| author | Christian Urban <urbanc@in.tum.de> |
| Thu, 10 Jan 2019 12:48:43 +0000 | |
| changeset 293 | 8b55240e12c6 |
| parent 232 | 8f89170bb076 |
| permissions | -rw-r--r-- |
|
232
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
header {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
{\em abacus} a kind of register machine
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
4 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
theory abacus |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
imports Main "../Separation_Algebra/Sep_Tactics" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
7 |
begin |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
9 |
instantiation set :: (type)sep_algebra |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
begin |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
11 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
definition set_zero_def: "0 = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
definition plus_set_def: "s1 + s2 = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
15 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
16 |
definition sep_disj_set_def: "sep_disj s1 s2 = (s1 \<inter> s2 = {})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
17 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
18 |
lemmas set_ins_def = sep_disj_set_def plus_set_def set_zero_def |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
19 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
20 |
instance |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
21 |
apply(default) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
22 |
apply(simp add:set_ins_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
23 |
apply(simp add:sep_disj_set_def plus_set_def set_zero_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
24 |
apply (metis inf_commute) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
25 |
apply(simp add:sep_disj_set_def plus_set_def set_zero_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
26 |
apply(simp add:sep_disj_set_def plus_set_def set_zero_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
apply (metis sup_commute) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
apply(simp add:sep_disj_set_def plus_set_def set_zero_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
29 |
apply (metis (lifting) Un_assoc) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
apply(simp add:sep_disj_set_def plus_set_def set_zero_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
31 |
apply (metis (lifting) Int_Un_distrib Un_empty inf_sup_distrib1 sup_eq_bot_iff) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
32 |
apply(simp add:sep_disj_set_def plus_set_def set_zero_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
33 |
by (metis (lifting) Int_Un_distrib Int_Un_distrib2 sup_eq_bot_iff) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
34 |
end |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
35 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
36 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
37 |
text {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
{\em Abacus} instructions:
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
39 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
datatype abc_inst = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
-- {* @{text "Inc n"} increments the memory cell (or register)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
43 |
with address @{text "n"} by one.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
44 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
45 |
Inc nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
46 |
-- {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
47 |
@{text "Dec n label"} decrements the memory cell with address @{text "n"} by one.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
48 |
If cell @{text "n"} is already zero, no decrements happens and the executio jumps to
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
49 |
the instruction labeled by @{text "label"}.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
50 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
51 |
| Dec nat nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
52 |
-- {*
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
53 |
@{text "Goto label"} unconditionally jumps to the instruction labeled by @{text "label"}.
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
54 |
*} |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
55 |
| Goto nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
56 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
57 |
datatype apg = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
Instr abc_inst |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
| Label nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
60 |
| Seq apg apg |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
61 |
| Local "(nat \<Rightarrow> apg)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
62 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
63 |
notation Local (binder "L " 10) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
64 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
65 |
abbreviation prog_instr :: "abc_inst \<Rightarrow> apg" ("\<guillemotright>_" [61] 61)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
where "\<guillemotright>i \<equiv> Instr i" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
68 |
abbreviation prog_seq :: "apg \<Rightarrow> apg \<Rightarrow> apg" (infixr ";" 52) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
69 |
where "c1 ; c2 \<equiv> Seq c1 c2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
70 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
71 |
type_synonym aconf = "((nat \<rightharpoonup> abc_inst) \<times> nat \<times> (nat \<rightharpoonup> nat) \<times> nat)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
72 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
73 |
fun astep :: "aconf \<Rightarrow> aconf" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
74 |
where "astep (prog, pc, m, faults) = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
75 |
(case (prog pc) of |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
76 |
Some (Inc i) \<Rightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
77 |
case m(i) of |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
78 |
Some n \<Rightarrow> (prog, pc + 1, m(i:= Some (n + 1)), faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
79 |
| None \<Rightarrow> (prog, pc, m, faults + 1) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
80 |
| Some (Dec i e) \<Rightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
81 |
case m(i) of |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
82 |
Some n \<Rightarrow> if (n = 0) then (prog, e, m, faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
83 |
else (prog, pc + 1, m(i:= Some (n - 1)), faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
84 |
| None \<Rightarrow> (prog, pc, m, faults + 1) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
85 |
| Some (Goto pc') \<Rightarrow> (prog, pc', m, faults) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
86 |
| None \<Rightarrow> (prog, pc, m, faults + 1))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
87 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
88 |
definition "run n = astep ^^ n" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
datatype aresource = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
M nat nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
92 |
| C nat abc_inst |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
| At nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
| Faults nat |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
96 |
definition "prog_set prog = {C i inst | i inst. prog i = Some inst}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
97 |
definition "pc_set pc = {At pc}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
98 |
definition "mem_set m = {M i n | i n. m (i) = Some n} "
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
99 |
definition "faults_set faults = {Faults faults}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
100 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
101 |
lemmas cpn_set_def = prog_set_def pc_set_def mem_set_def faults_set_def |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
