| author | Christian Urban <urbanc@in.tum.de> |
| Thu, 10 Jan 2019 12:48:43 +0000 | |
| changeset 293 | 8b55240e12c6 |
| parent 232 | 8f89170bb076 |
| permissions | -rw-r--r-- |
|
232
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
header {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
{\em abacus} a kind of register machine
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
4 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
theory abacus |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
imports Main StateMonad |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
7 |
begin |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
9 |
text {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
{\em Abacus} instructions:
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
11 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
datatype abc_inst = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
-- {* @{text "Inc n"} increments the memory cell (or register)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
15 |
with address @{text "n"} by one.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
16 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
17 |
Inc nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
18 |
-- {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
19 |
@{text "Dec n label"} decrements the memory cell with address @{text "n"} by one.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
20 |
If cell @{text "n"} is already zero, no decrements happens and the executio jumps to
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
21 |
the instruction labeled by @{text "label"}.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
22 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
23 |
| Dec nat nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
24 |
-- {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
25 |
@{text "Goto label"} unconditionally jumps to the instruction labeled by @{text "label"}.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
26 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
| Goto nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
29 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
fun splits :: "'a set \<Rightarrow> ('a set \<times> 'a set) \<Rightarrow> bool"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
31 |
where "splits s (u, v) = (u \<union> v = s \<and> u \<inter> v = {})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
32 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
33 |
declare splits.simps [simp del] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
34 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
35 |
definition "stimes p q = {s . \<exists> u v. u \<in> p \<and> v \<in> q \<and> splits s (u, v)}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
36 |
lemmas st_def = stimes_def[unfolded splits.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
37 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
notation stimes (infixr "*" 70) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
39 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
lemma stimes_comm: "(p::('a set set)) * q = q * p"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
by (unfold st_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
43 |
lemma splits_simp: "splits s (u, v) = (v = (s - u) \<and> v \<subseteq> s \<and> u \<subseteq> s)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
44 |
by (unfold splits.simps, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
45 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
46 |
lemma stimes_assoc: "p * q * r = (p * q) * (r::'a set set)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
47 |
by (unfold st_def, blast) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
48 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
49 |
definition |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
50 |
"emp = {{}}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
51 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
52 |
lemma emp_unit_r [simp]: "p * emp = p" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
53 |
by (unfold st_def emp_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
54 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
55 |
lemma emp_unit_l [simp]: "emp * p = p" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
56 |
by (metis emp_unit_r stimes_comm) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
57 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
lemma stimes_mono: "p \<subseteq> q \<Longrightarrow> p * r \<subseteq> q * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
by (unfold st_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
60 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
61 |
lemma stimes_left_commute: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
62 |
"(q * (p * r)) = ((p::'a set set) * (q * r))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
63 |
by (metis stimes_assoc stimes_comm) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
64 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
65 |
lemmas stimes_ac = stimes_comm stimes_assoc stimes_left_commute |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
lemma "x * y * z = z * y * (x::'a set set)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
68 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
69 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
70 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
71 |
definition pasrt :: "bool \<Rightarrow> ('a set set)" ("<_>" [71] 71)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
72 |
where "pasrt b = {s . s = {} \<and> b}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
73 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
74 |
datatype apg = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
75 |
Instr abc_inst |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
76 |
| Label nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
77 |
| Seq apg apg |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
78 |
| Local "(nat \<Rightarrow> apg)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
79 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
80 |
abbreviation prog_instr :: "abc_inst \<Rightarrow> apg" ("\<guillemotright>_" [61] 61)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
81 |
where "\<guillemotright>i \<equiv> Instr i" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
82 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
83 |
abbreviation prog_seq :: "apg \<Rightarrow> apg \<Rightarrow> apg" (infixr ";" 52) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
84 |
where "c1 ; c2 \<equiv> Seq c1 c2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
85 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
86 |
type_synonym aconf = "((nat \<rightharpoonup> abc_inst) \<times> nat \<times> (nat \<rightharpoonup> nat) \<times> nat)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
87 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
88 |
fun astep :: "aconf \<Rightarrow> aconf" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
where "astep (prog, pc, m, faults) = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
(case (prog pc) of |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
Some (Inc i) \<Rightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
92 |
case m(i) of |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
Some n \<Rightarrow> (prog, pc + 1, m(i:= Some (n + 1)), faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
| None \<Rightarrow> (prog, pc, m, faults + 1) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
| Some (Dec i e) \<Rightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
96 |
case m(i) of |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
97 |
Some n \<Rightarrow> if (n = 0) then (prog, e, m, faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
98 |
else (prog, pc + 1, m(i:= Some (n - 1)), faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
99 |
| None \<Rightarrow> (prog, pc, m, faults + 1) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
100 |
| Some (Goto pc') \<Rightarrow> (prog, pc', m, faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
101 |
| None \<Rightarrow> (prog, pc, m, faults + 1))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
102 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
