tm: thys/turing_basic.thy@6d89ed67ba27 (annotated)

39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	(* Title: Turing machines
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	Author: Xu Jian <xujian817@hotmail.com>
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3	Maintainer: Xu Jian
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4	*)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	theory turing_basic
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7	imports Main
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8	begin
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10	section {* Basic definitions of Turing machine *}
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12	definition
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	13	"iseven n \<equiv> \<exists>x. n = 2 * x"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	14
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	15	datatype action = W0 \| W1 \| L \| R \| Nop
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	16
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	17	datatype cell = Bk \| Oc
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	18
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	19	type_synonym tape = "cell list \<times> cell list"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	20
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	21	type_synonym state = nat
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	22
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	23	type_synonym instr = "action \<times> state"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	24
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	25	type_synonym tprog = "instr list"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	26
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	27	type_synonym config = "state \<times> tape"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	28
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	29	fun nth_of where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	30	"nth_of [] _ = None"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	31	\| "nth_of (x # xs) 0 = Some x"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	32	\| "nth_of (x # xs) (Suc n) = nth_of xs n"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	33
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	34	lemma nth_of_map [simp]:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	35	shows "nth_of (map f p) n = (case (nth_of p n) of None \<Rightarrow> None \| Some x \<Rightarrow> Some (f x))"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	36	apply(induct p arbitrary: n)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	37	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	38	apply(case_tac n)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	39	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	40	done
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	41
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	42	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	43	fetch :: "tprog \<Rightarrow> state \<Rightarrow> cell \<Rightarrow> instr"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	44	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	45	"fetch p 0 b = (Nop, 0)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	46	\| "fetch p (Suc s) Bk =
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	47	(case nth_of p (2 * s) of
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	48	Some i \<Rightarrow> i
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	49	\| None \<Rightarrow> (Nop, 0))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	50	\|"fetch p (Suc s) Oc =
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	51	(case nth_of p ((2 * s) + 1) of
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	52	Some i \<Rightarrow> i
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	53	\| None \<Rightarrow> (Nop, 0))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	54
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	55	lemma fetch_Nil [simp]:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	56	shows "fetch [] s b = (Nop, 0)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	57	apply(case_tac s)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	58	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	59	apply(case_tac b)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	60	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	61	done
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	62
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	63	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	64	update :: "action \<Rightarrow> tape \<Rightarrow> tape"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	65	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	66	"update W0 (l, r) = (l, Bk # (tl r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	67	\| "update W1 (l, r) = (l, Oc # (tl r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68	\| "update L (l, r) = (if l = [] then ([], Bk # r) else (tl l, (hd l) # r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	69	\| "update R (l, r) = (if r = [] then (Bk # l, []) else ((hd r) # l, tl r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	70	\| "update Nop (l, r) = (l, r)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	71
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	72	abbreviation
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	73	"read r == if (r = []) then Bk else hd r"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	74
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	75
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	76	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	77	step :: "config \<Rightarrow> tprog \<Rightarrow> config"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	78	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	79	"step (s, l, r) p = (let (a, s') = fetch p s (read r) in (s', update a (l, r)))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	80
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	81	fun steps :: "config \<Rightarrow> tprog \<Rightarrow> nat \<Rightarrow> config"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	82	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	83	"steps c p 0 = c" \|
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	84	"steps c p (Suc n) = steps (step c p) p n"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86	lemma step_red [simp]:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87	shows "steps c p (Suc n) = step (steps c p n) p"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88	by (induct n arbitrary: c) (auto)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90	lemma steps_add [simp]:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91	shows "steps c p (m + n) = steps (steps c p m) p n"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	92	by (induct m arbitrary: c) (auto)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	93