102 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
103 |
fun rset_of :: "aconf \<Rightarrow> aresource set" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
where "rset_of (prog, pc, m, faults) = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
105 |
prog_set prog \<union> pc_set pc \<union> mem_set m \<union> faults_set faults" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
106 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
107 |
definition "sg e = (\<lambda> s. s = e)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
108 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
109 |
definition "pc l = sg (pc_set l)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
110 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
111 |
definition "m a v =sg ({M a v})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
112 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
113 |
declare rset_of.simps[simp del] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
114 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
115 |
type_synonym assert = "aresource set \<Rightarrow> bool" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
116 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
117 |
primrec assemble_to :: "apg \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> assert" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
118 |
where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
119 |
"assemble_to (Instr ai) i j = (sg ({C i ai}) ** \<langle>(j = i + 1)\<rangle>)" |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
120 |
"assemble_to (Seq p1 p2) i j = (EXS j'. (assemble_to p1 i j') ** (assemble_to p2 j' j))" | |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
121 |
"assemble_to (Local fp) i j = (EXS l. (assemble_to (fp l) i j))" | |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
122 |
"assemble_to (Label l) i j = \<langle>(i = j \<and> j = l)\<rangle>" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
123 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
124 |
abbreviation asmb_to :: "nat \<Rightarrow> apg \<Rightarrow> nat \<Rightarrow> assert" ("_ :[ _ ]: _" [60, 60, 60] 60)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
125 |
where "i :[ apg ]: j \<equiv> assemble_to apg i j" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
126 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
127 |
lemma stimes_sgD: "(sg x ** q) s \<Longrightarrow> q (s - x) \<and> x \<subseteq> s" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
128 |
apply(erule_tac sep_conjE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
129 |
apply(unfold set_ins_def sg_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
130 |
by (metis Diff_Int2 Diff_Int_distrib2 Diff_Un Diff_cancel |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
131 |
Diff_empty Diff_idemp Diff_triv Int_Diff Un_Diff |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
132 |
Un_Diff_cancel inf_commute inf_idem sup_bot_right sup_commute sup_ge2) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
134 |
lemma pcD: "(pc i ** r) (rset_of (prog, i', mem, fault)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
135 |
\<Longrightarrow> i' = i" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
136 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
137 |
assume "(pc i ** r) (rset_of (prog, i', mem, fault))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
138 |
from stimes_sgD [OF this[unfolded pc_def], unfolded rset_of.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
139 |
have "pc_set i \<subseteq> prog_set prog \<union> pc_set i' \<union> mem_set mem \<union> faults_set fault" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
140 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
141 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
142 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
143 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
144 |
lemma codeD: "(pc i ** sg {C i inst} ** r) (rset_of (prog, pos, mem, fault))
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
145 |
\<Longrightarrow> prog pos = Some inst" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
146 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
147 |
assume "(pc i ** sg {C i inst} ** r) (rset_of (prog, pos, mem, fault))"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
148 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
149 |
apply(sep_subst pcD) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
150 |
apply(unfold sep_conj_def set_ins_def sg_def rset_of.simps cpn_set_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
151 |
by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
152 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
153 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
lemma memD: "((m a v) ** r) (rset_of (prog, pos, mem, fault)) \<Longrightarrow> mem a = Some v" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
155 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
156 |
assume "((m a v) ** r) (rset_of (prog, pos, mem, fault))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
157 |
from stimes_sgD[OF this[unfolded rset_of.simps cpn_set_def m_def]] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
158 |
have "{M a v} \<subseteq> {C i inst |i inst. prog i = Some inst} \<union>
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
159 |
{At pos} \<union> {M i n |i n. mem i = Some n} \<union> {Faults fault}" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
160 |
thus ?thesis by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
161 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
162 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
163 |
definition |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
164 |
Hoare_abc :: "assert \<Rightarrow> assert \<Rightarrow> assert \<Rightarrow> bool" ("({(1_)}/ (_)/ {(1_)})" 50)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
165 |
where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
166 |
"{p} c {q} \<equiv> (\<forall> s r. (p**c**r) (rset_of s) \<longrightarrow>
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
167 |
(\<exists> k. ((q ** c ** r) (rset_of (run k s)))))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
168 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
169 |
definition "dec_fun v j e = (if (v = 0) then (e, v) else (j, v - 1))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
170 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
171 |
lemma disj_Diff: "a \<inter> b = {} \<Longrightarrow> a \<union> b - b = a"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
172 |
by (metis (lifting) Diff_cancel Un_Diff Un_Diff_Int) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
173 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
174 |
lemma diff_pc_set: "prog_set aa \<union> pc_set i \<union> mem_set ab \<union> faults_set b - pc_set i = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
175 |
prog_set aa \<union> mem_set ab \<union> faults_set b" (is "?L = ?R") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
176 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
177 |
have "?L = (prog_set aa \<union> mem_set ab \<union> faults_set b \<union> pc_set i) - pc_set i" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
178 |
by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
179 |
also have "\<dots> = ?R" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
180 |
proof(rule disj_Diff) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
181 |
show " (prog_set aa \<union> mem_set ab \<union> faults_set b) \<inter> pc_set i = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
182 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
183 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
184 |
finally show ?thesis . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
185 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
186 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
187 |
lemma M_in_simp: "({M a v} \<subseteq> prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f) =
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
188 |
({M a v} \<subseteq> mem_set mem)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
189 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
191 |