103 |
definition "run n = astep ^^ n" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
105 |
datatype aresource = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
106 |
M nat nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
107 |
| C nat abc_inst |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
108 |
| At nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
109 |
| Faults nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
110 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
111 |
definition "prog_set prog = {C i inst | i inst. prog i = Some inst}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
112 |
definition "pc_set pc = {At pc}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
113 |
definition "mem_set m = {M i n | i n. m (i) = Some n} "
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
114 |
definition "faults_set faults = {Faults faults}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
115 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
116 |
lemmas cpn_set_def = prog_set_def pc_set_def mem_set_def faults_set_def |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
117 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
118 |
fun rset_of :: "aconf \<Rightarrow> aresource set" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
119 |
where "rset_of (prog, pc, m, faults) = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
120 |
prog_set prog \<union> pc_set pc \<union> mem_set m \<union> faults_set faults" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
121 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
122 |
definition "pc l = {pc_set l}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
123 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
124 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
125 |
definition "m a v = {{M a v}}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
126 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
127 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
128 |
declare rset_of.simps[simp del] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
129 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
130 |
type_synonym assert = "aresource set set" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
131 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
132 |
primrec assemble_to :: "apg \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> assert" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
134 |
"assemble_to (Instr ai) i j = ({{C i ai}} * <(j = i + 1)>)" |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
135 |
"assemble_to (Seq p1 p2) i j = (\<Union> j'. (assemble_to p1 i j') * (assemble_to p2 j' j))" | |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
136 |
"assemble_to (Local fp) i j = (\<Union> l. (assemble_to (fp l) i j))" | |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
137 |
"assemble_to (Label l) i j = <(i = j \<and> j = l)>" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
138 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
139 |
abbreviation asmb_to :: "nat \<Rightarrow> apg \<Rightarrow> nat \<Rightarrow> assert" ("_ :[ _ ]: _" [60, 60, 60] 60)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
140 |
where "i :[ apg ]: j \<equiv> assemble_to apg i j" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
141 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
142 |
lemma stimes_sgD: "s \<in> {x} * q \<Longrightarrow> (s - x) \<in> q \<and> x \<subseteq> s"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
143 |
apply (unfold st_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
144 |
by (smt Diff_disjoint Un_Diff_cancel2 Un_Int_distrib |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
145 |
Un_commute Un_empty_right Un_left_absorb) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
146 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
147 |
lemma pcD: "rset_of (prog, i', mem, fault) \<in> pc i * r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
148 |
\<Longrightarrow> i' = i" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
149 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
150 |
assume "rset_of (prog, i', mem, fault) \<in> pc i * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
151 |
from stimes_sgD [OF this[unfolded pc_def], unfolded rset_of.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
152 |
have "pc_set i \<subseteq> prog_set prog \<union> pc_set i' \<union> mem_set mem \<union> faults_set fault" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
153 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
155 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
156 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
157 |
lemma codeD: "rset_of (prog, pos, mem, fault) \<in> pc i * {{C i inst}} * r
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
158 |
\<Longrightarrow> prog pos = Some inst" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
159 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
160 |
assume h: "rset_of (prog, pos, mem, fault) \<in> pc i * {{C i inst}} * r" (is "?c \<in> ?X")
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
161 |
from pcD[OF this] have "i = pos" by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
162 |
with h show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
163 |
by (unfold rset_of.simps st_def pc_def prog_set_def |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
164 |
pc_set_def mem_set_def faults_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
165 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
166 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
167 |
lemma memD: "rset_of (prog, pos, mem, fault) \<in> (m a v) * r \<Longrightarrow> mem a = Some v" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
168 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
169 |
assume "rset_of (prog, pos, mem, fault) \<in> (m a v) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
170 |
from stimes_sgD[OF this[unfolded rset_of.simps cpn_set_def m_def]] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
171 |
have "{M a v} \<subseteq> {C i inst |i inst. prog i = Some inst} \<union>
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
172 |
{At pos} \<union> {M i n |i n. mem i = Some n} \<union> {Faults fault}" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
173 |
thus ?thesis by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
174 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
175 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
176 |
definition |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
177 |
Hoare_abc :: "assert \<Rightarrow> assert \<Rightarrow> assert \<Rightarrow> bool" ("({(1_)}/ (_)/ {(1_)})" 50)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
178 |
where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
179 |
"{p} c {q} \<equiv> (\<forall> s r. (rset_of s) \<in> (p*c*r) \<longrightarrow>
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
180 |
(\<exists> k. ((rset_of (run k s)) \<in> (q*c*r))))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
181 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
182 |
definition "dec_fun v j e = (if (v = 0) then (e, v) else (j, v - 1))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
183 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
184 |
lemma disj_Diff: "a \<inter> b = {} \<Longrightarrow> a \<union> b - b = a"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
185 |
by (metis (lifting) Diff_cancel Un_Diff Un_Diff_Int) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
186 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
187 |
lemma diff_pc_set: "prog_set aa \<union> pc_set i \<union> mem_set ab \<union> faults_set b - pc_set i = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
188 |
prog_set aa \<union> mem_set ab \<union> faults_set b" (is "?L = ?R") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
189 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
have "?L = (prog_set aa \<union> mem_set ab \<union> faults_set b \<union> pc_set i) - pc_set i" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
191 |
by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
192 |
also have "\<dots> = ?R" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
193 |
proof(rule disj_Diff) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
194 |
