thys/Hoare_abc.thy
author ibm-PC\ibm <xingyuanzhang@126.com>
Fri, 12 Sep 2014 00:47:15 +0800
changeset 24 77daf1b85cf0
parent 11 f8b2bf858caf
permissions -rw-r--r--
new change
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     1
header {* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     2
 {\em Abacus} defined as macros of TM
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     3
 *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     4
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     5
theory Hoare_abc
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     6
imports Hoare_tm Finite_Set
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     7
begin
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     8
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     9
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    10
text {*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    11
  {\em Abacus} instructions
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    12
*}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    13
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    14
(*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    15
text {* The following Abacus instructions will be replaced by TM macros. *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    16
datatype abc_inst =
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    17
  -- {* @{text "Inc n"} increments the memory cell (or register) 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    18
         with address @{text "n"} by one.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    19
     *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    20
     Inc nat
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    21
  -- {*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    22
     @{text "Dec n label"} decrements the memory cell with address @{text "n"} by one. 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    23
      If cell @{text "n"} is already zero, no decrements happens and the executio jumps to
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    24
      the instruction labeled by @{text "label"}.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    25
     *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    26
   | Dec nat nat
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    27
  -- {*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    28
  @{text "Goto label"} unconditionally jumps to the instruction labeled by @{text "label"}.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    29
  *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    30
   | Goto nat
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    31
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    32
*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    33
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    34
datatype aresource = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    35
    M nat nat
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    36
  (* | C nat abc_inst *) (* C resource is not needed because there is no Abacus code any more *)  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    37
  | At nat
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    38
  | Faults nat
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    39
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    40
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    41
section {* An interpretation from Abacus to Turing Machine *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    42
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    43
fun recse_map :: "nat list \<Rightarrow> aresource \<Rightarrow> tassert" where
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    44
  "recse_map ks (M a v) = <(a < length ks \<and> ks!a = v \<or> a \<ge> length ks \<and> v = 0)>" |
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    45
  "recse_map ks (At l) = st l" |
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    46
  "recse_map ks (Faults n) = sg {TFaults n}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    47
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    48
definition "IA ars = (EXS ks i. ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* (reps 2 i ks) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    49
                                     fam_conj {i<..} zero \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    50
                                fam_conj ars (recse_map ks))"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    51
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    52
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    53
section {* A virtually defined Abacus *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    54
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    55
text {* The following Abacus instructions are to be defined as TM macros *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    56
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    57
definition "pc l = sg {At l}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    58
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    59
definition "mm a v =sg ({M a v})"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    60
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    61
type_synonym assert = "aresource set \<Rightarrow> bool"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    62
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    63
lemma tm_hoare_inc1:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    64
  assumes h: "a < length ks \<and> ks ! a = v \<or> length ks \<le> a \<and> v = 0"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    65
  shows "
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    66
    \<lbrace>st i \<and>* ps u \<and>* zero (u - 2) \<and>* zero (u - 1) \<and>* reps u ia ks \<and>* fam_conj {ia<..} zero\<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    67
    i :[Inc a ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    68
    \<lbrace>st j \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    69
     ps u \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    70
     zero (u - 2) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    71
     zero (u - 1) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    72
     reps u (ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1) ((list_ext a ks)[a := Suc v]) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    73
     fam_conj {ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1<..} zero\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    74
  using h
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    75
proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    76
  assume hh: "a < length ks \<and> ks ! a = v"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    77
  hence "a < length ks" by simp 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    78
  from list_ext_lt [OF this] tm_hoare_inc00[OF hh]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    79
  show ?thesis by simp
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    80
next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    81
  assume "length ks \<le> a \<and> v = 0"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    82
  from tm_hoare_inc01[OF this]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    83
  show ?thesis by simp
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    84
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    85
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    86