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	94	definition
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	95	tm_wf :: "tprog \<Rightarrow> bool"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	96	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	97	"tm_wf p = (length p \<ge> 2 \<and> iseven (length p) \<and> (\<forall>(a, s) \<in> set p. s \<le> length p div 2))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	98
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	99
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	100	(* FIXME: needed? *)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	101	lemma halt_lemma:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102	"\<lbrakk>wf LE; \<forall>n. (\<not> P (f n) \<longrightarrow> (f (Suc n), (f n)) \<in> LE)\<rbrakk> \<Longrightarrow> \<exists>n. P (f n)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	103	by (metis wf_iff_no_infinite_down_chain)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	104
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	105	abbreviation exponent :: "'a \<Rightarrow> nat \<Rightarrow> 'a list" ("_ \<up> _" [100, 99] 100)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	106	where "x \<up> n == replicate n x"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	107
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	108	definition tinres :: "cell list \<Rightarrow> cell list \<Rightarrow> bool"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	109	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	110	"tinres xs ys = (\<exists>n. xs = ys @ Bk \<up> n \<or> ys = xs @ Bk \<up> n)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	111
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	112	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	113	shift :: "tprog \<Rightarrow> nat \<Rightarrow> tprog"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	114	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	115	"shift p n = (map (\<lambda> (a, s). (a, (if s = 0 then 0 else s + n))) p)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	116
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	117
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	118	lemma length_shift [simp]:
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	119	"length (shift p n) = length p"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	120	by (simp)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	121
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	122	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	123	adjust :: "tprog \<Rightarrow> tprog"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	124	where
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	125	"adjust p = map (\<lambda> (a, s). (a, if s = 0 then ((length p) div 2) + 1 else s)) p"
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	126
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	127	lemma length_adjust[simp]:
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	128	shows "length (adjust p) = length p"
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	129	by (induct p) (auto)
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	130
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	131	definition
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	132	tm_comp :: "tprog \<Rightarrow> tprog \<Rightarrow> tprog" ("_ \|+\| _" [0, 0] 100)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	133	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	134	"tm_comp p1 p2 = ((adjust p1) @ (shift p2 ((length p1) div 2)))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	135
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	136	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	137	is_final :: "config \<Rightarrow> bool"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	138	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	139	"is_final (s, l, r) = (s = 0)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	140
40 a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	141	lemma is_final_steps:
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	142	assumes "is_final (s, l, r)"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	143	shows "is_final (steps (s, l, r) p n)"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	144	using assms by (induct n) (auto)
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	145
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	146	fun
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	147	holds_for :: "(tape \<Rightarrow> bool) \<Rightarrow> config \<Rightarrow> bool" ("_ holds'_for _" [100, 99] 100)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	148	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	149	"P holds_for (s, l, r) = P (l, r)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	150
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	151	lemma step_0 [simp]:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	152	shows "step (0, (l, r)) p = (0, (l, r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	153	by simp
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	154
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	155	lemma steps_0 [simp]:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	156	shows "steps (0, (l, r)) p n = (0, (l, r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	157	by (induct n) (simp_all)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	158
40 a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	159	lemma is_final_holds[simp]:
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	160	assumes "is_final c"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	161	shows "Q holds_for (steps c p n) = Q holds_for c"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	162	using assms
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	163	apply(induct n)
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	164	apply(case_tac [!] c)
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	165	apply(auto)
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	166	done
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	167
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	168	type_synonym assert = "tape \<Rightarrow> bool"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	169
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	170	definition assert_imp :: "assert \<Rightarrow> assert \<Rightarrow> bool" ("_ \<mapsto> _" [0, 0] 100)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	171	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	172	"assert_imp P Q = (\<forall>l r. P (l, r) \<longrightarrow> Q (l, r))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	173