show " (prog_set aa \<union> mem_set ab \<union> faults_set b) \<inter> pc_set i = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
195 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
196 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
197 |
finally show ?thesis . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
198 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
199 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
200 |
lemma M_in_simp: "({M a v} \<subseteq> prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f) =
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
201 |
({M a v} \<subseteq> mem_set mem)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
202 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
203 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
204 |
lemma mem_set_upd: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
205 |
"{M a v} \<subseteq> mem_set mem \<Longrightarrow> mem_set (mem(a:=Some v')) = ((mem_set mem) - {M a v}) \<union> {M a v'}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
206 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
207 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
208 |
lemma mem_set_disj: "{M a v} \<subseteq> mem_set mem \<Longrightarrow> {M a v'} \<inter> (mem_set mem - {M a v}) = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
209 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
210 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
211 |
lemma stimesE: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
212 |
assumes h: "s \<in> x * y" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
213 |
obtains s1 s2 where "s = s1 \<union> s2" and "s1 \<inter> s2 = {}" and "s1 \<in> x" and "s2 \<in> y"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
214 |
by (insert h, auto simp:st_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
215 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
216 |
lemma stimesI: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
217 |
"\<lbrakk>s = s1 \<union> s2; s1 \<inter> s2 = {}; s1 \<in> x; s2 \<in> y\<rbrakk> \<Longrightarrow> s \<in> x * y"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
218 |
by (auto simp:st_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
219 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
220 |
lemma smem_upd: "(rset_of (x, y, mem, f)) \<in> (m a v)*r \<Longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
221 |
(rset_of (x, y, mem(a := Some v'), f) \<in> (m a v')*r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
222 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
223 |
assume h: " rset_of (x, y, mem, f) \<in> m a v * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
224 |
from h[unfolded rset_of.simps m_def] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
225 |
have "prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f \<in> {{M a v}} * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
226 |
from stimes_sgD [OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
227 |
have h1: "prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f - {M a v} \<in> r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
228 |
"{M a v} \<subseteq> prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
229 |
moreover have "prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f - {M a v} =
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
230 |
prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
231 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
232 |
ultimately have h0: "prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f \<in> r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
233 |
by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
234 |
from h1(2) and M_in_simp have "{M a v} \<subseteq> mem_set mem" by simp
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
235 |
from mem_set_upd [OF this] mem_set_disj[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
236 |
have h2: "mem_set (mem(a \<mapsto> v')) = {M a v'} \<union> (mem_set mem - {M a v})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
237 |
"{M a v'} \<inter> (mem_set mem - {M a v}) = {}" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
238 |
show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
239 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
240 |
have "mem_set (mem(a \<mapsto> v')) \<union> prog_set x \<union> pc_set y \<union> faults_set f \<in> m a v' * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
241 |
proof(rule stimesI[OF _ _ _ h0]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
242 |
show "{M a v'} \<in> m a v'" by (unfold m_def, auto)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
243 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
244 |
show "mem_set (mem(a \<mapsto> v')) \<union> prog_set x \<union> pc_set y \<union> faults_set f = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
245 |
{M a v'} \<union> (prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
246 |
apply (unfold h2(1)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
247 |
by (smt Un_commute Un_insert_left Un_insert_right |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
248 |
Un_left_commute |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
249 |
`prog_set x \<union> pc_set y \<union> mem_set mem \<union> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
250 |
faults_set f - {M a v} =prog_set x \<union> pc_set y
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
251 |
\<union> (mem_set mem - {M a v}) \<union> faults_set f`)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
252 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
253 |
from h2(2) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
254 |
show "{M a v'} \<inter> (prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f) = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
255 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
256 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
257 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
258 |
apply (unfold rset_of.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
259 |
by (metis `mem_set (mem(a \<mapsto> v')) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
260 |
\<union> prog_set x \<union> pc_set y \<union> faults_set f \<in> m a v' * r` |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
261 |
stimes_comm sup_commute sup_left_commute) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
262 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
263 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
264 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
265 |
lemma spc_upd: "rset_of (x, i, y, z) \<in> pc i' * r \<Longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
266 |
rset_of (x, i'', y, z) \<in> pc i'' * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
267 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
268 |
assume h: "rset_of (x, i, y, z) \<in> pc i' * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
269 |
from stimes_sgD [OF h[unfolded rset_of.simps pc_set_def pc_def]] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
270 |
have h1: "prog_set x \<union> {At i} \<union> mem_set y \<union> faults_set z - {At i'} \<in> r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
271 |
"{At i'} \<subseteq> prog_set x \<union> {At i} \<union> mem_set y \<union> faults_set z" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
272 |
from h1(2) have eq_i: "i' = i" by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
273 |
have "prog_set x \<union> {At i} \<union> mem_set y \<union> faults_set z - {At i'} =
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
274 |
prog_set x \<union> mem_set y \<union> faults_set z " |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
275 |
apply (unfold eq_i) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
276 |
by (metis (full_types) Un_insert_left Un_insert_right |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
277 |
diff_pc_set faults_set_def insert_commute insert_is_Un |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
278 |
pc_set_def sup_assoc sup_bot_left sup_commute) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
279 |
with h1(1) have in_r: "prog_set x \<union> mem_set y \<union> faults_set z \<in> r" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
280 |
show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