lemma tm_hoare_inc2: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    87
  assumes "mm a v sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    88
  shows "
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    89
    \<lbrace> (fam_conj sr (recse_map ks) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    90
       st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero) \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    91
          i:[ (Inc a) ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    92
    \<lbrace> (fam_conj {M a (Suc v)} (recse_map (list_ext a ks[a := Suc v])) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    93
           st j \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    94
           ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    95
           zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    96
           zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    97
           reps 2 (ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1) ((list_ext a ks)[a := Suc v]) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    98
           fam_conj {ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1<..} zero)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    99
proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   100
  from `mm a v sr` have eq_sr: "sr = {M a v}" by (auto simp:mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   101
  from tm_hoare_inc1[where u = 2]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   102
  have "a < length ks \<and> ks ! a = v \<or> length ks \<le> a \<and> v = 0 \<Longrightarrow>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   103
        \<lbrace>st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero\<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   104
             i :[Inc a ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   105
        \<lbrace>(st j \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   106
           ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   107
           zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   108
           zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   109
           reps 2 (ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1) ((list_ext a ks)[a := Suc v]) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   110
           fam_conj {ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1<..} zero)\<rbrace>" by simp
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   111
  thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   112
    apply (unfold eq_sr)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   113
    apply (simp add:fam_conj_simps list_ext_get_upd list_ext_len)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   114
    by (rule tm.pre_condI, blast)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   115
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   116
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   117
locale IA_disjoint = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   118
  fixes s s' s1 cnf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   119
  assumes h_IA: "IA (s + s') s1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   120
  and h_disj: "s ## s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   121
  and h_conf: "s1 \<subseteq> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   122
begin
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   123
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   124
lemma at_disj1: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   125
  assumes at_in: "At i \<in> s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   126
  shows "At j \<notin> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   127
proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   128
  from h_IA[unfolded IA_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   129
  obtain ks idx
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   130
    where "((ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   131
              reps 2 idx ks \<and>* fam_conj {idx<..} zero) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   132
              fam_conj (s + s') (recse_map ks)) s1" (is "(?P \<and>* ?Q) s1")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   133
    by (auto elim!:EXS_elim simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   134
  then obtain ss1 ss2 where "s1 = ss1 + ss2" "ss1 ## ss2" "?P ss1" "?Q ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   135
    by (auto elim:sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   136
  from `?Q ss2`[unfolded fam_conj_disj_simp[OF h_disj]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   137
  obtain tt1 tt2
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   138
    where "ss2 = tt1 + tt2" "tt1 ## tt2" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   139
            "(fam_conj s (recse_map ks)) tt1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   140
            "(fam_conj s' (recse_map ks)) tt2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   141
    by (auto elim:sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   142
  assume "At j \<in> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   143
  from `(fam_conj s' (recse_map ks)) tt2` [unfolded fam_conj_elm_simp[OF this]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   144
       `ss2 = tt1 + tt2` `s1 = ss1 + ss2` h_conf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   145
  have "TAt j \<in> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   146
    by (auto elim!:sep_conjE simp: st_def sg_def tpn_set_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   147
  moreover from `(fam_conj s (recse_map ks)) tt1` [unfolded fam_conj_elm_simp[OF at_in]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   148
                `ss2 = tt1 + tt2` `s1 = ss1 + ss2` h_conf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   149
  have "TAt i \<in> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   150
    by (auto elim!:sep_conjE simp: st_def sg_def tpn_set_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   151
  ultimately have "i = j"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   152
    by (cases cnf, simp add:trset_of.simps tpn_set_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   153
  from at_in `At j \<in> s'` h_disj
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   154
  show False 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   155
    by (unfold `i = j`, auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   156
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   157
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   158
lemma at_disj2: "At i \<in> s' \<Longrightarrow> At j \<notin> s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   159
  by (metis at_disj1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   160
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   161
lemma m_disj1: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   162
  assumes m_in: "M a v \<in> s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   163
  shows "M a v' \<notin> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   164
proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   165
  from h_IA[unfolded IA_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   166
  obtain ks idx
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   167
    where "((ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   168
              reps 2 idx ks \<and>* fam_conj {idx<..} zero) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   169