lemma mem_set_upd: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
192 |
"{M a v} \<subseteq> mem_set mem \<Longrightarrow> mem_set (mem(a:=Some v')) = ((mem_set mem) - {M a v}) \<union> {M a v'}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
193 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
194 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
195 |
lemma mem_set_disj: "{M a v} \<subseteq> mem_set mem \<Longrightarrow> {M a v'} \<inter> (mem_set mem - {M a v}) = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
196 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
197 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
198 |
lemma smem_upd: "((m a v) ** r) (rset_of (x, y, mem, f)) \<Longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
199 |
((m a v') ** r) (rset_of (x, y, mem(a := Some v'), f))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
200 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
201 |
have eq_s:" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
202 |
(prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f - {M a v}) =
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
203 |
(prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
204 |
by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
205 |
assume "(m a v \<and>* r) (rset_of (x, y, mem, f))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
206 |
from this[unfolded rset_of.simps m_def] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
207 |
have h: "(sg {M a v} \<and>* r) (prog_set x \<union> pc_set y \<union> mem_set mem \<union> faults_set f)" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
208 |
hence h0: "r (prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
209 |
by(sep_drule stimes_sgD, clarify, unfold eq_s, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
210 |
from h M_in_simp have "{M a v} \<subseteq> mem_set mem"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
211 |
by(sep_drule stimes_sgD, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
212 |
from mem_set_upd [OF this] mem_set_disj[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
213 |
have h2: "mem_set (mem(a \<mapsto> v')) = {M a v'} \<union> (mem_set mem - {M a v})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
214 |
"{M a v'} \<inter> (mem_set mem - {M a v}) = {}" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
215 |
show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
216 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
217 |
have "(m a v' ** r) (mem_set (mem(a \<mapsto> v')) \<union> prog_set x \<union> pc_set y \<union> faults_set f)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
218 |
proof(rule sep_conjI) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
219 |
from h0 show "r (prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f)" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
220 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
221 |
show "m a v' ({M a v'})" by (unfold m_def sg_def, simp)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
222 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
223 |
show "mem_set (mem(a \<mapsto> v')) \<union> prog_set x \<union> pc_set y \<union> faults_set f = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
224 |
{M a v'} + (prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
225 |
by (unfold h2(1) set_ins_def eq_s, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
226 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
227 |
from h2(2) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
228 |
show " {M a v'} ## prog_set x \<union> pc_set y \<union> (mem_set mem - {M a v}) \<union> faults_set f"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
229 |
by (unfold cpn_set_def set_ins_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
230 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
231 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
232 |
apply (unfold rset_of.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
233 |
by (metis sup_commute sup_left_commute) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
234 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
235 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
236 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
237 |
lemma pc_dest: "(pc i') (pc_set i) \<Longrightarrow> i = i'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
238 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
239 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
240 |
lemma spc_upd: "(pc i' ** r) (rset_of (x, i, y, z)) \<Longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
241 |
(pc i'' ** r) (rset_of (x, i'', y, z))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
242 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
243 |
assume h: "rset_of (x, i, y, z) \<in> pc i' * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
244 |
from stimes_sgD [OF h[unfolded rset_of.simps pc_set_def pc_def]] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
245 |
have h1: "prog_set x \<union> {At i} \<union> mem_set y \<union> faults_set z - {At i'} \<in> r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
246 |
"{At i'} \<subseteq> prog_set x \<union> {At i} \<union> mem_set y \<union> faults_set z" by auto
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
247 |
from h1(2) have eq_i: "i' = i" by (unfold cpn_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
248 |
have "prog_set x \<union> {At i} \<union> mem_set y \<union> faults_set z - {At i'} =
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
249 |
prog_set x \<union> mem_set y \<union> faults_set z " |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
250 |
apply (unfold eq_i) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
251 |
by (metis (full_types) Un_insert_left Un_insert_right |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
252 |
diff_pc_set faults_set_def insert_commute insert_is_Un |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
253 |
pc_set_def sup_assoc sup_bot_left sup_commute) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
254 |
with h1(1) have in_r: "prog_set x \<union> mem_set y \<union> faults_set z \<in> r" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
255 |
show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
256 |
proof(unfold rset_of.simps, rule stimesI[OF _ _ _ in_r]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
257 |
show "{At i''} \<in> pc i''" by (unfold pc_def pc_set_def, simp)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
258 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
259 |
show "prog_set x \<union> pc_set i'' \<union> mem_set y \<union> faults_set z = |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
260 |
{At i''} \<union> (prog_set x \<union> mem_set y \<union> faults_set z)"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
261 |
by (unfold pc_set_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
262 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
263 |
show "{At i''} \<inter> (prog_set x \<union> mem_set y \<union> faults_set z) = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
264 |
by (auto simp:cpn_set_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
265 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
266 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
267 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
268 |
lemma condD: "s \<in> <b>*r \<Longrightarrow> b" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
269 |
by (unfold st_def pasrt_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
270 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
271 |
lemma condD1: "s \<in> <b>*r \<Longrightarrow> s \<in> r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
272 |
by (unfold st_def pasrt_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
273 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
274 |
lemma hoare_dec_suc: "{(pc i * m a v) * <(v > 0)>}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
275 |
i:[\<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
276 |
{pc j * m a (v - 1)}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
277 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
278 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
279 |
assume h: "rset_of (prog, i', ab, b) \<in> ((pc i * m a v) * <(0 < v)>) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