281 |
proof(unfold rset_of.simps, rule stimesI[OF _ _ _ in_r]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
282 |
show "{At i''} \<in> pc i''" by (unfold pc_def pc_set_def, simp)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
283 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
284 |
show "prog_set x \<union> pc_set i'' \<union> mem_set y \<union> faults_set z = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
285 |
{At i''} \<union> (prog_set x \<union> mem_set y \<union> faults_set z)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
286 |
by (unfold pc_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
287 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
288 |
show "{At i''} \<inter> (prog_set x \<union> mem_set y \<union> faults_set z) = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
289 |
by (auto simp:cpn_set_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
290 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
291 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
292 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
293 |
lemma condD: "s \<in> <b>*r \<Longrightarrow> b" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
294 |
by (unfold st_def pasrt_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
295 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
296 |
lemma condD1: "s \<in> <b>*r \<Longrightarrow> s \<in> r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
297 |
by (unfold st_def pasrt_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
298 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
299 |
lemma hoare_dec_suc: "{(pc i * m a v) * <(v > 0)>}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
300 |
i:[\<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
301 |
{pc j * m a (v - 1)}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
302 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
303 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
304 |
assume h: "rset_of (prog, i', ab, b) \<in> ((pc i * m a v) * <(0 < v)>) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
305 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
306 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> (pc j * m a (v - 1)) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
307 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
308 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
309 |
have h1: "?r \<in> pc i * {{C i (Dec a e)}} * m a v * <(0 < v)> * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
310 |
"?r \<in> m a v * pc i * {{C i (Dec a e)}} * <(0 < v)> * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
311 |
"?r \<in> <(0 < v)> * <(j = i + 1)> * m a v * pc i * {{C i (Dec a e)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
312 |
"?r \<in> <(j = i + 1)> * <(0 < v)> * m a v * pc i * {{C i (Dec a e)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
313 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
314 |
note h2 = condD [OF h1(3)] condD[OF h1(4)] pcD[OF h1(1)] codeD[OF h1(1)] memD[OF h1(2)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
315 |
hence stp: "run 1 (prog, i', ab, b) = (prog, Suc i, ab(a \<mapsto> v - Suc 0), b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
316 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
317 |
have "rset_of ?x \<in> (pc j * m a (v - 1)) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
318 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
319 |
have "rset_of ?y \<in> (pc j * m a (v - 1)) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
320 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
321 |
from spc_upd[OF h1(1), of "Suc i"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
322 |
have "rset_of (prog, (Suc i), ab, b) \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
323 |
m a v * pc (Suc i) * {{C i (Dec a e)}} * <(0 < v)> * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
324 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
325 |
from smem_upd[OF this, of "v - (Suc 0)"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
326 |
have "rset_of ?y \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
327 |
m a (v - Suc 0) * pc (Suc i) * {{C i (Dec a e)}} * <(0 < v)> * <(j = i + 1)> * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
328 |
hence "rset_of ?y \<in> <(0 < v)> * |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
329 |
(pc (Suc i) * m a (v - Suc 0)) * ({{C i (Dec a e)}} * <(j = i + 1)>) * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
330 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
331 |
from condD1[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
332 |
have "rset_of ?y \<in> (pc (Suc i) * m a (v - Suc 0)) * ({{C i (Dec a e)}} * <(j = i + 1)>) * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
333 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
334 |
by (unfold h2(2) assemble_to.simps, simp) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
335 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
336 |
with stp show ?thesis by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
337 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
338 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
339 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
340 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
341 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
342 |
lemma hoare_dec_fail: "{pc i * m a 0}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
343 |
i:[ \<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
344 |
{pc e * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
345 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
346 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
347 |
assume h: "rset_of (prog, i', ab, b) \<in> (pc i * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
348 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
349 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> (pc e * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
350 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
351 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
352 |
have h1: "?r \<in> pc i * {{C i (Dec a e)}} * m a 0 * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
353 |
"?r \<in> m a 0 * pc i * {{C i (Dec a e)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
354 |
"?r \<in> <(j = i + 1)> * m a 0 * pc i * {{C i (Dec a e)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
355 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
356 |
note h2 = condD [OF h1(3)] pcD[OF h1(1)] codeD[OF h1(1)] memD[OF h1(2)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
357 |
hence stp: "run 1 (prog, i', ab, b) = (prog, e, ab, b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
358 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
359 |
have "rset_of ?x \<in> (pc e * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
360 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
361 |
have "rset_of ?y \<in> (pc e * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
362 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
363 |
from spc_upd[OF h1(1), of "e"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
364 |
have "rset_of ?y \<in> pc e * {{C i (Dec a e)}} * m a 0 * <(j = i + 1)> * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
365 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
366 |
by (unfold assemble_to.simps, metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
367 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
368 |
with stp show ?thesis by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
369 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
370 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
371 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
372 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
373 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
374 |
lemma pasrtD_p: "\<lbrakk>{p*<b>} c {q}\<rbrakk> \<Longrightarrow> (b \<longrightarrow> {p} c {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
375 |
apply (unfold Hoare_abc_def pasrt_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
376 |
by (fold emp_def, simp add:emp_unit_r) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
377 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
378 |
lemma hoare_dec: "dec_fun v j e = (pc', v') \<Longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
