "A |\ C" \ "(A,C) \ hoare" + "A \ {P}c{Q}" \ "A |\ {(P,c,Q)}" + "A |\e t" \ "(A,t) \ ehoare" + "A |\e (P,e,Q)" \ "(A,P,e,Q) \ ehoare" (** shouldn't be necess.**) + "A \e{P}e{Q}" \ "A |\e (P,e,Q)" -inductive hoare + +inductive hoare ehoare intros Skip: "A |- {P} Skip {P}" Comp: "[| A |- {P} c1 {Q}; A |- {Q} c2 {R} |] ==> A |- {P} c1;;c2 {R}" - Cond: "[| A |- {\s. P s \ s \ Null} c1 {Q}; - A |- {\s. P s \ s = Null} c2 {Q} |] ==> - A |- {P} If(e) c1 Else c2 {Q}" + Cond: "[| A |-e {P} e {Q}; + \v. A |- {Q v} (if v \ Null then c1 else c2) {R} |] ==> + A |- {P} If(e) c1 Else c2 {R}" + + Loop: "A |- {\s. P s \ s \ Null} c {P} ==> + A |- {P} While(x) c {\s. P s \ s = Null}" - Loop: "A |- {\s. P s \ s \ Null} c {P} ==> - A |- {P} While(e) c {\s. P s \ s = Null}" + LAcc: "A |-e {\s. P (s) s} LAcc x {P}" - NewC: "A |- {\s.\a. new_Addr s=Addr a--> P (lupd(x|->Addr a)(new_obj a C s))} - x:=new C {P}" + LAss: "A |-e {P} e {\v s. Q (lupd(x\v) s)} ==> + A |- {P} x:==e {Q}" + + FAcc: "A |-e {P} e {\v s. \a. v=Addr a --> Q (get_field s a f) s} ==> + A |-e {P} e..f {Q}" - Cast: "A |- {\s.(case s of Null=> True | Addr a=> obj_class s a <=C C) --> - P (lupd(x|->s) s)} x:=(C)y {P}" + FAss: "[| A |-e {P} e1 {\v s. \a. v=Addr a --> Q a s}; + \a. A |-e {Q a} e2 {\v s. R (upd_obj a f v s)} |] ==> + A |- {P} e1..f:==e2 {R}" - FAcc: "A |- {\s.\a. s=Addr a-->P(lupd(x|->get_field s a f) s)} x:=y..f{P}" + NewC: "A |-e {\s. \a. new_Addr s = Addr a --> P (Addr a) (new_obj a C s)} + new C {P}" - FAss: "A |- {\s. \a. s=Addr a --> P (upd_obj a f (s) s)} y..f:=x {P}" + Cast: "A |-e {P} e {\v s. (case v of Null => True + | Addr a => obj_class s a <=C C) --> Q v s} ==> + A |-e {P} Cast C e {Q}" - Call: "\l. A |- {\s'. \s. P s \ l = s \ - s' = lupd(This|->s)(lupd(Param|->s

)(init_locs C m s))} - Meth C m {\s. Q (lupd(x|->s)(set_locs l s))} ==> - A |- {P} x:={C}y..m(p) {Q}" + Call: "[| A |-e {P} e1 {Q}; \a. A |-e {Q a} e2 {R a}; + \a p l. A |- {\s'. \s. R a p s \ l = s \ + s' = lupd(This\a)(lupd(Param\p)(init_locs C m s))} + Meth C m {\s. S (s) (set_locs l s)} |] ==> + A |-e {P} {C}e1..m(e2) {S}" Meth: "\D. A |- {\s. \a. s = Addr a \ D=obj_class s a \ D <=C C \ P s} Impl D m {Q} ==> A |- {P} Meth C m {Q}" (*\z instead of \z in the conclusion and - z restricted to type state due to limitations of the inductive paackage *) + z restricted to type state due to limitations of the inductive package *) Impl: "A\ (\z::state. (\(C,m). (P z C m, Impl C m, Q z C m))`ms) ||- (\z::state. (\(C,m). (P z C m, body C m, Q z C m))`ms) ==> A ||- (\z::state. (\(C,m). (P z C m, Impl C m, Q z C m))`ms)" (* structural rules *) - (* z restricted to type state due to limitations of the inductive paackage *) + Asm: " a \ A ==> A ||- {a}" + + ConjI: " \c \ C. A ||- {c} ==> A ||- C" + + ConjE: "[|A ||- C; c \ C |] ==> A ||- {c}" + + (* z restricted to type state due to limitations of the inductive package *) Conseq:"[| \z::state. A |- {P' z} c {Q' z}; \s t. (\z::state. P' z s --> Q' z t) --> (P s --> Q t) |] ==> A |- {P} c {Q }" - Asm: " a \ A ==> A ||- {a}" - - ConjI: " \c \ C. A ||- {c} ==> A ||- C" - - ConjE: "[|A ||- C; c \ C |] ==> A ||- {c}"; + (* z restricted to type state due to limitations of the inductive package *) + eConseq:"[| \z::state. A |-e {P' z} c {Q' z}; + \s v t. (\z::state. P' z s --> Q' z v t) --> (P s --> Q v t) |] ==> + A |-e {P} c {Q }" subsection "Derived Rules" lemma Conseq1: "\A \ {P'} c {Q}; \s. P s \ P' s\ \ A \ {P} c {Q}" -apply (rule hoare.Conseq) +apply (rule hoare_ehoare.Conseq) +apply (rule allI, assumption) +apply fast +done + +lemma Conseq2: "\A \ {P} c {Q'}; \t. Q' t \ Q t\ \ A \ {P} c {Q}" +apply (rule hoare_ehoare.Conseq) +apply (rule allI, assumption) +apply fast +done + +lemma eConseq1: "\A \e {P'} e {Q}; \s. P s \ P' s\ \ A \e {P} e {Q}" +apply (rule hoare_ehoare.eConseq) +apply (rule allI, assumption) +apply fast +done + +lemma eConseq2: "\A \e {P} e {Q'}; \v t. Q' v t \ Q v t\ \ A \e {P} e {Q}" +apply (rule hoare_ehoare.eConseq) apply (rule allI, assumption) apply fast done lemma Weaken: "\A |\ C'; C \ C'\ \ A |\ C" -apply (rule hoare.ConjI) +apply (rule hoare_ehoare.ConjI) apply clarify -apply (drule hoare.ConjE) +apply (drule hoare_ehoare.ConjE) apply fast apply assumption done lemma Union: "A |\ (\z. C z) = (\z. A |\ C z)" -by (auto intro: hoare.ConjI hoare.ConjE) +by (auto intro: hoare_ehoare.ConjI hoare_ehoare.ConjE) lemma Impl': "\z. A\ (\z. (\(C,m). (P z C m, Impl C m, Q (z::state) C m))`ms) ||- (\(C,m). (P z C m, body C m, Q (z::state) C m))`ms ==> A ||- (\(C,m). (P z C m, Impl C m, Q (z::state) C m))`ms" apply (drule Union[THEN iffD2]) -apply (drule hoare.Impl) +apply (drule hoare_ehoare.Impl) apply (drule Union[THEN iffD1]) apply (erule spec) done