tm: comparison thys/turing

equal deleted inserted replaced

-:c8ff97d9f8da
+:7edbd5657702
 theory turing_hoare
 imports turing_basic
 begin
-declare step.simps[simp del]
-declare steps.simps[simp del]
-declare tm_comp.simps [simp del] adjust.simps[simp del] shift.simps[simp del]
-declare tm_wf.simps[simp del]
 type_synonym assert = "tape \<Rightarrow> bool"
 definition
 fun
 holds_for :: "(tape \<Rightarrow> bool) \<Rightarrow> config \<Rightarrow> bool" ("_ holds'_for _" [100, 99] 100)
 where
 "P holds_for (s, l, r) = P (l, r)"
+(* halting case *)
+definition
+Hoare :: "assert \<Rightarrow> tprog0 \<Rightarrow> assert \<Rightarrow> bool" ("({(1_)}/ (_)/ {(1_)})" [50, 49] 50)
+where
+"{P} p {Q} \<equiv>
+(\<forall>tp. P tp \<longrightarrow> (\<exists>n. is_final (steps0 (1, tp) p n) \<and> Q holds_for (steps0 (1, tp) p n)))"
+(* not halting case *)
+definition
+Hoare_unhalt :: "assert \<Rightarrow> tprog0 \<Rightarrow> bool" ("({(1_)}/ (_)) \<up>" [50, 49] 50)
+where
+"{P} p \<up> \<equiv> (\<forall>tp. P tp \<longrightarrow> (\<forall> n . \<not> (is_final (steps0 (1, tp) p n))))"
+lemma HoareI:
+assumes "\<And>l r. P (l, r) \<Longrightarrow> \<exists>n. is_final (steps0 (1, (l, r)) p n) \<and> Q holds_for (steps0 (1, (l, r)) p n)"
+shows "{P} p {Q}"
+unfolding Hoare_def
+using assms by auto
+lemma Hoare_unhalt_I:
+assumes "\<And>l r n. P (l, r) \<Longrightarrow> \<not> is_final (steps0 (1, (l, r)) p n)"
+shows "{P} p \<up>"
+unfolding Hoare_unhalt_def
+using assms by auto
 lemma is_final_holds[simp]:
 assumes "is_final c"
-shows "Q holds_for (steps c (p, off) n) = Q holds_for c"
+shows "Q holds_for (steps c p n) = Q holds_for c"
 using assms
 apply(induct n)
 apply(auto)
 apply(case_tac [!] c)
 apply(auto)
 done
-lemma holds_for_imp:
-assumes "P holds_for c"
-and "P \<mapsto> Q"
-shows "Q holds_for c"
-using assms unfolding assert_imp_def
-by (case_tac c) (auto)
-definition
-Hoare :: "assert \<Rightarrow> tprog0 \<Rightarrow> assert \<Rightarrow> bool" ("({(1_)}/ (_)/ {(1_)})" 50)
-where
-"{P} p {Q} \<equiv>
-(\<forall>l r. P (l, r) \<longrightarrow> (\<exists>n. is_final (steps0 (1, (l, r)) p n) \<and> Q holds_for (steps0 (1, (l, r)) p n)))"
-lemma HoareI:
-assumes "\<And>l r. P (l, r) \<Longrightarrow> \<exists>n. is_final (steps0 (1, (l, r)) p n) \<and> Q holds_for (steps0 (1, (l, r)) p n)"
-shows "{P} p {Q}"
-unfolding Hoare_def using assms by auto
 text {*
 {P1} A {Q1}   {P2} B {Q2}  Q1 \<mapsto> P2   A, B well-formed
 ------------------------------------------------------
 {P1} A |+| B {Q2}
 *}
 lemma Hoare_plus_halt:
-assumes aimpb: "Q1 \<mapsto> P2"
+assumes a_imp: "Q1 \<mapsto> P2"
 and A_wf : "tm_wf (A, 0)"
-and B_wf : "tm_wf (B, 0)"
 and A_halt : "{P1} A {Q1}"
 and B_halt : "{P2} B {Q2}"
 shows "{P1} A |+| B {Q2}"
 proof(rule HoareI)
 fix l r
 assume h: "P1 (l, r)"
-then obtain n1
+then obtain n1 l' r'
-where "is_final (steps0 (1, l, r) A n1)" and "Q1 holds_for (steps0 (1, l, r) A n1)"
+where "is_final (steps0 (1, l, r) A n1)"
-using A_halt unfolding Hoare_def by auto
+and a1: "Q1 holds_for (steps0 (1, l, r) A n1)"
-then obtain l' r' where "steps0 (1, l, r) A n1 = (0, l', r')" and c: "Q1 holds_for (0, l', r')"
+and a2: "steps0 (1, l, r) A n1 = (0, l', r')"
-by(case_tac "steps0 (1, l, r) A n1") (auto)
