# HG changeset patch # User nipkow # Date 1323807338 -3600 # Node ID dadd139192d172426b0a04d57b99cd1a239d8a07 # Parent 9c232d370244c757eadf70094677f9e827d2b321 added concrete syntax diff -r 9c232d370244 -r dadd139192d1 src/HOL/IMP/VC.thy --- a/src/HOL/IMP/VC.thy Tue Dec 13 16:53:28 2011 +0100 +++ b/src/HOL/IMP/VC.thy Tue Dec 13 21:15:38 2011 +0100 @@ -7,16 +7,17 @@ text{* Annotated commands: commands where loops are annotated with invariants. *} -datatype acom = Askip - | Aassign vname aexp - | Asemi acom acom - | Aif bexp acom acom - | Awhile assn bexp acom +datatype acom = + ASKIP | + Aassign vname aexp ("(_ ::= _)" [1000, 61] 61) | + Asemi acom acom ("_;/ _" [60, 61] 60) | + Aif bexp acom acom ("(IF _/ THEN _/ ELSE _)" [0, 0, 61] 61) | + Awhile assn bexp acom ("({_}/ WHILE _/ DO _)" [0, 0, 61] 61) text{* Weakest precondition from annotated commands: *} fun pre :: "acom \ assn \ assn" where -"pre Askip Q = Q" | +"pre ASKIP Q = Q" | "pre (Aassign x a) Q = (\s. Q(s(x := aval a s)))" | "pre (Asemi c\<^isub>1 c\<^isub>2) Q = pre c\<^isub>1 (pre c\<^isub>2 Q)" | "pre (Aif b c\<^isub>1 c\<^isub>2) Q = @@ -27,7 +28,7 @@ text{* Verification condition: *} fun vc :: "acom \ assn \ assn" where -"vc Askip Q = (\s. True)" | +"vc ASKIP Q = (\s. True)" | "vc (Aassign x a) Q = (\s. True)" | "vc (Asemi c\<^isub>1 c\<^isub>2) Q = (\s. vc c\<^isub>1 (pre c\<^isub>2 Q) s \ vc c\<^isub>2 Q s)" | "vc (Aif b c\<^isub>1 c\<^isub>2) Q = (\s. vc c\<^isub>1 Q s \ vc c\<^isub>2 Q s)" | @@ -38,17 +39,16 @@ text{* Strip annotations: *} -fun astrip :: "acom \ com" where -"astrip Askip = SKIP" | -"astrip (Aassign x a) = (x::=a)" | -"astrip (Asemi c\<^isub>1 c\<^isub>2) = (astrip c\<^isub>1; astrip c\<^isub>2)" | -"astrip (Aif b c\<^isub>1 c\<^isub>2) = (IF b THEN astrip c\<^isub>1 ELSE astrip c\<^isub>2)" | -"astrip (Awhile I b c) = (WHILE b DO astrip c)" - +fun strip :: "acom \ com" where +"strip ASKIP = SKIP" | +"strip (Aassign x a) = (x::=a)" | +"strip (Asemi c\<^isub>1 c\<^isub>2) = (strip c\<^isub>1; strip c\<^isub>2)" | +"strip (Aif b c\<^isub>1 c\<^isub>2) = (IF b THEN strip c\<^isub>1 ELSE strip c\<^isub>2)" | +"strip (Awhile I b c) = (WHILE b DO strip c)" subsection "Soundness" -lemma vc_sound: "\s. vc c Q s \ \ {pre c Q} astrip c {Q}" +lemma vc_sound: "\s. vc c Q s \ \ {pre c Q} strip c {Q}" proof(induction c arbitrary: Q) case (Awhile I b c) show ?case @@ -56,15 +56,15 @@ from `\s. vc (Awhile I b c) Q s` have vc: "\s. vc c I s" and IQ: "\s. I s \ \ bval b s \ Q s" and pre: "\s. I s \ bval b s \ pre c I s" by simp_all - have "\ {pre c I} astrip c {I}" by(rule Awhile.IH[OF vc]) - with pre show "\ {\s. I s \ bval b s} astrip c {I}" + have "\ {pre c I} strip c {I}" by(rule Awhile.IH[OF vc]) + with pre show "\ {\s. I s \ bval b s} strip c {I}" by(rule strengthen_pre) show "\s. I s \ \bval b s \ Q s" by(rule IQ) qed qed (auto intro: hoare.conseq) corollary vc_sound': - "(\s. vc c Q s) \ (\s. P s \ pre c Q s) \ \ {P} astrip c {Q}" + "(\s. vc c Q s) \ (\s. P s \ pre c Q s) \ \ {P} strip c {Q}" by (metis strengthen_pre vc_sound) @@ -83,12 +83,12 @@ qed simp_all lemma vc_complete: - "\ {P}c{Q} \ \c'. astrip c' = c \ (\s. vc c' Q s) \ (\s. P s \ pre c' Q s)" + "\ {P}c{Q} \ \c'. strip c' = c \ (\s. vc c' Q s) \ (\s. P s \ pre c' Q s)" (is "_ \ \c'. ?G P c Q c'") proof (induction rule: hoare.induct) case Skip show ?case (is "\ac. ?C ac") - proof show "?C Askip" by simp qed + proof show "?C ASKIP" by simp qed next case (Assign P a x) show ?case (is "\ac. ?C ac") @@ -125,7 +125,7 @@ subsection "An Optimization" fun vcpre :: "acom \ assn \ assn \ assn" where -"vcpre Askip Q = (\s. True, Q)" | +"vcpre ASKIP Q = (\s. True, Q)" | "vcpre (Aassign x a) Q = (\s. True, \s. Q(s[a/x]))" | "vcpre (Asemi c\<^isub>1 c\<^isub>2) Q = (let (vc\<^isub>2,wp\<^isub>2) = vcpre c\<^isub>2 Q;