diff -r 75873e94357c -r 1c4672d130b1 src/HOL/NanoJava/AxSem.thy --- a/src/HOL/NanoJava/AxSem.thy Wed Jul 11 11:27:46 2007 +0200 +++ b/src/HOL/NanoJava/AxSem.thy Wed Jul 11 11:28:13 2007 +0200 @@ -18,116 +18,102 @@ "triple" \ (type)"assn \ stmt \ assn" "etriple" \ (type)"assn \ expr \ vassn" -consts hoare :: "(triple set \ triple set) set" -consts ehoare :: "(triple set \ etriple ) set" -syntax (xsymbols) - "@hoare" :: "[triple set, triple set ] => bool" ("_ |\/ _" [61,61] 60) - "@hoare1" :: "[triple set, assn,stmt,assn] => bool" - ("_ \/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3]60) -"@ehoare" :: "[triple set, etriple ] => bool" ("_ |\\<^sub>e/ _"[61,61]60) -"@ehoare1" :: "[triple set, assn,expr,vassn]=> bool" - ("_ \\<^sub>e/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3]60) -syntax - "@hoare" :: "[triple set, triple set ] => bool" ("_ ||-/ _" [61,61] 60) - "@hoare1" :: "[triple set, assn,stmt,assn] => bool" - ("_ |-/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3] 60) -"@ehoare" :: "[triple set, etriple ] => bool" ("_ ||-e/ _"[61,61] 60) -"@ehoare1" :: "[triple set, assn,expr,vassn]=> bool" - ("_ |-e/ ({(1_)}/ (_)/ {(1_)})" [61,3,90,3] 60) - -translations "A |\ C" \ "(A,C) \ hoare" - "A \ {P}c{Q}" \ "A |\ {(P,c,Q)}" - "A |\\<^sub>e t" \ "(A,t) \ ehoare" - "A |\\<^sub>e (P,e,Q)" \ "(A,P,e,Q) \ ehoare" (* shouldn't be necessary *) - "A \\<^sub>e {P}e{Q}" \ "A |\\<^sub>e (P,e,Q)" - subsection "Hoare Logic Rules" -inductive hoare ehoare -intros - - Skip: "A |- {P} Skip {P}" - - Comp: "[| A |- {P} c1 {Q}; A |- {Q} c2 {R} |] ==> A |- {P} c1;;c2 {R}" +inductive + hoare :: "[triple set, triple set] => bool" ("_ |\/ _" [61, 61] 60) + and ehoare :: "[triple set, etriple] => bool" ("_ |\\<^sub>e/ _" [61, 61] 60) + and hoare1 :: "[triple set, assn,stmt,assn] => bool" + ("_ \/ ({(1_)}/ (_)/ {(1_)})" [61, 3, 90, 3] 60) + and ehoare1 :: "[triple set, assn,expr,vassn]=> bool" + ("_ \\<^sub>e/ ({(1_)}/ (_)/ {(1_)})" [61, 3, 90, 3] 60) +where - Cond: "[| A |-e {P} e {Q}; - \v. A |- {Q v} (if v \ Null then c1 else c2) {R} |] ==> - A |- {P} If(e) c1 Else c2 {R}" + "A \ {P}c{Q} \ A |\ {(P,c,Q)}" +| "A \\<^sub>e {P}e{Q} \ A |\\<^sub>e (P,e,Q)" - Loop: "A |- {\s. P s \ s \ Null} c {P} ==> - A |- {P} While(x) c {\s. P s \ s = Null}" +| Skip: "A \ {P} Skip {P}" + +| Comp: "[| A \ {P} c1 {Q}; A \ {Q} c2 {R} |] ==> A \ {P} c1;;c2 {R}" - LAcc: "A |-e {\s. P (s) s} LAcc x {P}" +| Cond: "[| A \\<^sub>e {P} e {Q}; + \v. A \ {Q v} (if v \ Null then c1 else c2) {R} |] ==> + A \ {P} If(e) c1 Else c2 {R}" - LAss: "A |-e {P} e {\v s. Q (lupd(x\v) s)} ==> - A |- {P} x:==e {Q}" +| Loop: "A \ {\s. P s \ s \ Null} c {P} ==> + A \ {P} While(x) c {\s. P s \ s = Null}" + +| LAcc: "A \\<^sub>e {\s. P (s) s} LAcc x {P}" - FAcc: "A |-e {P} e {\v s. \a. v=Addr a --> Q (get_field s a f) s} ==> - A |-e {P} e..f {Q}" +| LAss: "A \\<^sub>e {P} e {\v s. Q (lupd(x\v) s)} ==> + A \ {P} x:==e {Q}" + +| FAcc: "A \\<^sub>e {P} e {\v s. \a. v=Addr a --> Q (get_field s a f) s} ==> + A \\<^sub>e {P} e..f {Q}" - FAss: "[| A |-e {P} e1 {\v s. \a. v=Addr a --> Q a s}; - \a. A |-e {Q a} e2 {\v s. R (upd_obj a f v s)} |] ==> - A |- {P} e1..f:==e2 {R}" +| FAss: "[| A \\<^sub>e {P} e1 {\v