              fam_conj (s + s') (recse_map ks)) s1" (is "(?P \<and>* ?Q) s1")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   170
    by (auto elim!:EXS_elim simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   171
  then obtain ss1 ss2 where "s1 = ss1 + ss2" "ss1 ## ss2" "?P ss1" "?Q ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   172
    by (auto elim:sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   173
  from `?Q ss2`[unfolded fam_conj_disj_simp[OF h_disj]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   174
  obtain tt1 tt2
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   175
    where "ss2 = tt1 + tt2" "tt1 ## tt2" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   176
            "(fam_conj s (recse_map ks)) tt1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   177
            "(fam_conj s' (recse_map ks)) tt2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   178
    by (auto elim:sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   179
  assume "M a v' \<in> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   180
  from `(fam_conj s' (recse_map ks)) tt2` [unfolded fam_conj_elm_simp[OF this]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   181
        recse_map.simps]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   182
  have "(a < length ks \<and> ks ! a = v' \<or> length ks \<le> a \<and> v' = 0)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   183
    by (auto simp:pasrt_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   184
  moreover from `(fam_conj s (recse_map ks)) tt1` [unfolded fam_conj_elm_simp[OF m_in]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   185
                         recse_map.simps]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   186
  have "a < length ks \<and> ks ! a = v \<or> length ks \<le> a \<and> v = 0"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   187
    by (auto simp:pasrt_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   188
  moreover note m_in `M a v' \<in> s'` h_disj
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   189
  ultimately show False
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   190
    by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   191
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   192
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   193
lemma m_disj2: "M a v \<in> s' \<Longrightarrow> M a v' \<notin> s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   194
  by (metis m_disj1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   195
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   196
end
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   197
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   198
lemma EXS_elim1: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   199
  assumes "((EXS x. P(x)) \<and>* r) s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   200
  obtains x where "(P(x) \<and>* r) s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   201
  by (metis EXS_elim assms sep_conj_exists1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   202
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   203
lemma hoare_inc[step]: "IA. \<lbrace> pc i ** mm a v \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   204
                        i:[ (Inc a) ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   205
                      \<lbrace> pc j ** mm a (Suc v)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   206
                      (is "IA. \<lbrace> pc i ** ?P \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   207
                        i:[ ?code ?e ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   208
                      \<lbrace> pc ?e ** ?Q\<rbrace>")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   209
proof(induct rule:tm.IHoareI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   210
  case (IPre s' s r cnf)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   211
  let ?cnf = "(trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   212
  from IPre
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   213
  have h: "(pc i \<and>* ?P) s" "(s ## s')" "(IA (s + s') \<and>* i :[ ?code(?e) ]: j \<and>* r) ?cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   214
    by (metis condD)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   215
  from h(1) obtain sr where
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   216
      eq_s: "s = {At i} \<union>  sr" "{At i} ##  sr" "?P sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   217
    by (auto dest!:sep_conjD simp:set_ins_def pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   218
  hence "At i \<in> s" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   219
  from h(3) obtain s1 s2 s3
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   220
    where hh: "?cnf = s1 + s2 + s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   221
              "s1 ## s2 \<and> s2 ## s3 \<and> s1 ## s3" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   222
              "IA (s + s') s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   223
              "(i :[ ?code ?e ]: j) s2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   224
              "r s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   225
    apply (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   226
    by (metis sep_add_commute sep_disj_addD1 sep_disj_addD2 sep_disj_commuteI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   227
  interpret ia_disj: IA_disjoint s s' s1 cnf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   228
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   229
    from `IA (s + s') s1` show "IA (s + s') s1" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   230
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   231
    from `s ## s'` show "s ## s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   232
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   233
    from hh(1) show "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   234
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   235
  from hh(1) have s1_belong: "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   236
  from hh(3)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   237
  have "(EXS ks ia.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   238
         ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   239
         zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   240
         zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   241
         reps 2 ia ks \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   242
         fam_conj {ia<..} zero \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   243
         (st i \<and>* fam_conj sr (recse_map ks)) \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   244
        s1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   245
    apply (unfold IA_def fam_conj_disj_simp[OF h(2)])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   246
    apply (unfold eq_s)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   247
    by (insert eq_s(2), simp add: fam_conj_disj_simp[OF eq_s(2)] fam_conj_simps set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   248
  then obtain ks ia
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   249
    where "((fam_conj sr (recse_map ks) \<and>* st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   250
             reps 2 ia ks \<and>* fam_conj {ia<..} zero) \<and>* fam_conj s' (recse_map ks)) s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   251
    (is "(?PP \<and>* ?QQ) s1")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   252