280 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
281 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> (pc j * m a (v - 1)) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
282 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
283 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
284 |
have h1: "?r \<in> pc i * {{C i (Dec a e)}} * m a v * <(0 < v)> * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
285 |
"?r \<in> m a v * pc i * {{C i (Dec a e)}} * <(0 < v)> * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
286 |
"?r \<in> <(0 < v)> * <(j = i + 1)> * m a v * pc i * {{C i (Dec a e)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
287 |
"?r \<in> <(j = i + 1)> * <(0 < v)> * m a v * pc i * {{C i (Dec a e)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
288 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
289 |
note h2 = condD [OF h1(3)] condD[OF h1(4)] pcD[OF h1(1)] codeD[OF h1(1)] memD[OF h1(2)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
290 |
hence stp: "run 1 (prog, i', ab, b) = (prog, Suc i, ab(a \<mapsto> v - Suc 0), b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
291 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
292 |
have "rset_of ?x \<in> (pc j * m a (v - 1)) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
293 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
294 |
have "rset_of ?y \<in> (pc j * m a (v - 1)) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
295 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
296 |
from spc_upd[OF h1(1), of "Suc i"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
297 |
have "rset_of (prog, (Suc i), ab, b) \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
298 |
m a v * pc (Suc i) * {{C i (Dec a e)}} * <(0 < v)> * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
299 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
300 |
from smem_upd[OF this, of "v - (Suc 0)"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
301 |
have "rset_of ?y \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
302 |
m a (v - Suc 0) * pc (Suc i) * {{C i (Dec a e)}} * <(0 < v)> * <(j = i + 1)> * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
303 |
hence "rset_of ?y \<in> <(0 < v)> * |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
304 |
(pc (Suc i) * m a (v - Suc 0)) * ({{C i (Dec a e)}} * <(j = i + 1)>) * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
305 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
306 |
from condD1[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
307 |
have "rset_of ?y \<in> (pc (Suc i) * m a (v - Suc 0)) * ({{C i (Dec a e)}} * <(j = i + 1)>) * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
308 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
309 |
by (unfold h2(2) assemble_to.simps, simp) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
310 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
311 |
with stp show ?thesis by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
312 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
313 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
314 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
315 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
316 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
317 |
lemma hoare_dec_fail: "{pc i * m a 0}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
318 |
i:[ \<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
319 |
{pc e * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
320 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
321 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
322 |
assume h: "rset_of (prog, i', ab, b) \<in> (pc i * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
323 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
324 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> (pc e * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
325 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
326 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
327 |
have h1: "?r \<in> pc i * {{C i (Dec a e)}} * m a 0 * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
328 |
"?r \<in> m a 0 * pc i * {{C i (Dec a e)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
329 |
"?r \<in> <(j = i + 1)> * m a 0 * pc i * {{C i (Dec a e)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
330 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
331 |
note h2 = condD [OF h1(3)] pcD[OF h1(1)] codeD[OF h1(1)] memD[OF h1(2)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
332 |
hence stp: "run 1 (prog, i', ab, b) = (prog, e, ab, b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
333 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
334 |
have "rset_of ?x \<in> (pc e * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
335 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
336 |
have "rset_of ?y \<in> (pc e * m a 0) * (i :[ \<guillemotright>Dec a e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
337 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
338 |
from spc_upd[OF h1(1), of "e"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
339 |
have "rset_of ?y \<in> pc e * {{C i (Dec a e)}} * m a 0 * <(j = i + 1)> * r" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
340 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
341 |
by (unfold assemble_to.simps, metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
342 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
343 |
with stp show ?thesis by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
344 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
345 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
346 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
347 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
348 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
349 |
lemma pasrtD_p: "\<lbrakk>{p*<b>} c {q}\<rbrakk> \<Longrightarrow> (b \<longrightarrow> {p} c {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
350 |
apply (unfold Hoare_abc_def pasrt_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
351 |
by (fold emp_def, simp add:emp_unit_r) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
352 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
353 |
lemma hoare_dec: "dec_fun v j e = (pc', v') \<Longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
354 |
{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
355 |
i:[ \<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
356 |
{pc pc' * m a v'}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
357 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
358 |
assume "dec_fun v j e = (pc', v')" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
359 |
thus "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
360 |
i:[ \<guillemotright>(Dec a e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
361 |
{pc pc' * m a v'}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
362 |
apply (auto split:if_splits simp:dec_fun_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
363 |
apply (insert hoare_dec_fail, auto)[1] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
364 |
apply (insert hoare_dec_suc, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
365 |
apply (atomize) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
366 |
apply (erule_tac x = i in allE, erule_tac x = a in allE, |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
367 |
erule_tac x = v in allE, erule_tac x = e in allE, erule_tac x = pc' in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
368 |
by (drule_tac pasrtD_p, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
369 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
370 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
371 |
lemma hoare_inc: "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
372 |
i:[ \<guillemotright>(Inc a) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
373 |
{pc j * m a (v + 1)}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
374 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
375 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
376 |
assume h: "rset_of (prog, i', ab, b) \<in> (pc i * m a v) * (i :[ \<guillemotright>Inc a ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
377 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