379 |
{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
380 |
i:[ \<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
381 |
{pc pc' * m a v'}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
382 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
383 |
assume "dec_fun v j e = (pc', v')" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
384 |
thus "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
385 |
i:[ \<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
386 |
{pc pc' * m a v'}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
387 |
apply (auto split:if_splits simp:dec_fun_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
388 |
apply (insert hoare_dec_fail, auto)[1] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
389 |
apply (insert hoare_dec_suc, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
390 |
apply (atomize) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
391 |
apply (erule_tac x = i in allE, erule_tac x = a in allE, |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
392 |
erule_tac x = v in allE, erule_tac x = e in allE, erule_tac x = pc' in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
393 |
by (drule_tac pasrtD_p, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
394 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
395 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
396 |
lemma hoare_inc: "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
397 |
i:[ \<guillemotright>(Inc a) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
398 |
{pc j * m a (v + 1)}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
399 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
400 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
401 |
assume h: "rset_of (prog, i', ab, b) \<in> (pc i * m a v) * (i :[ \<guillemotright>Inc a ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
402 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
403 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> (pc j * m a (v + 1)) * (i :[ \<guillemotright>Inc a ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
404 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
405 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
406 |
have h1: "?r \<in> pc i * {{C i (Inc a)}} * m a v * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
407 |
"?r \<in> m a v * pc i * {{C i (Inc a)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
408 |
"?r \<in> <(j = i + 1)> * m a v * pc i * {{C i (Inc a)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
409 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
410 |
note h2 = condD [OF h1(3)] pcD[OF h1(1)] codeD[OF h1(1)] memD[OF h1(2)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
411 |
hence stp: "run 1 (prog, i', ab, b) = (prog, Suc i, ab(a \<mapsto> Suc v), b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
412 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
413 |
have "rset_of ?x \<in> (pc j * m a (v + 1)) * (i :[ \<guillemotright>Inc a]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
414 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
415 |
have "rset_of ?y \<in> (pc j * m a (v + 1)) * (i :[ \<guillemotright>Inc a ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
416 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
417 |
from spc_upd[OF h1(1), of "Suc i"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
418 |
have "rset_of (prog, (Suc i), ab, b) \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
419 |
m a v * pc (Suc i) * {{C i (Inc a)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
420 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
421 |
from smem_upd[OF this, of "Suc v"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
422 |
have "rset_of ?y \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
423 |
m a (v + 1) * pc (i + 1) * {{C i (Inc a)}} * <(j = i + 1)> * r" by simp
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
424 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
425 |
by (unfold h2(1) assemble_to.simps, metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
426 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
427 |
with stp show ?thesis by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
428 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
429 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
430 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
431 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
432 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
433 |
lemma hoare_goto: "{pc i}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
434 |
i:[ \<guillemotright>(Goto e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
435 |
{pc e}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
436 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
437 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
438 |
assume h: "rset_of (prog, i', ab, b) \<in> pc i * (i :[ \<guillemotright>Goto e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
439 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
440 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> pc e * (i :[ \<guillemotright>Goto e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
441 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
442 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
443 |
have h1: "?r \<in> pc i * {{C i (Goto e)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
444 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
445 |
note h2 = pcD[OF h1(1)] codeD[OF h1(1)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
446 |
hence stp: "run 1 (prog, i', ab, b) = (prog, e, ab, b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
447 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
448 |
have "rset_of ?x \<in> pc e * (i :[ \<guillemotright>Goto e]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
449 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
450 |
from spc_upd[OF h1(1), of "e"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
451 |
show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
452 |
by (unfold stp assemble_to.simps, metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
453 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
454 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
455 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
456 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
457 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
458 |
no_notation stimes (infixr "*" 70) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
459 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
460 |
interpretation foo: comm_monoid_mult |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
461 |
"stimes :: 'a set set => 'a set set => 'a set set" "emp::'a set set" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
462 |
apply(default) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
463 |
apply(simp add: stimes_assoc) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
464 |
apply(simp add: stimes_comm) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
465 |
apply(simp add: emp_def[symmetric]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
466 |
done |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
467 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
468 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
469 |
notation stimes (infixr "*" 70) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
470 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
471 |
(*used by simplifier for numbers *) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
472 |
thm mult_cancel_left |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
473 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
474 |
(* |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
475 |
interpretation foo: comm_ring_1 "op * :: 'a set set => 'a set set => 'a set set" "{{}}::'a set set"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
476 |
apply(default) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
477 |
*) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
478 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
479 |
lemma frame: "{p} c {q} \<Longrightarrow> \<forall> r. {p * r} c {q * r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
480 |
apply (unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
481 |