    by (unfold pred_ex_def, auto simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   253
  then obtain ss1 ss2 where pres:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   254
        "s1 = ss1 + ss2" "ss1 ## ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   255
        "?PP ss1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   256
        "?QQ ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   257
    by (auto elim!:sep_conjE intro!:sep_conjI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   258
  from ia_disj.at_disj1 [OF `At i \<in> s`]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   259
  have at_fresh_s': "At ?e \<notin>  s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   260
  have at_fresh_sr: "At ?e \<notin> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   261
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   262
    assume at_in: "At ?e \<in> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   263
    from h(3)[unfolded IA_def fam_conj_disj_simp[OF h(2)]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   264
    have "TAt ?e \<in> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   265
      apply (elim EXS_elim1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   266
      apply (unfold eq_s fam_conj_disj_simp[OF eq_s(2), unfolded set_ins_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   267
             fam_conj_elm_simp[OF at_in])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   268
      apply (erule_tac sep_conjE, unfold set_ins_def)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   269
      by (auto simp:sep_conj_ac fam_conj_simps st_def sg_def tpn_set_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   270
    moreover from pres(1, 3) hh(1) have "TAt i \<in> trset_of cnf" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   271
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   272
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   273
      by (auto simp:st_def tpc_set_def sg_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   274
    ultimately have "i = ?e"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   275
      by (cases cnf, auto simp:tpn_set_def trset_of.simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   276
    from eq_s[unfolded this] at_in
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   277
    show "False" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   278
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   279
  from pres(3) and hh(2, 4, 5) pres(2, 4)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   280
  have pres1: "(?PP \<and>* i :[ ?code(?e)]: j \<and>*  (r \<and>* (fam_conj s' (recse_map ks))))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   281
         (trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   282
    apply (unfold hh(1) pres(1))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   283
    apply (rule sep_conjI[where x=ss1 and y = "ss2 + s2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   284
    apply (rule sep_conjI[where x="s2" and y = "ss2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   285
    apply (rule sep_conjI[where x="s3" and y = ss2], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   286
    by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   287
  (*****************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   288
  let ?ks_f = "\<lambda> sr ks. list_ext a ks[a := Suc v]"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   289
  let ?elm_f = "\<lambda> sr. {M a (Suc v)}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   290
  let ?idx_f = "\<lambda> sr ks ia. (ia + int (reps_len (list_ext a ks)) - int (reps_len ks) + 1)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   291
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   292
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   293
  from tm_hoare_inc2 [OF eq_s(3), unfolded tm.Hoare_gen_def, rule_format, OF pres1]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   294
  obtain k where "((fam_conj (?elm_f sr) (recse_map (?ks_f sr ks)) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   295
        st ?e \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   296
        ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   297
        zero 0 \<and>* zero 1 \<and>* reps 2 (?idx_f sr ks ia) (?ks_f sr ks) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   298
        fam_conj {?idx_f sr ks ia<..} zero) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   299
       i :[ ?code ?e ]: j \<and>* r \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   300
       (trset_of (sep_exec.run tstep (Suc k) cnf))" by blast
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   301
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   302
  moreover have "(pc ?e \<and>* ?Q) ({At ?e} \<union> ?elm_f sr)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   303
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   304
    have "pc ?e {At ?e}" by (simp add:pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   305
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   306
    moreover have "?Q (?elm_f sr)" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   307
      by (simp add:mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   308
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   309
    moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   310
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   311
    have "{At ?e} ## ?elm_f sr" by (simp add:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   312
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   313
    ultimately show ?thesis by (auto intro!:sep_conjI simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   314
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   315
  moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   316
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   317
  from ia_disj.m_disj1 `?P sr` `s = {At i} \<union> sr` 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   318
  have "?elm_f sr ## s'" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   319
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   320
  with at_fresh_s' 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   321
  have fresh_atm: "{At ?e} \<union> ?elm_f sr ## s'" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   322
  moreover have eq_map: "\<And> elm. elm \<in> s' \<Longrightarrow> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   323
                           (recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   324
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   325
    fix elm
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   326
    assume elm_in: "elm \<in> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   327
    show "(recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   328
    proof(cases elm)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   329
      (*******************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   330
      case (M a' v')
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   331
      from eq_s have "M a v \<in> s" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   332
      with elm_in ia_disj.m_disj1[OF this] M
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   333
      have "a \<noteq> a'" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   334
      thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   335
        apply (auto simp:M recse_map.simps pasrt_def list_ext_len)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   336