378 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> (pc j * m a (v + 1)) * (i :[ \<guillemotright>Inc a ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
379 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
380 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
381 |
have h1: "?r \<in> pc i * {{C i (Inc a)}} * m a v * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
382 |
"?r \<in> m a v * pc i * {{C i (Inc a)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
383 |
"?r \<in> <(j = i + 1)> * m a v * pc i * {{C i (Inc a)}} * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
384 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
385 |
note h2 = condD [OF h1(3)] pcD[OF h1(1)] codeD[OF h1(1)] memD[OF h1(2)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
386 |
hence stp: "run 1 (prog, i', ab, b) = (prog, Suc i, ab(a \<mapsto> Suc v), b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
387 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
388 |
have "rset_of ?x \<in> (pc j * m a (v + 1)) * (i :[ \<guillemotright>Inc a]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
389 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
390 |
have "rset_of ?y \<in> (pc j * m a (v + 1)) * (i :[ \<guillemotright>Inc a ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
391 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
392 |
from spc_upd[OF h1(1), of "Suc i"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
393 |
have "rset_of (prog, (Suc i), ab, b) \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
394 |
m a v * pc (Suc i) * {{C i (Inc a)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
395 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
396 |
from smem_upd[OF this, of "Suc v"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
397 |
have "rset_of ?y \<in> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
398 |
m a (v + 1) * pc (i + 1) * {{C i (Inc a)}} * <(j = i + 1)> * r" by simp
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
399 |
thus ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
400 |
by (unfold h2(1) assemble_to.simps, metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
401 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
402 |
with stp show ?thesis by simp |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
403 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
404 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
405 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
406 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
407 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
408 |
lemma hoare_goto: "{pc i}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
409 |
i:[ \<guillemotright>(Goto e) ]:j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
410 |
{pc e}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
411 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
412 |
fix prog i' ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
413 |
assume h: "rset_of (prog, i', ab, b) \<in> pc i * (i :[ \<guillemotright>Goto e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
414 |
(is "?r \<in> ?S") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
415 |
show "\<exists>k. rset_of (run k (prog, i', ab, b)) \<in> pc e * (i :[ \<guillemotright>Goto e ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
416 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
417 |
from h [unfolded assemble_to.simps] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
418 |
have h1: "?r \<in> pc i * {{C i (Goto e)}} * <(j = i + 1)> * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
419 |
by ((metis stimes_ac)+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
420 |
note h2 = pcD[OF h1(1)] codeD[OF h1(1)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
421 |
hence stp: "run 1 (prog, i', ab, b) = (prog, e, ab, b)" (is "?x = ?y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
422 |
by (unfold run_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
423 |
have "rset_of ?x \<in> pc e * (i :[ \<guillemotright>Goto e]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
424 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
425 |
from spc_upd[OF h1(1), of "e"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
426 |
show ?thesis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
427 |
by (unfold stp assemble_to.simps, metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
428 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
429 |
thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
430 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
431 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
432 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
433 |
no_notation stimes (infixr "*" 70) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
434 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
435 |
interpretation foo: comm_monoid_mult |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
436 |
"stimes :: 'a set set => 'a set set => 'a set set" "emp::'a set set" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
437 |
apply(default) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
438 |
apply(simp add: stimes_assoc) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
439 |
apply(simp add: stimes_comm) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
440 |
apply(simp add: emp_def[symmetric]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
441 |
done |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
442 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
443 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
444 |
notation stimes (infixr "*" 70) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
445 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
446 |
(*used by simplifier for numbers *) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
447 |
thm mult_cancel_left |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
448 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
449 |
(* |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
450 |
interpretation foo: comm_ring_1 "op * :: 'a set set => 'a set set => 'a set set" "{{}}::'a set set"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
451 |
apply(default) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
452 |
*) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
453 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
454 |
lemma frame: "{p} c {q} \<Longrightarrow> \<forall> r. {p * r} c {q * r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
455 |
apply (unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
456 |
apply (erule_tac x = "(a, aa, ab, b)" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
457 |
apply (erule_tac x = "r * ra" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
458 |
apply(metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
459 |
done |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
460 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
461 |
lemma code_extension: "\<lbrakk>{p} c {q}\<rbrakk> \<Longrightarrow> (\<forall> e. {p} c * e {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
462 |
apply (unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
463 |
apply (erule_tac x = "(a, aa, ab, b)" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
464 |
apply (erule_tac x = "e * r" in allE) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
465 |
apply(metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
466 |
done |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
467 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
468 |
lemma run_add: "run (n1 + n2) s = run n1 (run n2 s)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
469 |
apply (unfold run_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
470 |
by (metis funpow_add o_apply) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
471 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
472 |
lemma composition: "\<lbrakk>{p} c1 {q}; {q} c2 {r}\<rbrakk> \<Longrightarrow> {p} c1 * c2 {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
473 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
474 |
assume h: "{p} c1 {q}" "{q} c2 {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
475 |
from code_extension [OF h(1), rule_format, of "c2"] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
476 |
have "{p} c1 * c2 {q}" .