apply (erule_tac x = "(a, aa, ab, b)" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
482 |
apply (erule_tac x = "r * ra" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
483 |
apply(metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
484 |
done |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
485 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
486 |
lemma code_extension: "\<lbrakk>{p} c {q}\<rbrakk> \<Longrightarrow> (\<forall> e. {p} c * e {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
487 |
apply (unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
488 |
apply (erule_tac x = "(a, aa, ab, b)" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
489 |
apply (erule_tac x = "e * r" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
490 |
apply(metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
491 |
done |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
492 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
493 |
lemma run_add: "run (n1 + n2) s = run n1 (run n2 s)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
494 |
apply (unfold run_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
495 |
by (metis funpow_add o_apply) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
496 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
497 |
lemma composition: "\<lbrakk>{p} c1 {q}; {q} c2 {r}\<rbrakk> \<Longrightarrow> {p} c1 * c2 {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
498 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
499 |
assume h: "{p} c1 {q}" "{q} c2 {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
500 |
from code_extension [OF h(1), rule_format, of "c2"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
501 |
have "{p} c1 * c2 {q}" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
502 |
moreover from code_extension [OF h(2), rule_format, of "c1"] and stimes_comm |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
503 |
have "{q} c1 * c2 {r}" by metis
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
504 |
ultimately show "{p} c1 * c2 {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
505 |
apply (unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
506 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
507 |
fix a aa ab b ra |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
508 |
assume h1: "\<forall>s r. rset_of s \<in> p * (c1 * c2) * r \<longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
509 |
(\<exists>k. rset_of (run k s) \<in> q * (c1 * c2) * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
510 |
and h2: "\<forall>s ra. rset_of s \<in> q * (c1 * c2) * ra \<longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
511 |
(\<exists>k. rset_of (run k s) \<in> r * (c1 * c2) * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
512 |
and h3: "rset_of (a, aa, ab, b) \<in> p * (c1 * c2) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
513 |
show "\<exists>k. rset_of (run k (a, aa, ab, b)) \<in> r * (c1 * c2) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
514 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
515 |
let ?s = "(a, aa, ab, b)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
516 |
from h1 [rule_format, of ?s, OF h3] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
517 |
obtain n1 where "rset_of (run n1 ?s) \<in> q * (c1 * c2) * ra" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
518 |
from h2 [rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
519 |
obtain n2 where "rset_of (run n2 (run n1 ?s)) \<in> r * (c1 * c2) * ra" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
520 |
with run_add show ?thesis by metis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
521 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
522 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
523 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
524 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
525 |
lemma stimes_simp: "s \<in> x * y = (\<exists> s1 s2. (s = s1 \<union> s2 \<and> s1 \<inter> s2 = {} \<and> s1 \<in> x \<and> s2 \<in> y))"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
526 |
by (metis (lifting) stimesE stimesI) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
527 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
528 |
lemma hoare_seq: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
529 |
"\<lbrakk>\<forall> i j. {pc i * p} i:[c1]:j {pc j * q};
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
530 |
\<forall> j k. {pc j * q} j:[c2]:k {pc k * r}\<rbrakk> \<Longrightarrow> {pc i * p} i:[(c1 ; c2)]:k {pc k *r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
531 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
532 |
assume h: "\<forall>i j. {pc i * p} i :[ c1 ]: j {pc j * q}" "\<forall> j k. {pc j * q} j:[c2]:k {pc k * r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
533 |
show "{pc i * p} i:[(c1 ; c2)]:k {pc k *r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
534 |
proof(subst Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
535 |
fix a aa ab b ra |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
536 |
assume "rset_of (a, aa, ab, b) \<in> (pc i * p) * (i :[ (c1 ; c2) ]: k) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
537 |
hence "rset_of (a, aa, ab, b) \<in> (i :[ (c1 ; c2) ]: k) * (pc i * p * ra)" (is "?s \<in> ?X * ?Y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
538 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
539 |
from stimesE[OF this] obtain s1 s2 where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
540 |
sp: "rset_of(a, aa, ab, b) = s1 \<union> s2" "s1 \<inter> s2 = {}" "s1 \<in> ?X" "s2 \<in> ?Y" by blast
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
541 |
from sp (3) obtain j' where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
542 |
"s1 \<in> (i:[c1]:j') * (j':[c2]:k)" (is "s1 \<in> ?Z") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
543 |
by (auto simp:assemble_to.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
544 |
from stimesI[OF sp(1, 2) this sp(4)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
545 |
have "?s \<in> (pc i * p) * (i :[ c1 ]: j') * (j' :[ c2 ]: k) * ra" by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
546 |
from h(1)[unfolded Hoare_abc_def, rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
547 |
obtain ka where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
548 |
"rset_of (run ka (a, aa, ab, b)) \<in> (pc j' * q) * (j' :[ c2 ]: k) * ((i :[ c1 ]: j') * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
549 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
550 |
from h(2)[unfolded Hoare_abc_def, rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
551 |
obtain kb where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
552 |
"rset_of (run kb (run ka (a, aa, ab, b))) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
553 |
\<in> (pc k * r) * (j' :[ c2 ]: k) * (i :[ c1 ]: j') * ra" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
554 |
hence h3: "rset_of (run (kb + ka) (a, aa, ab, b)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
555 |
\<in> pc k * r * (j' :[ c2 ]: k) * ((i :[ c1 ]: j') * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
556 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
557 |
hence "rset_of (run (kb + ka) (a, aa, ab, b)) \<in> pc k * r * (i :[ (c1 ; c2) ]: k) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
558 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
559 |
have "rset_of (run (kb + ka) (a, aa, ab, b)) \<in> (i :[ (c1 ; c2) ]: k) * (pc k * r * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
560 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
561 |
from h3 have "rset_of (run (kb + ka) (a, aa, ab, b)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
562 |
\<in> ((j' :[ c2 ]: k) * ((i :[ c1 ]: j'))) * (pc k * r * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
563 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
564 |
then obtain |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
565 |
s1 s2 where h4: "rset_of (run (kb + ka) (a, aa, ab, b)) = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
566 |
" s1 \<inter> s2 = {}" "s1 \<in> (j' :[ c2 ]: k) * (i :[ c1 ]: j')"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
567 |
"s2 \<in> pc k * r * ra" by (rule stimesE, blast) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
568 |