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	174	lemma holds_for_imp:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	175	assumes "P holds_for c"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	176	and "P \<mapsto> Q"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	177	shows "Q holds_for c"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	178	using assms unfolding assert_imp_def by (case_tac c, auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	179
40 a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	180	lemma test:
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	181	assumes "is_final (steps (1, (l, r)) p n1)"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	182	and "is_final (steps (1, (l, r)) p n2)"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	183	shows "Q holds_for (steps (1, (l, r)) p n1) \<longleftrightarrow> Q holds_for (steps (1, (l, r)) p n2)"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	184	proof -
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	185	obtain n3 where "n1 = n2 + n3 \<or> n2 = n1 + n3"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	186	by (metis le_iff_add nat_le_linear)
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	187	with assms show "Q holds_for (steps (1, (l, r)) p n1) \<longleftrightarrow> Q holds_for (steps (1, (l, r)) p n2)"
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	188	by auto
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	189	qed
a37a21f7ccf4 updated test Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 39 diff changeset	190
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	191	definition
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	192	Hoare :: "assert \<Rightarrow> tprog \<Rightarrow> assert \<Rightarrow> bool" ("({(1_)}/ (_)/ {(1_)})" 50)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	193	where
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	194	"{P} p {Q} \<equiv>
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	195	(\<forall>l r. P (l, r) \<longrightarrow> (\<exists>n. is_final (steps (1, (l, r)) p n) \<and> Q holds_for (steps (1, (l, r)) p n)))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	196
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	197	lemma HoareI:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	198	assumes "\<And>l r. P (l, r) \<Longrightarrow> \<exists>n. is_final (steps (1, (l, r)) p n) \<and> Q holds_for (steps (1, (l, r)) p n)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	199	shows "{P} p {Q}"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	200	unfolding Hoare_def using assms by auto
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	201
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	202	text {*
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	203	{P1} A {Q1} {P2} B {Q2} Q1 \<mapsto> P2
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	204	-----------------------------------
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	205	{P1} A \|+\| B {Q2}
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	206	*}
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	207
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	208	lemma before_final:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	209	assumes "steps (1, tp) A n = (0, tp')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	210	obtains n' where "\<not> is_final (steps (1, tp) A n')" and "steps (1, tp) A (Suc n') = (0, tp')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	211	using assms
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	212	apply(induct n)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	213	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	214	by (metis is_final.simps step_red steps.simps steps_0 surj_pair)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	215
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	216	lemma t_merge_fetch_pre:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	217	assumes "fetch A s b = (ac, ns)" "s \<le> length A div 2" "tm_wf A" "s \<noteq> 0"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	218	shows "fetch (adjustA \|+\| B) s b = (ac, if ns = 0 then Suc (length A div 2) else ns)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	219	using assms
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	220	unfolding tm_comp_def
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	221	apply(induct A)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	222	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	223	apply(subgoal_tac "2 * (s - Suc 0) < length A \<and> Suc (2 * (s - Suc 0)) < length A")
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	224	apply(auto simp: tm_wf_def iseven_def tm_comp_def split: if_splits cell.splits)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	225	oops
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	226
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	227	lemma t_merge_pre_eq_step:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	228	"\<lbrakk>step (a, b, c) A = cf; tm_wf A; \<not> is_final cf\<rbrakk>
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	229	\<Longrightarrow> step (a, b, c) (A \|+\| B) = cf"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	230	apply(subgoal_tac "a \<le> length A div 2 \<and> a \<noteq> 0")
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	231	apply(simp)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	232	apply(case_tac "fetch A a (read c)", simp)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	233	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	234	oops
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	235
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	236	lemma t_merge_pre_eq:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	237	"\<lbrakk>steps (Suc 0, tp) A stp = cf; \<not> is_final cf; tm_wf A\<rbrakk>
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	238	\<Longrightarrow> steps (Suc 0, tp) (A \|+\| B) stp = cf"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	239	apply(induct stp arbitrary: cf)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	240	apply(auto)[1]
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	241	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	242	oops
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	243
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	244	lemma t_merge_pre_halt_same:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	245	assumes a_ht: "steps (1, tp) A n = (0, tp')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	246	and a_wf: "t_correct A"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	247	obtains n' where "steps (1, tp) (A \|+\| B) n' = (Suc (length A div 2), tp')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	248	proof -