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
477 |
moreover from code_extension [OF h(2), rule_format, of "c1"] and stimes_comm |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
478 |
have "{q} c1 * c2 {r}" by metis
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
479 |
ultimately show "{p} c1 * c2 {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
480 |
apply (unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
481 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
482 |
fix a aa ab b ra |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
483 |
assume h1: "\<forall>s r. rset_of s \<in> p * (c1 * c2) * r \<longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
484 |
(\<exists>k. rset_of (run k s) \<in> q * (c1 * c2) * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
485 |
and h2: "\<forall>s ra. rset_of s \<in> q * (c1 * c2) * ra \<longrightarrow> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
486 |
(\<exists>k. rset_of (run k s) \<in> r * (c1 * c2) * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
487 |
and h3: "rset_of (a, aa, ab, b) \<in> p * (c1 * c2) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
488 |
show "\<exists>k. rset_of (run k (a, aa, ab, b)) \<in> r * (c1 * c2) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
489 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
490 |
let ?s = "(a, aa, ab, b)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
491 |
from h1 [rule_format, of ?s, OF h3] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
492 |
obtain n1 where "rset_of (run n1 ?s) \<in> q * (c1 * c2) * ra" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
493 |
from h2 [rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
494 |
obtain n2 where "rset_of (run n2 (run n1 ?s)) \<in> r * (c1 * c2) * ra" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
495 |
with run_add show ?thesis by metis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
496 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
497 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
498 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
499 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
500 |
lemma stimes_simp: "s \<in> x * y = (\<exists> s1 s2. (s = s1 \<union> s2 \<and> s1 \<inter> s2 = {} \<and> s1 \<in> x \<and> s2 \<in> y))"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
501 |
by (metis (lifting) stimesE stimesI) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
502 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
503 |
lemma hoare_seq: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
504 |
"\<lbrakk>\<forall> i j. {pc i * p} i:[c1]:j {pc j * q};
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
505 |
\<forall> j k. {pc j * q} j:[c2]:k {pc k * r}\<rbrakk> \<Longrightarrow> {pc i * p} i:[(c1 ; c2)]:k {pc k *r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
506 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
507 |
assume h: "\<forall>i j. {pc i * p} i :[ c1 ]: j {pc j * q}" "\<forall> j k. {pc j * q} j:[c2]:k {pc k * r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
508 |
show "{pc i * p} i:[(c1 ; c2)]:k {pc k *r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
509 |
proof(subst Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
510 |
fix a aa ab b ra |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
511 |
assume "rset_of (a, aa, ab, b) \<in> (pc i * p) * (i :[ (c1 ; c2) ]: k) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
512 |
hence "rset_of (a, aa, ab, b) \<in> (i :[ (c1 ; c2) ]: k) * (pc i * p * ra)" (is "?s \<in> ?X * ?Y") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
513 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
514 |
from stimesE[OF this] obtain s1 s2 where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
515 |
sp: "rset_of(a, aa, ab, b) = s1 \<union> s2" "s1 \<inter> s2 = {}" "s1 \<in> ?X" "s2 \<in> ?Y" by blast
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
516 |
from sp (3) obtain j' where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
517 |
"s1 \<in> (i:[c1]:j') * (j':[c2]:k)" (is "s1 \<in> ?Z") |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
518 |
by (auto simp:assemble_to.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
519 |
from stimesI[OF sp(1, 2) this sp(4)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
520 |
have "?s \<in> (pc i * p) * (i :[ c1 ]: j') * (j' :[ c2 ]: k) * ra" by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
521 |
from h(1)[unfolded Hoare_abc_def, rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
522 |
obtain ka where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
523 |
"rset_of (run ka (a, aa, ab, b)) \<in> (pc j' * q) * (j' :[ c2 ]: k) * ((i :[ c1 ]: j') * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
524 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
525 |
from h(2)[unfolded Hoare_abc_def, rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
526 |
obtain kb where |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
527 |
"rset_of (run kb (run ka (a, aa, ab, b))) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
528 |
\<in> (pc k * r) * (j' :[ c2 ]: k) * (i :[ c1 ]: j') * ra" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
529 |
hence h3: "rset_of (run (kb + ka) (a, aa, ab, b)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
530 |
\<in> pc k * r * (j' :[ c2 ]: k) * ((i :[ c1 ]: j') * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
531 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
532 |
hence "rset_of (run (kb + ka) (a, aa, ab, b)) \<in> pc k * r * (i :[ (c1 ; c2) ]: k) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
533 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
534 |
have "rset_of (run (kb + ka) (a, aa, ab, b)) \<in> (i :[ (c1 ; c2) ]: k) * (pc k * r * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
535 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
536 |
from h3 have "rset_of (run (kb + ka) (a, aa, ab, b)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
537 |
\<in> ((j' :[ c2 ]: k) * ((i :[ c1 ]: j'))) * (pc k * r * ra)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
538 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
539 |
then obtain |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
540 |
s1 s2 where h4: "rset_of (run (kb + ka) (a, aa, ab, b)) = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
541 |
" s1 \<inter> s2 = {}" "s1 \<in> (j' :[ c2 ]: k) * (i :[ c1 ]: j')"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
542 |
"s2 \<in> pc k * r * ra" by (rule stimesE, blast) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
543 |
from h4(3) have "s1 \<in> (i :[ (c1 ; c2) ]: k)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
544 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
545 |
from stimesI [OF h4(1, 2) this h4(4)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
546 |
show ?thesis . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
547 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
548 |
thus ?thesis by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
549 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
550 |
thus "\<exists>ka. rset_of (run ka (a, aa, ab, b)) \<in> (pc k * r) * (i :[ (c1 ; c2) ]: k) * ra" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
551 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
552 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
553 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
554 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
555 |
lemma hoare_local: |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
556 |
"\<forall> l i j. {pc i*p} i:[c(l)]:j {pc j * q}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
557 |
\<Longrightarrow> {pc i * p} i:[Local c]:j {pc j * q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
558 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
559 |
assume h: "\<forall> l i j. {pc i*p} i:[c(l)]:j {pc j * q} "
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
