# HG changeset patch # User nipkow # Date 1389594831 -3600 # Node ID c65fd9218ea13cfefccf48ad5a07c6fef969d93b # Parent 81fff1c659438520fd02bbce86bc34fb87801ac8 tuned diff -r 81fff1c65943 -r c65fd9218ea1 src/HOL/IMP/VCG.thy --- a/src/HOL/IMP/VCG.thy Sun Jan 12 18:42:06 2014 +0100 +++ b/src/HOL/IMP/VCG.thy Mon Jan 13 07:33:51 2014 +0100 @@ -37,26 +37,26 @@ text{* Verification condition: *} -fun vc :: "acom \ assn \ assn" where -"vc SKIP Q = (\s. True)" | -"vc (x ::= a) Q = (\s. True)" | -"vc (C\<^sub>1;; C\<^sub>2) Q = (\s. vc C\<^sub>1 (pre C\<^sub>2 Q) s \ vc C\<^sub>2 Q s)" | -"vc (IF b THEN C\<^sub>1 ELSE C\<^sub>2) Q = (\s. vc C\<^sub>1 Q s \ vc C\<^sub>2 Q s)" | +fun vc :: "acom \ assn \ bool" where +"vc SKIP Q = True" | +"vc (x ::= a) Q = True" | +"vc (C\<^sub>1;; C\<^sub>2) Q = (vc C\<^sub>1 (pre C\<^sub>2 Q) \ vc C\<^sub>2 Q)" | +"vc (IF b THEN C\<^sub>1 ELSE C\<^sub>2) Q = (vc C\<^sub>1 Q \ vc C\<^sub>2 Q)" | "vc ({I} WHILE b DO C) Q = - (\s. (I s \ bval b s \ pre C I s) \ - (I s \ \ bval b s \ Q s) \ - vc C I s)" + ((\s. (I s \ bval b s \ pre C I s) \ + (I s \ \ bval b s \ Q s)) \ + vc C I)" text {* Soundness: *} -lemma vc_sound: "\s. vc C Q s \ \ {pre C Q} strip C {Q}" +lemma vc_sound: "vc C Q \ \ {pre C Q} strip C {Q}" proof(induction C arbitrary: Q) case (Awhile I b C) show ?case proof(simp, rule While') - from `\s. vc (Awhile I b C) Q s` - have vc: "\s. vc C I s" and IQ: "\s. I s \ \ bval b s \ Q s" and + from `vc (Awhile I b C) Q` + have vc: "vc C I" and IQ: "\s. I s \ \ bval b s \ Q s" and pre: "\s. I s \ bval b s \ pre C I s" by simp_all have "\ {pre C I} strip C {I}" by(rule Awhile.IH[OF vc]) with pre show "\ {\s. I s \ bval b s} strip C {I}" @@ -66,7 +66,7 @@ qed (auto intro: hoare.conseq) corollary vc_sound': - "\ \s. vc C Q s; \s. P s \ pre C Q s \ \ \ {P} strip C {Q}" + "\ vc C Q; \s. P s \ pre C Q s \ \ \ {P} strip C {Q}" by (metis strengthen_pre vc_sound) @@ -79,13 +79,13 @@ qed simp_all lemma vc_mono: - "\s. P s \ P' s \ vc C P s \ vc C P' s" + "\s. P s \ P' s \ vc C P \ vc C P'" proof(induction C arbitrary: P P') case Aseq thus ?case by simp (metis pre_mono) qed simp_all lemma vc_complete: - "\ {P}c{Q} \ \C. strip C = c \ (\s. vc C Q s) \ (\s. P s \ pre C Q s)" + "\ {P}c{Q} \ \C. strip C = c \ vc C Q \ (\s. P s \ pre C Q s)" (is "_ \ \C. ?G P c Q C") proof (induction rule: hoare.induct) case Skip