+using A_halt unfolding Hoare_def
-then obtain stpa where d: "steps0 (1, l, r) (A |+| B) stpa = (Suc (length A div 2), l', r')"
+by (metis is_final_eq surj_pair)
-using A_wf by(rule_tac tm_comp_pre_halt_same) (auto)
+then obtain n2
+where "steps0 (1, l, r) (A |+| B) n2 = (Suc (length A div 2), l', r')"
+using A_wf by (rule_tac tm_comp_pre_halt_same)
 moreover
-from c aimpb have "P2 holds_for (0, l', r')"
+from a1 a2 a_imp have "P2 (l', r')" by (simp add: assert_imp_def)
-by (rule holds_for_imp)
+then obtain n3 l'' r''
-then have "P2 (l', r')" by auto
+where "is_final (steps0 (1, l', r') B n3)"
-then obtain n2
+and b1: "Q2 holds_for (steps0 (1, l', r') B n3)"
-where "is_final (steps0 (1, l', r') B n2)" and "Q2 holds_for (steps0 (1, l', r') B n2)"
+and b2: "steps0 (1, l', r') B n3 = (0, l'', r'')"
-using B_halt unfolding Hoare_def by auto
+using B_halt unfolding Hoare_def
-then obtain l'' r'' where "steps0 (1, l', r') B n2 = (0, l'', r'')" and g: "Q2 holds_for (0, l'', r'')"
+by (metis is_final_eq surj_pair)
-by (case_tac "steps0 (1, l', r') B n2") (auto)
+then have "steps0 (Suc (length A div 2), l', r')  (A |+| B) n3 = (0, l'', r'')"
-then have "steps0 (Suc (length A div 2), l', r')  (A |+| B) n2 = (0, l'', r'')"
+using A_wf by (rule_tac t_merge_second_halt_same)
-by (rule_tac t_merge_second_halt_same) (auto simp: A_wf B_wf)
 ultimately show
 "\<exists>n. is_final (steps0 (1, l, r) (A |+| B) n) \<and> Q2 holds_for (steps0 (1, l, r) (A |+| B) n)"
-using g
+using b1 b2 by (rule_tac x = "n2 + n3" in exI) (simp)
-apply(rule_tac x = "stpa + n2" in exI)
-apply(simp add: steps_add)
-done
 qed
-definition
-Hoare_unhalt :: "assert \<Rightarrow> tprog0 \<Rightarrow> bool" ("({(1_)}/ (_))" 50)
-where
-"{P} p \<equiv> (\<forall>l r. P (l, r) \<longrightarrow> (\<forall> n . \<not> (is_final (steps0 (1, (l, r)) p n))))"
-lemma Hoare_unhalt_I:
+text {*
-assumes "\<And>l r. P (l, r) \<Longrightarrow> \<forall> n. \<not> is_final (steps0 (1, (l, r)) p n)"
+{P1} A {Q1}   {P2} B loops    Q1 \<mapsto> P2   A well-formed
-shows "{P} p"
+------------------------------------------------------
-unfolding Hoare_unhalt_def using assms by auto
+{P1} A |+| B  loops
+*}
 lemma Hoare_plus_unhalt:
-fixes A B :: tprog0
+assumes a_imp: "Q1 \<mapsto> P2"
-assumes aimpb: "Q1 \<mapsto> P2"
 and A_wf : "tm_wf (A, 0)"
-and B_wf : "tm_wf (B, 0)"  (* probably not needed *)
 and A_halt : "{P1} A {Q1}"
-and B_uhalt : "{P2} B"
+and B_uhalt : "{P2} B \<up>"
-shows "{P1} (A |+| B)"
+shows "{P1} (A |+| B) \<up>"
 proof(rule_tac Hoare_unhalt_I)
-fix l r
+fix n l r
 assume h: "P1 (l, r)"
-then obtain n1 where a: "is_final (steps0 (1, l, r) A n1)" and b: "Q1 holds_for (steps0 (1, l, r) A n1)"
+then obtain n1 l' r'
-using A_halt unfolding Hoare_def by auto
+where a: "is_final (steps0 (1, l, r) A n1)"
-then obtain l' r' where "steps0 (1, l, r) A n1 = (0, l', r')" and c: "Q1 holds_for (0, l', r')"
+and b: "Q1 holds_for (steps0 (1, l, r) A n1)"
-by(case_tac "steps0 (1, l, r) A n1", auto)
+and c: "steps0 (1, l, r) A n1 = (0, l', r')"
-then obtain stpa where d: "steps0 (1, l, r) (A |+| B) stpa = (Suc (length A div 2), l', r')"
+using A_halt unfolding Hoare_def
-using A_wf
+by (metis is_final_eq surj_pair)
-by(rule_tac tm_comp_pre_halt_same, auto)