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	249	assume a: "\<And>n. steps (1, tp) (A \|+\| B) n = (Suc (length A div 2), tp') \<Longrightarrow> thesis"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	250
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	251	obtain stp' where "\<not> is_final (steps (1, tp) A stp')" and "steps (1, tp) A (Suc stp') = (0, tp')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	252	using a_ht before_final by blast
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	253	then have "steps (1, tp) (A \|+\| B) (Suc stp') = (Suc (length A div 2), tp')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	254	sorry (using a_wf t_merge_pre_halt_same' by blast)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	255	with a show thesis by blast
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	256	qed
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	257
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	258
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	259
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	260	lemma steps_comp:
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	261	assumes a1: "steps (1, l, r) A n1 = (s1, l1, r1)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	262	and a2: "steps (1, l1, r1) B n2 = (s2, l2, r2)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	263	shows "steps (1, l, r) (A \|+\| B) (n1 + n2) = (s2, l2, r2)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	264	using assms
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	265	apply(induct n2)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	266	apply(simp)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	267	apply(simp add: tm_comp_def)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	268	oops
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	269
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	270	lemma Hoare_plus:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	271	assumes aimpb: "Q1 \<mapsto> P2"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	272	and A_wf : "tm_wf A"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	273	and B_wf : "tm_wf B"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	274	and A_halt : "{P1} A {Q1}"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	275	and B_halt : "{P2} B {Q2}"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	276	shows "{P1} A \|+\| B {Q2}"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	277	proof(rule HoareI)
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	278	fix l r
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	279	assume h: "P1 (l, r)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	280	then obtain n1 where a: "is_final (steps (1, l, r) A n1)" and b: "Q1 holds_for (steps (1, l, r) A n1)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	281	using A_halt unfolding Hoare_def by auto
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	282	from b aimpb have "P2 holds_for (steps (1, l, r) A n1)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	283	by (rule holds_for_imp)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	284	then obtain l' r' where "P2 (l', r')"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	285	apply(auto)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	286	apply(case_tac "steps (Suc 0, l, r) A n1")
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	287	apply(simp)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	288	done
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	289	then obtain n2 where a: "is_final (steps (1, l', r') B n2)" and b: "Q2 holds_for (steps (1, l', r') B n2)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	290	using B_halt unfolding Hoare_def by auto
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	291	show "\<exists>n. is_final (steps (1, l, r) (A \|+\| B) n) \<and> Q2 holds_for (steps (1, l, r) (A \|+\| B) n)"
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	292	apply(rule_tac x="n1 + n2" in exI)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	293	apply(rule conjI)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	294	apply(simp)
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	295	apply(simp only: steps_add[symmetric])
6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	296	sorry
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	297	qed
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	298
41 6d89ed67ba27 some experiments Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 40 diff changeset	299
39 a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	300
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	301
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	302
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	303	locale turing_merge =
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	304	fixes A :: "tprog" and B :: "tprog" and P1 :: "assert"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	305	and P2 :: "assert"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	306	and P3 :: "assert"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	307	and P4 :: "assert"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	308	and Q1:: "assert"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	309	and Q2 :: "assert"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	310	assumes
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	311	A_wf : "tm_wf A"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	312	and B_wf : "tm_wf B"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	313	and A_halt : "P1 tp \<Longrightarrow> \<exists> stp. let (s, tp') = steps (Suc 0, tp) A stp in s = 0 \<and> Q1 tp'"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	314	and B_halt : "P2 tp \<Longrightarrow> \<exists> stp. let (s, tp') = steps (Suc 0, tp) B stp in s = 0 \<and> Q2 tp'"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	315	and A_uhalt : "P3 tp \<Longrightarrow> \<not> (\<exists> stp. is_final (steps (Suc 0, tp) A stp))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	316	and B_uhalt: "P4 tp \<Longrightarrow> \<not> (\<exists> stp. is_final (steps (Suc 0, tp) B stp))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	317	begin
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	318
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	319
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	320	text {*
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	321	The following lemma tries to derive the Hoare logic rule for sequentially combined TMs.
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	322	It deals with the situtation when both @{text "A"} and @{text "B"} are terminated.
