# HG changeset patch # User nipkow # Date 1369895271 -7200 # Node ID ee8e3eaad24c64bb0327e0ce546eb0d45786aa32 # Parent f9e68ba3f004e9eecebb46d3cef7375207446146 tuned diff -r f9e68ba3f004 -r ee8e3eaad24c src/HOL/IMP/HoareT.thy --- a/src/HOL/IMP/HoareT.thy Thu May 30 13:59:20 2013 +1000 +++ b/src/HOL/IMP/HoareT.thy Thu May 30 08:27:51 2013 +0200 @@ -1,6 +1,6 @@ (* Author: Tobias Nipkow *) -theory HoareT imports Hoare_Sound_Complete begin +theory HoareT imports Hoare_Sound_Complete Hoare_Examples begin subsection "Hoare Logic for Total Correctness" @@ -26,8 +26,8 @@ If: "\ \\<^sub>t {\s. P s \ bval b s} c\<^isub>1 {Q}; \\<^sub>t {\s. P s \ \ bval b s} c\<^isub>2 {Q} \ \ \\<^sub>t {P} IF b THEN c\<^isub>1 ELSE c\<^isub>2 {Q}" | While: - "\ \n::nat. \\<^sub>t {\s. P s \ bval b s \ T n s} c {\s. P s \ (\n'. T n' s \ n' < n)} \ - \ \\<^sub>t {\s. P s \ (\n. T n s)} WHILE b DO c {\s. P s \ \bval b s}" | + "\ \n::nat. \\<^sub>t {\s. P s \ bval b s \ T s n} c {\s. P s \ (\n'. T s n' \ n' < n)} \ + \ \\<^sub>t {\s. P s \ (\n. T s n)} WHILE b DO c {\s. P s \ \bval b s}" | conseq: "\ \s. P' s \ P s; \\<^sub>t {P}c{Q}; \s. Q s \ Q' s \ \ \\<^sub>t {P'}c{Q'}" @@ -47,37 +47,30 @@ by (simp add: strengthen_pre[OF _ Assign]) lemma While': -assumes "\n::nat. \\<^sub>t {\s. P s \ bval b s \ T n s} c {\s. P s \ (\n'. T n' s \ n' < n)}" +assumes "\n::nat. \\<^sub>t {\s. P s \ bval b s \ T s n} c {\s. P s \ (\n'. T s n' \ n' < n)}" and "\s. P s \ \ bval b s \ Q s" -shows "\\<^sub>t {\s. P s \ (\n. T n s)} WHILE b DO c {Q}" +shows "\\<^sub>t {\s. P s \ (\n. T s n)} WHILE b DO c {Q}" by(blast intro: assms(1) weaken_post[OF While assms(2)]) lemma While_fun: "\ \n::nat. \\<^sub>t {\s. P s \ bval b s \ f s = n} c {\s. P s \ f s < n}\ \ \\<^sub>t {P} WHILE b DO c {\s. P s \ \bval b s}" - by (rule While [where T="\n s. f s = n", simplified]) + by (rule While [where T="\s n. f s = n", simplified]) text{* Our standard example: *} -abbreviation "w n == - WHILE Less (V ''y'') (N n) - DO ( ''y'' ::= Plus (V ''y'') (N 1);; ''x'' ::= Plus (V ''x'') (V ''y'') )" - -lemma "\\<^sub>t {\s. 0 \ n} ''x'' ::= N 0;; ''y'' ::= N 0;; w n {\s. s ''x'' = \{1..n}}" +lemma "\\<^sub>t {\s. s ''x'' = i} ''y'' ::= N 0;; wsum {\s. s ''y'' = sum i}" apply(rule Seq) -prefer 2 -apply(rule While' - [where P = "\s. s ''x'' = \ {1..s ''y''} \ 0 \ s ''y'' \ s ''y'' \ n" - and T = "\n' s. n' = nat (n - s ''y'')"]) -apply(rule Seq) -prefer 2 -apply(rule Assign) -apply(rule Assign') -apply (simp add: atLeastAtMostPlus1_int_conv algebra_simps) -apply clarsimp -apply(rule Seq) -prefer 2 -apply(rule Assign) + prefer 2 + apply(rule While' [where P = "\s. (s ''y'' = sum i - sum(s ''x''))" + and T = "\s n. n = nat(s ''x'')"]) + apply(rule Seq) + prefer 2 + apply(rule Assign) + apply(rule Assign') + apply simp + apply(simp add: minus_numeral_simps(1)[symmetric] del: minus_numeral_simps) + apply(simp) apply(rule Assign') apply simp done @@ -90,7 +83,7 @@ case (While P b T c) { fix s n - have "\ P s; T n s \ \ \t. (WHILE b DO c, s) \ t \ P t \ \ bval b t" + have "\ P s; T s n \ \ \t. (WHILE b DO c, s) \ t \ P t \ \ bval b t" proof(induction "n" arbitrary: s rule: less_induct) case (less n) thus ?case by (metis While(2) WhileFalse WhileTrue) @@ -168,25 +161,25 @@ next case (While b c) let ?w = "WHILE b DO c" - let ?T = "\n s. Its b c s n" + let ?T = "Its b c" have "\s. wp\<^sub>t (WHILE b DO c) Q s \ wp\<^sub>t (WHILE b DO c) Q s \ (\n. Its b c s n)" unfolding wpt_def by (metis WHILE_Its) moreover { fix n { fix s t - assume "bval b s" "?T n s" "(?w, s) \ t" "Q t" + assume "bval b s" "?T s n" "(?w, s) \ t" "Q t" from `bval b s` `(?w, s) \ t` obtain s' where "(c,s) \ s'" "(?w,s') \ t" by auto - from `(?w, s') \ t` obtain n'' where "?T n'' s'" by (blast dest: WHILE_Its) + from `(?w, s') \ t` obtain n'' where "?T s' n''" by (blast dest: WHILE_Its) with `bval b s` `(c, s) \ s'` - have "?T (Suc n'') s" by (rule Its_Suc) - with `?T n s` have "n = Suc n''" by (rule Its_fun) - with `(c,s) \ s'` `(?w,s') \ t` `Q t` `?T n'' s'` - have "wp\<^sub>t c (\s'. wp\<^sub>t ?w Q s' \ (\n'. ?T n' s' \ n' < n)) s" + have "?T s (Suc n'')" by (rule Its_Suc) + with `?T s n` have "n = Suc n''" by (rule Its_fun) + with `(c,s) \ s'` `(?w,s') \ t` `Q t` `?T s' n''` + have "wp\<^sub>t c (\s'. wp\<^sub>t ?w Q s' \ (\n'. ?T s' n' \ n' < n)) s" by (auto simp: wpt_def) } - hence "\s. wp\<^sub>t ?w Q s \ bval b s \ ?T n s \ - wp\<^sub>t c (\s'. wp\<^sub>t ?w Q s' \ (\n'. ?T n' s' \ n' < n)) s" + hence "\s. wp\<^sub>t ?w Q s \ bval b s \ ?T s n \ + wp\<^sub>t c (\s'. wp\<^sub>t ?w Q s' \ (\n'. ?T s' n' \ n' < n)) s" unfolding wpt_def by auto (* by (metis WhileE Its_Suc Its_fun WHILE_Its lessI) *) note strengthen_pre[OF this While]