560 |
show "{pc i * p} i:[Local c]:j {pc j * q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
561 |
proof(unfold assemble_to.simps Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
562 |
fix a aa ab b r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
563 |
assume h1: "rset_of (a, aa, ab, b) \<in> (pc i * p) * (\<Union>l. i :[ c l ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
564 |
hence "rset_of (a, aa, ab, b) \<in> (\<Union>l. i :[ c l ]: j) * (pc i * p * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
565 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
566 |
then obtain s1 s2 l |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
567 |
where "rset_of (a, aa, ab, b) = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
568 |
"s1 \<inter> s2 = {}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
569 |
"s1 \<in> (i :[ c l ]: j)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
570 |
"s2 \<in> pc i * p * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
571 |
by (rule stimesE, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
572 |
from stimesI[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
573 |
have "rset_of (a, aa, ab, b) \<in> (pc i * p) * (i :[ c l ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
574 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
575 |
from h[unfolded Hoare_abc_def, rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
576 |
obtain k where "rset_of (run k (a, aa, ab, b)) \<in> (i :[ c l ]: j) * (pc j * q * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
577 |
sorry |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
578 |
then obtain s1 s2 |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
579 |
where h3: "rset_of (run k (a, aa, ab, b)) = s1 \<union> s2" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
580 |
" s1 \<inter> s2 = {}" "s1 \<in> (\<Union> l. (i :[ c l ]: j))" "s2 \<in> pc j * q * r"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
581 |
by(rule stimesE, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
582 |
from stimesI[OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
583 |
show "\<exists>k. rset_of (run k (a, aa, ab, b)) \<in> (pc j * q) * (\<Union>l. i :[ c l ]: j) * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
584 |
by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
585 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
586 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
587 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
588 |
lemma move_pure: "{p*<b>} c {q} = (b \<longrightarrow> {p} c {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
589 |
proof(unfold Hoare_abc_def, default, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
590 |
fix prog i' mem ft r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
591 |
assume h: "\<forall>s r. rset_of s \<in> (p * <b>) * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
592 |
"b" "rset_of (prog, i', mem, ft) \<in> p * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
593 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
594 |
proof(rule h(1)[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
595 |
have "(p * <b>) * c * r = <b> * p * c * r" by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
596 |
moreover have "rset_of (prog, i', mem, ft) \<in> \<dots>" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
597 |
proof(rule stimesI[OF _ _ _ h(3)]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
598 |
from h(2) show "{} \<in> <b>" by (auto simp:pasrt_def)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
599 |
qed auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
600 |
ultimately show "rset_of (prog, i', mem, ft) \<in> (p * <b>) * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
601 |
by (simp) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
602 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
603 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
604 |
assume h: "b \<longrightarrow> (\<forall>s r. rset_of s \<in> p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r))" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
605 |
show "\<forall>s r. rset_of s \<in> (p * <b>) * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
606 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
607 |
{ fix s r
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
608 |
assume "rset_of s \<in> (p * <b>) * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
609 |
hence h1: "rset_of s \<in> <b> * p * c * r" by (metis stimes_ac) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
610 |
have "(\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
611 |
proof(rule h[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
612 |
from condD[OF h1] show b . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
613 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
614 |
from condD1[OF h1] show "rset_of s \<in> p * c * r" . |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
615 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
616 |
} thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
617 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
618 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
619 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
620 |
lemma precond_ex: "{\<Union> x. p x} c {q} = (\<forall> x. {p x} c {q})"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
621 |
proof(unfold Hoare_abc_def, default, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
622 |
fix x prog i' mem ft r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
623 |
assume h: "\<forall>s r. rset_of s \<in> UNION UNIV p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
624 |
"rset_of (prog, i', mem, ft) \<in> p x * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
625 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
626 |
proof(rule h[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
627 |
from h(2) show "rset_of (prog, i', mem, ft) \<in> UNION UNIV p * c * r" by (auto simp:stimes_def) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
628 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
629 |
next |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
630 |
assume h: "\<forall>x s r. rset_of s \<in> p x * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
631 |
show "\<forall>s r. rset_of s \<in> UNION UNIV p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
632 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
633 |
{ fix s r
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
634 |
assume "rset_of s \<in> UNION UNIV p * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
635 |
then obtain x where "rset_of s \<in> p x * c * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
636 |
by (unfold st_def, auto, metis) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
637 |
hence "(\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
638 |
by(rule h[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
639 |
} thus ?thesis by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
640 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
641 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
642 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
643 |
lemma code_exI: "\<lbrakk>\<And>l. {p} c l * c' {q}\<rbrakk> \<Longrightarrow> {p} (\<Union> l. c l) * c' {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
644 |
proof(unfold Hoare_abc_def, default, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
645 |
fix prog i' mem ft r |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
646 |
assume h: "\<And>l. \<forall>s r. rset_of s \<in> p * (c l * c') * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * (c l * c') * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
647 |
"rset_of (prog, i', mem, ft) \<in> p * (UNION UNIV c * c') * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
648 |
show " \<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * (UNION UNIV c * c') * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