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	323	*}
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	324
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	325
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	326
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	327	lemma t_merge_uhalt_tmp:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	328	assumes B_uh: "\<forall>stp. \<not> is_final (steps (Suc 0, b, c) B stp)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	329	and merge_ah: "steps (Suc 0, tp) (A \|+\| B) stpa = (Suc (length A div 2), b, c)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	330	shows "\<forall> stp. \<not> is_final (steps (Suc 0, tp) (A \|+\| B) stp)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	331	using B_uh merge_ah
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	332	apply(rule_tac allI)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	333	apply(case_tac "stp > stpa")
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	334	apply(erule_tac x = "stp - stpa" in allE)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	335	apply(case_tac "(steps (Suc 0, b, c) B (stp - stpa))", simp)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	336	proof -
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	337	fix stp a ba ca
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	338	assume h1: "\<not> is_final (a, ba, ca)" "stpa < stp"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	339	and h2: "steps (Suc 0, b, c) B (stp - stpa) = (a, ba, ca)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	340	have "steps (Suc 0 + length A div 2, b, c) (A \|+\| B) (stp - stpa) =
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	341	(if a = 0 then 0 else a + length A div 2, ba, ca)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	342	using A_wf B_wf h2
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	343	by(rule_tac t_merge_snd_eq_steps, auto)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	344	moreover have "a > 0" using h1 by(simp add: is_final_def)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	345	moreover have "\<exists> stpb. stp = stpa + stpb"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	346	using h1 by(rule_tac x = "stp - stpa" in exI, simp)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	347	ultimately show "\<not> is_final (steps (Suc 0, tp) (A \|+\| B) stp)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	348	using merge_ah
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	349	by(auto simp: steps_add is_final_def)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	350	next
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	351	fix stp
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	352	assume h: "steps (Suc 0, tp) (A \|+\| B) stpa = (Suc (length A div 2), b, c)" "\<not> stpa < stp"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	353	hence "\<exists> stpb. stpa = stp + stpb" apply(rule_tac x = "stpa - stp" in exI, auto) done
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	354	thus "\<not> is_final (steps (Suc 0, tp) (A \|+\| B) stp)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	355	using h
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	356	apply(auto)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	357	apply(cases "steps (Suc 0, tp) (A \|+\| B) stp", simp add: steps_add is_final_def steps_0)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	358	done
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	359	qed
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	360
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	361	text {*
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	362	The following lemma deals with the situation when TM @{text "B"} can not terminate.
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	363	*}
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	364
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	365	lemma t_merge_uhalt:
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	366	assumes aimpb: "Q1 \<mapsto> P4"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	367	shows "P1 \<mapsto> \<lambda> tp. \<not> (\<exists> stp. is_final (steps (Suc 0, tp) (A \|+\| B) stp))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	368	proof(simp only: assert_imp_def, rule_tac allI, rule_tac impI)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	369	fix tp
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	370	assume init_asst: "P1 tp"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	371	show "\<not> (\<exists>stp. is_final (steps (Suc 0, tp) (A \|+\| B) stp))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	372	proof -
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	373	have "\<exists> stp. let (s, tp') = steps (Suc 0, tp) A stp in s = 0 \<and> Q1 tp'"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	374	using A_halt[of tp] init_asst
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	375	by(simp)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	376	from this obtain stpx where "let (s, tp') = steps (Suc 0, tp) A stpx in s = 0 \<and> Q1 tp'" ..
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	377	thus "?thesis"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	378	proof(cases "steps (Suc 0, tp) A stpx", simp, erule_tac conjE)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	379	fix a b c
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	380	assume "Q1 (b, c)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	381	and h3: "steps (Suc 0, tp) A stpx = (0, b, c)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	382	hence h2: "P4 (b, c)" using aimpb
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	383	by(simp add: assert_imp_def)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	384	have "\<exists> stp. steps (Suc 0, tp) (A \|+\| B) stp = (Suc (length A div 2), b, c)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	385	using h3 A_wf B_wf
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	386	apply(rule_tac stp = stpx in t_merge_pre_halt_same, auto)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	387	done
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	388	from this obtain stpa where h4:"steps (Suc 0, tp) (A \|+\| B) stpa = (Suc (length A div 2), b, c)" ..
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	389	have " \<not> (\<exists> stp. is_final (steps (Suc 0, b, c) B stp))"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	390	using B_uhalt [of "(b, c)"] h2 apply simp
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	391	done
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	392	from this and h4 show "\<forall>stp. \<not> is_final (steps (Suc 0, tp) (A \|+\| B) stp)"
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	393	by(rule_tac t_merge_uhalt_tmp, auto)
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	394	qed
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	395	qed
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	396	qed
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	397	end
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	398
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	399	end
a95987e9c7e9 added test about hoare triples Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	400

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sun, 13 Jan 2013 23:59:29 +0000
changeset 41	6d89ed67ba27
parent 40	a37a21f7ccf4
child 43	a8785fa80278
permissions	-rw-r--r--