s. \a. v=Addr a --> Q a s}; + \a. A \\<^sub>e {Q a} e2 {\v s. R (upd_obj a f v s)} |] ==> + A \ {P} e1..f:==e2 {R}" - NewC: "A |-e {\s. \a. new_Addr s = Addr a --> P (Addr a) (new_obj a C s)} +| NewC: "A \\<^sub>e {\s. \a. new_Addr s = Addr a --> P (Addr a) (new_obj a C s)} new C {P}" - Cast: "A |-e {P} e {\v s. (case v of Null => True +| Cast: "A \\<^sub>e {P} e {\v s. (case v of Null => True | Addr a => obj_class s a <=C C) --> Q v s} ==> - A |-e {P} Cast C e {Q}" + A \\<^sub>e {P} Cast C e {Q}" - Call: "[| A |-e {P} e1 {Q}; \a. A |-e {Q a} e2 {R a}; - \a p ls. A |- {\s'. \s. R a p s \ ls = s \ +| Call: "[| A \\<^sub>e {P} e1 {Q}; \a. A \\<^sub>e {Q a} e2 {R a}; + \a p ls. A \ {\s'. \s. R a p s \ ls = s \ s' = lupd(This\a)(lupd(Par\p)(del_locs s))} Meth (C,m) {\s. S (s) (set_locs ls s)} |] ==> - A |-e {P} {C}e1..m(e2) {S}" + A \\<^sub>e {P} {C}e1..m(e2) {S}" - Meth: "\D. A |- {\s'. \s a. s = Addr a \ D = obj_class s a \ D <=C C \ +| Meth: "\D. A \ {\s'. \s a. s = Addr a \ D = obj_class s a \ D <=C C \ P s \ s' = init_locs D m s} Impl (D,m) {Q} ==> - A |- {P} Meth (C,m) {Q}" + A \ {P} Meth (C,m) {Q}" --{* @{text "\Z"} instead of @{text "\Z"} in the conclusion and\\ Z restricted to type state due to limitations of the inductive package *} - Impl: "\Z::state. A\ (\Z. (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) ||- +| Impl: "\Z::state. A\ (\Z. (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) |\ (\Cm. (P Z Cm, body Cm, Q Z Cm))`Ms ==> - A ||- (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms" + A |\ (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms" --{* structural rules *} - Asm: " a \ A ==> A ||- {a}" +| Asm: " a \ A ==> A |\ {a}" - ConjI: " \c \ C. A ||- {c} ==> A ||- C" +| ConjI: " \c \ C. A |\ {c} ==> A |\ C" - ConjE: "[|A ||- C; c \ C |] ==> A ||- {c}" +| ConjE: "[|A |\ C; c \ C |] ==> A |\ {c}" --{* Z restricted to type state due to limitations of the inductive package *} - Conseq:"[| \Z::state. A |- {P' Z} c {Q' Z}; +| Conseq:"[| \Z::state. A \ {P' Z} c {Q' Z}; \s t. (\Z. P' Z s --> Q' Z t) --> (P s --> Q t) |] ==> - A |- {P} c {Q }" + A \ {P} c {Q }" --{* Z restricted to type state due to limitations of the inductive package *} - eConseq:"[| \Z::state. A |-e {P' Z} e {Q' Z}; +| eConseq:"[| \Z::state. A \\<^sub>e {P' Z} e {Q' Z}; \s v t. (\Z. P' Z s --> Q' Z v t) --> (P s --> Q v t) |] ==> - A |-e {P} e {Q }" + A \\<^sub>e {P} e {Q }" subsection "Fully polymorphic variants, required for Example only" axioms - Conseq:"[| \Z. A |- {P' Z} c {Q' Z}; + Conseq:"[| \Z. A \ {P' Z} c {Q' Z}; \s t. (\Z. P' Z s --> Q' Z t) --> (P s --> Q t) |] ==> - A |- {P} c {Q }" + A \ {P} c {Q }" - eConseq:"[| \Z. A |-e {P' Z} e {Q' Z}; + eConseq:"[| \Z. A \\<^sub>e {P' Z} e {Q' Z}; \s v t. (\Z. P' Z s --> Q' Z v t) --> (P s --> Q v t) |] ==> - A |-e {P} e {Q }" + A \\<^sub>e {P} e {Q }" - Impl: "\Z. A\ (\Z. (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) ||- + Impl: "\Z. A\ (\Z. (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) |\ (\Cm. (P Z Cm, body Cm, Q Z Cm))`Ms ==> - A ||- (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms" + A |\ (\Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms" subsection "Derived Rules"