from h4(3) have "s1 \<in> (i :[ (c1 ; c2) ]: k)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
569 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
570 |
from stimesI [OF h4(1, 2) this h4(4)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
571 |
show ?thesis . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
572 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
573 |
thus ?thesis by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
574 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
575 |
thus "\<exists>ka. rset_of (run ka (a, aa, ab, b)) \<in> (pc k * r) * (i :[ (c1 ; c2) ]: k) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
576 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
577 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
578 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
579 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
580 |
lemma hoare_local: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
581 |
"\<forall> l i j. {pc i*p} i:[c(l)]:j {pc j * q}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
582 |
\<Longrightarrow> {pc i * p} i:[Local c]:j {pc j * q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
583 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
584 |
assume h: "\<forall> l i j. {pc i*p} i:[c(l)]:j {pc j * q} "
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
585 |
show "{pc i * p} i:[Local c]:j {pc j * q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
586 |
proof(unfold assemble_to.simps Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
587 |
fix a aa ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
588 |
assume h1: "rset_of (a, aa, ab, b) \<in> (pc i * p) * (\<Union>l. i :[ c l ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
589 |
hence "rset_of (a, aa, ab, b) \<in> (\<Union>l. i :[ c l ]: j) * (pc i * p * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
590 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
591 |
then obtain s1 s2 l |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
592 |
where "rset_of (a, aa, ab, b) = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
593 |
"s1 \<inter> s2 = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
594 |
"s1 \<in> (i :[ c l ]: j)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
595 |
"s2 \<in> pc i * p * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
596 |
by (rule stimesE, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
597 |
from stimesI[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
598 |
have "rset_of (a, aa, ab, b) \<in> (pc i * p) * (i :[ c l ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
599 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
600 |
from h[unfolded Hoare_abc_def, rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
601 |
obtain k where "rset_of (run k (a, aa, ab, b)) \<in> (i :[ c l ]: j) * (pc j * q * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
602 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
603 |
then obtain s1 s2 |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
604 |
where h3: "rset_of (run k (a, aa, ab, b)) = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
605 |
" s1 \<inter> s2 = {}" "s1 \<in> (\<Union> l. (i :[ c l ]: j))" "s2 \<in> pc j * q * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
606 |
by(rule stimesE, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
607 |
from stimesI[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
608 |
show "\<exists>k. rset_of (run k (a, aa, ab, b)) \<in> (pc j * q) * (\<Union>l. i :[ c l ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
609 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
610 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
611 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
612 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
613 |
lemma move_pure: "{p*<b>} c {q} = (b \<longrightarrow> {p} c {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
614 |
proof(unfold Hoare_abc_def, default, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
615 |
fix prog i' mem ft r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
616 |
assume h: "\<forall>s r. rset_of s \<in> (p * <b>) * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
617 |
"b" "rset_of (prog, i', mem, ft) \<in> p * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
618 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
619 |
proof(rule h(1)[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
620 |
have "(p * <b>) * c * r = <b> * p * c * r" by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
621 |
moreover have "rset_of (prog, i', mem, ft) \<in> \<dots>" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
622 |
proof(rule stimesI[OF _ _ _ h(3)]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
623 |
from h(2) show "{} \<in> <b>" by (auto simp:pasrt_def)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
624 |
qed auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
625 |
ultimately show "rset_of (prog, i', mem, ft) \<in> (p * <b>) * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
626 |
by (simp) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
627 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
628 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
629 |
assume h: "b \<longrightarrow> (\<forall>s r. rset_of s \<in> p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
630 |
show "\<forall>s r. rset_of s \<in> (p * <b>) * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
631 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
632 |
{ fix s r
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
633 |
assume "rset_of s \<in> (p * <b>) * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
634 |
hence h1: "rset_of s \<in> <b> * p * c * r" by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
635 |
have "(\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
636 |
proof(rule h[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
637 |
from condD[OF h1] show b . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
638 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
639 |
from condD1[OF h1] show "rset_of s \<in> p * c * r" . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
640 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
641 |
} thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
642 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
643 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
644 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
645 |
lemma precond_ex: "{\<Union> x. p x} c {q} = (\<forall> x. {p x} c {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
646 |
proof(unfold Hoare_abc_def, default, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
647 |
fix x prog i' mem ft r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
648 |
assume h: "\<forall>s r. rset_of s \<in> UNION UNIV p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
649 |
"rset_of (prog, i', mem, ft) \<in> p x * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
650 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
651 |
proof(rule h[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
652 |
from h(2) show "rset_of (prog, i', mem, ft) \<in> UNION UNIV p * c * r" by (auto simp:stimes_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
653 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
654 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
655 |
assume h: "\<forall>x s r. rset_of s \<in> p x * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
656 |
show "\<forall>s r. rset_of s \<in> UNION UNIV p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
657 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
658 |
{ fix s r
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
659 |
assume "rset_of s \<in> UNION UNIV p * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
660 |
then obtain x where "rset_of s \<in> p x * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
661 |
by (unfold st_def, auto, metis) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
662 |
hence "(\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
663 |
by(rule h[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
664 |
} thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
665 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
666 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
667 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