649 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
650 |
from h(2) obtain l where "rset_of (prog, i', mem, ft) \<in> p * (c l * c') * r" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
651 |
apply (unfold st_def, auto) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
652 |
by metis |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
653 |
from h(1)[rule_format, OF this] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
654 |
obtain k where " rset_of (run k (prog, i', mem, ft)) \<in> q * (c l * c') * r" by blast |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
655 |
thus ?thesis by (unfold st_def, auto, metis) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
656 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
657 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
658 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
659 |
lemma code_exIe: "\<lbrakk>\<And>l. {p} c l{q}\<rbrakk> \<Longrightarrow> {p} \<Union> l. (c l) {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
660 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
661 |
assume "\<And>l. {p} c l {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
662 |
thus "{p} \<Union>l. c l {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
663 |
by(rule code_exI[where c'= "emp", unfolded emp_unit_r]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
664 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
665 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
666 |
lemma pre_stren: "\<lbrakk>{p} c {q}; r \<subseteq> p\<rbrakk> \<Longrightarrow> {r} c {q}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
667 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
668 |
fix prog i' mem ft r' |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
669 |
assume h: "\<forall>s r. rset_of s \<in> p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
670 |
" r \<subseteq> p" " rset_of (prog, i', mem, ft) \<in> r * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
671 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> q * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
672 |
proof(rule h(1)[rule_format]) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
673 |
from stimes_mono[OF h(2), of "c * r'"] h(3) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
674 |
show "rset_of (prog, i', mem, ft) \<in> p * c * r'" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
675 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
676 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
677 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
678 |
lemma post_weaken: "\<lbrakk>{p} c {q}; q \<subseteq> r\<rbrakk> \<Longrightarrow> {p} c {r}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
679 |
proof(unfold Hoare_abc_def, clarify) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
680 |
fix prog i' mem ft r' |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
681 |
assume h: "\<forall>s r. rset_of s \<in> p * c * r \<longrightarrow> (\<exists>k. rset_of (run k s) \<in> q * c * r)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
682 |
" q \<subseteq> r" "rset_of (prog, i', mem, ft) \<in> p * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
683 |
show "\<exists>k. rset_of (run k (prog, i', mem, ft)) \<in> r * c * r'" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
684 |
proof - |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
685 |
from h(1)[rule_format, OF h(3)] |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
686 |
obtain k where "rset_of (run k (prog, i', mem, ft)) \<in> q * c * r'" by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
687 |
moreover from h(2) have "\<dots> \<subseteq> r * c * r'" by (metis stimes_mono) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
688 |
ultimately show ?thesis by auto |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
689 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
690 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
691 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
692 |
definition "clear a = (L start exit. Label start; \<guillemotright>Dec a exit; \<guillemotright> Goto start; Label exit)" |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
693 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
694 |
lemma "{pc i * m a v} i:[clear a]:j {pc j*m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
695 |
proof (unfold clear_def, rule hoare_local, default+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
696 |
fix l i j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
697 |
show "{pc i * m a v} i :[ (L exit. Label l ; \<guillemotright>Dec a exit ; \<guillemotright>Goto l ; Label exit) ]: j
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
698 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
699 |
proof(rule hoare_local, default+) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
700 |
fix la i j |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
701 |
show "{pc i * m a v} i :[ (Label l ; \<guillemotright>Dec a la ; \<guillemotright>Goto l ; Label la) ]: j {pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
702 |
proof(subst assemble_to.simps, rule code_exIe) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
703 |
have "\<And>j'. {pc i * m a v} (j' :[ (\<guillemotright>Dec a la ; \<guillemotright>Goto l ; Label la) ]: j) * (i :[ Label l ]: j')
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
704 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
705 |
proof(subst assemble_to.simps, rule code_exI) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
706 |
fix j' j'a |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
707 |
show "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
708 |
((j' :[ \<guillemotright>Dec a la ]: j'a) * (j'a :[ (\<guillemotright>Goto l ; Label la) ]: j)) * (i :[ Label l ]: j') |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
709 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
710 |
proof(unfold assemble_to.simps) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
711 |
have "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
712 |
((\<Union>j'. ({{C j'a (Goto l)}} * <(j' = j'a + 1)>) * ({{C j' (Dec a la)}} * <(j'a = j' + 1)>)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
713 |
* <(j' = j \<and> j = la)>)) * |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
714 |
<(i = j' \<and> j' = l)> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
715 |
{pc j * m a 0}"
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
716 |
proof(rule code_exI, fold assemble_to.simps, unfold assemble_to.simps(4)) |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
717 |
thm assemble_to.simps |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
718 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
719 |
thus "{pc i * m a v}
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
720 |
(({{C j' (Dec a la)}} * <(j'a = j' + 1)>) *
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
721 |
(\<Union>j'. ({{C j'a (Goto l)}} * <(j' = j'a + 1)>) * <(j' = j \<and> j = la)>)) *
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
722 |
<(i = j' \<and> j' = l)> |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
723 |
{pc j * m a 0}" sorry
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
724 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
725 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
726 |
thus "\<And>j'. {pc i * m a v} (i :[ Label l ]: j') * (j' :[ (\<guillemotright>Dec a la ; \<guillemotright>Goto l ; Label la) ]: j)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
727 |
{pc j * m a 0}" by (metis stimes_ac)
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
728 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
729 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
730 |
qed |
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
731 |
|
|
8f89170bb076
updated according to comments from reviewers
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
732 |
end |