+then obtain n2 where eq: "steps0 (1, l, r) (A |+| B) n2 = (Suc (length A div 2), l', r')"
-from c aimpb have "P2 holds_for (0, l', r')"
+using A_wf by (rule_tac tm_comp_pre_halt_same)
-by(rule holds_for_imp)
+then show "\<not> is_final (steps0 (1, l, r) (A |+| B) n)"
-from this have "P2 (l', r')" by auto
+proof(cases "n2 \<le> n")
-from this have e: "\<forall> n. \<not> is_final (steps0 (Suc 0, l', r') B n)  "
+case True
-using B_uhalt unfolding Hoare_unhalt_def
+from b c a_imp have "P2 (l', r')" by (simp add: assert_imp_def)
-by auto
+then have "\<forall> n. \<not> is_final (steps0 (1, l', r') B n)  "
-from e show "\<forall>n. \<not> is_final (steps0 (1, l, r) (A |+| B) n)"
+using B_uhalt unfolding Hoare_unhalt_def by simp
-proof(rule_tac allI, case_tac "n > stpa")
+then have "\<not> is_final (steps0 (Suc 0, l', r') B (n - n2))" by auto
-fix n
+then obtain s'' l'' r''
-assume h2: "stpa < n"
+where "steps0 (Suc 0, l', r') B (n - n2) = (s'', l'', r'')"
-hence "\<not> is_final (steps0 (Suc 0, l', r') B (n - stpa))"
+and "\<not> is_final (s'', l'', r'')" by (metis surj_pair)
-using e
+then have "steps0 (Suc (length A div 2), l', r') (A |+| B) (n - n2) = (s''+ length A div 2, l'', r'')"
-apply(erule_tac x = "n - stpa" in allE) by simp
+using A_wf by (auto dest: t_merge_second_same simp del: steps.simps)
-then obtain s'' l'' r'' where f: "steps0 (Suc 0, l', r') B (n - stpa) = (s'', l'', r'')" and g: "s'' \<noteq> 0"
+then have "\<not> is_final (steps0 (1, l, r) (A |+| B) (n2 + (n  - n2)))"
-apply(case_tac "steps0 (Suc 0, l', r') B (n - stpa)", auto)
+using A_wf by (simp only: steps_add eq) (simp add: tm_wf.simps)
-done
+then show "\<not> is_final (steps0 (1, l, r) (A |+| B) n)"
-have k: "steps0 (Suc (length A div 2), l', r') (A |+| B) (n - stpa) = (s''+ length A div 2, l'', r'') "
+using `n2 \<le> n` by simp
-using A_wf B_wf f g
+next
-apply(drule_tac t_merge_second_same, auto)
+case False
-done
+then obtain n3 where "n = n2 - n3"
-show "\<not> is_final (steps0 (1, l, r) (A |+| B) n)"
+by (metis diff_le_self le_imp_diff_is_add nat_add_commute nat_le_linear)
-proof -
+moreover
-have "\<not> is_final (steps0 (1, l, r) (A |+| B) (stpa + (n  - stpa)))"
+with eq show "\<not> is_final (steps0 (1, l, r) (A |+| B) n)"
-using d k A_wf
+by (simp add: not_is_final[where ?n1.0="n2"])
-apply(simp only: steps_add d, simp add: tm_wf.simps)
-done
-thus "\<not> is_final (steps0 (1, l, r) (A |+| B) n)"
-using h2 by simp
-qed
-next
-fix n
-assume h2: "\<not> stpa < n"
-with d show "\<not> is_final (steps0 (1, l, r) (A |+| B) n)"
-apply(auto)
-apply(subgoal_tac "\<exists> d. stpa = n + d", auto)
-apply(case_tac "(steps0 (Suc 0, l, r) (A |+| B) n)", simp)
-apply(rule_tac x = "stpa - n" in exI, simp)
-done
 qed
 qed
 lemma Hoare_weak:
-fixes p::tprog0
 assumes a: "{P} p {Q}"
 and b: "P' \<mapsto> P"
 and c: "Q \<mapsto> Q'"
 shows "{P'} p {Q'}"
 using assms
 unfolding Hoare_def assert_imp_def
-by (blast intro: holds_for_imp[simplified assert_imp_def])
+by (metis holds_for.simps surj_pair)
+declare step.simps[simp del]
+declare steps.simps[simp del]
+declare tm_comp.simps [simp del] adjust.simps[simp del] shift.simps[simp del]
+declare tm_wf.simps[simp del]
 end

changeset 61	7edbd5657702
parent 59	30950dadd09f
child 62	e33306b4c62e