668 |
lemma code_exI: "\<lbrakk>\<And>l. {p} c l * c' {q}\<rbrakk> \<Longrightarrow> {p} (\<Union> l. c l) * c' {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
669 |
proof(unfold Hoare_abc_def, default, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
670 |
fix prog i' mem ft r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
671 |
assume h: "\<And>l. \<forall>s r. rset_of s \<in> p * (c l * c') * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * (c l * c') * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
672 |
"rset_of (prog, i', mem, ft) \<in> p * (UNION UNIV c * c') * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
673 |
show " \<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * (UNION UNIV c * c') * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
674 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
675 |
from h(2) obtain l where "rset_of (prog, i', mem, ft) \<in> p * (c l * c') * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
676 |
apply (unfold st_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
677 |
by metis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
678 |
from h(1)[rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
679 |
obtain k where " rset_of (run k (prog, i', mem, ft)) \<in> q * (c l * c') * r" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
680 |
thus ?thesis by (unfold st_def, auto, metis) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
681 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
682 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
683 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
684 |
lemma code_exIe: "\<lbrakk>\<And>l. {p} c l{q}\<rbrakk> \<Longrightarrow> {p} \<Union> l. (c l) {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
685 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
686 |
assume "\<And>l. {p} c l {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
687 |
thus "{p} \<Union>l. c l {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
688 |
by(rule code_exI[where c'= "emp", unfolded emp_unit_r]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
689 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
690 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
691 |
lemma pre_stren: "\<lbrakk>{p} c {q}; r \<subseteq> p\<rbrakk> \<Longrightarrow> {r} c {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
692 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
693 |
fix prog i' mem ft r' |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
694 |
assume h: "\<forall>s r. rset_of s \<in> p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
695 |
" r \<subseteq> p" " rset_of (prog, i', mem, ft) \<in> r * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
696 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
697 |
proof(rule h(1)[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
698 |
from stimes_mono[OF h(2), of "c * r'"] h(3) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
699 |
show "rset_of (prog, i', mem, ft) \<in> p * c * r'" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
700 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
701 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
702 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
703 |
lemma post_weaken: "\<lbrakk>{p} c {q}; q \<subseteq> r\<rbrakk> \<Longrightarrow> {p} c {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
704 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
705 |
fix prog i' mem ft r' |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
706 |
assume h: "\<forall>s r. rset_of s \<in> p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
707 |
" q \<subseteq> r" "rset_of (prog, i', mem, ft) \<in> p * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
708 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> r * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
709 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
710 |
from h(1)[rule_format, OF h(3)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
711 |
obtain k where "rset_of (run k (prog, i', mem, ft)) \<in> q * c * r'" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
712 |
moreover from h(2) have "\<dots> \<subseteq> r * c * r'" by (metis stimes_mono) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
713 |
ultimately show ?thesis by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
714 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
715 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
716 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
717 |
definition "clear a = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
718 |
Local (\<lambda> start. (Local (\<lambda> exit. Label start; \<guillemotright>Dec a exit; \<guillemotright> Goto start; Label exit)))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
719 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
720 |
lemma "{pc i * m a v} i:[clear a]:j {pc j*m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
721 |
proof (unfold clear_def, rule hoare_local, default+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
722 |
fix l i j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
723 |
show "{pc i * m a v} i :[ Local (\<lambda>exit. Label l ; \<guillemotright>Dec a exit ; \<guillemotright>Goto l ; Label exit) ]: j
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
724 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
725 |
proof(rule hoare_local, default+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
726 |
fix la i j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
727 |
show "{pc i * m a v} i :[ (Label l ; \<guillemotright>Dec a la ; \<guillemotright>Goto l ; Label la) ]: j {pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
728 |
proof(subst assemble_to.simps, rule code_exIe) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
729 |
have "\<And>j'. {pc i * m a v} (j' :[ (\<guillemotright>Dec a la ; \<guillemotright>Goto l ; Label la) ]: j) * (i :[ Label l ]: j')
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
730 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
731 |
proof(subst assemble_to.simps, rule code_exI) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
732 |
fix j' j'a |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
733 |
show "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
734 |
((j' :[ \<guillemotright>Dec a la ]: j'a) * (j'a :[ (\<guillemotright>Goto l ; Label la) ]: j)) * (i :[ Label l ]: j') |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
735 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
736 |
proof(unfold assemble_to.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
737 |
have "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
738 |
((\<Union>j'. ({{C j'a (Goto l)}} * <(j' = j'a + 1)>) * ({{C j' (Dec a la)}} * <(j'a = j' + 1)>)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
739 |
* <(j' = j \<and> j = la)>)) * |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
740 |
<(i = j' \<and> j' = l)> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
741 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
742 |
proof(rule code_exI, fold assemble_to.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
743 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
744 |
thus "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
745 |
(({{C j' (Dec a la)}} * <(j'a = j' + 1)>) *
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
746 |
(\<Union>j'. ({{C j'a (Goto l)}} * <(j' = j'a + 1)>) * <(j' = j \<and> j = la)>)) *
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
747 |
<(i = j' \<and> j' = l)> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
748 |
{pc j * m a 0}" sorry
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
749 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
750 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
751 |
thus "\<And>j'. {pc i * m a v} (i :[ Label l ]: j') * (j' :[ (\<guillemotright>Dec a la ; \<guillemotright>Goto l ; Label la) ]: j)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
752 |
{pc j * m a 0}" by (metis stimes_ac)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
753 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
754 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
755 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
756 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
757 |
end |