        apply (case_tac "a < length ks", auto simp:list_ext_len_eq list_ext_lt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   337
        apply (case_tac "a' < Suc a", auto simp:list_ext_len_eq list_ext_lt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   338
        by (metis (full_types) bot_nat_def 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   339
              leI le_trans less_Suc_eq_le list_ext_lt_get list_ext_tail set_zero_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   340
      (*-----------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   341
    qed auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   342
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   343
  ultimately show ?case 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   344
    apply (rule_tac x = k in exI, rule_tac x = "{At ?e} \<union> ?elm_f sr" in exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   345
    apply (unfold IA_def, intro condI, assumption+)
11
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   346
    apply (rule_tac x = "?ks_f sr ks" in tm.pred_exI)
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   347
    apply (rule_tac x = "?idx_f sr ks ia" in tm.pred_exI)
0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   348
    apply (unfold fam_conj_disj_simp[OF fresh_atm])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   349
    apply (auto simp:sep_conj_ac fam_conj_simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   350
    (***************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   351
    (* apply (unfold fam_conj_insert_simp [OF h_fresh1[OF at_fresh_sr]], simp) *)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   352
    (*-------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   353
    apply (sep_cancel)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   354
    by (simp add: fam_conj_ext_eq[where I = "s'", OF eq_map])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   355
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   356
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   357
lemma tm_hoare_dec_fail:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   358
  assumes "mm a 0 sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   359
  shows 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   360
  "\<lbrace> fam_conj sr (recse_map ks) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   361
    st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   362
       i:[ (Dec a e) ]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   363
   \<lbrace> fam_conj {M a 0} (recse_map (list_ext a ks[a := 0])) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   364
     st e \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   365
     ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   366
     zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   367
     zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   368
     reps 2 (ia + int (reps_len (list_ext a ks)) - int (reps_len ks)) (list_ext a ks[a := 0]) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   369
     fam_conj {ia + int (reps_len (list_ext a ks)) - int (reps_len ks) <..} zero\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   370
proof - 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   371
  from `mm a 0 sr` have eq_sr: "sr = {M a 0}" by (auto simp:mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   372
  { assume h: "a < length ks \<and> ks ! a = 0 \<or> length ks \<le> a"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   373
    from tm_hoare_dec_fail1[where u = 2, OF this]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   374
    have "\<lbrace>st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero\<rbrace>  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   375
                  i :[ Dec a e ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   376
          \<lbrace>st e \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   377
            reps 2 (ia + int (reps_len (list_ext a ks)) - int (reps_len ks)) (list_ext a ks[a := 0]) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   378
            fam_conj {ia + int (reps_len (list_ext a ks)) - int (reps_len ks)<..} zero\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   379
    by (simp)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   380
  }
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   381
  thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   382
    apply (unfold eq_sr)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   383
    apply (simp add:fam_conj_simps list_ext_get_upd list_ext_len)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   384
    by (rule tm.pre_condI, blast)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   385
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   386
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   387
lemma hoare_dec_fail: "IA. \<lbrace> pc i ** mm a 0 \<rbrace>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   388
                              i:[ (Dec a e) ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   389
                           \<lbrace> pc e ** mm a 0 \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   390
                      (is "IA. \<lbrace> pc i ** ?P \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   391
                                i:[ ?code ?e]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   392
                               \<lbrace> pc ?e ** ?Q\<rbrace>")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   393
proof(induct rule:tm.IHoareI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   394
  case (IPre s' s r cnf)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   395
  let ?cnf = "(trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   396
  from IPre
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   397
  have h: "(pc i \<and>* ?P) s" "(s ## s')" "(IA (s + s') \<and>* i :[ ?code(?e) ]: j \<and>* r) ?cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   398
    by (metis condD)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   399
  from h(1) obtain sr where
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   400
      eq_s: "s = {At i} \<union>  sr" "{At i} ##  sr" "?P sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   401
    by (auto dest!:sep_conjD simp:set_ins_def pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   402
  hence "At i \<in> s" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   403
  from h(3) obtain s1 s2 s3
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   404
    where hh: "?cnf = s1 + s2 + s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   405
              "s1 ## s2 \<and> s2 ## s3 \<and> s1 ## s3" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   406
              "IA (s + s') s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   407
              "(i :[ ?code ?e ]: j) s2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   408
              "r s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   409
    apply (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   410
    by (metis sep_add_commute sep_disj_addD1 sep_disj_addD2 sep_disj_commuteI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   411
  interpret ia_disj: IA_disjoint s s' s1 cnf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   412
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   413
    from `IA (s + s') s1` show "IA (s + s') s1" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   414
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   415
    from `s ## s'` show "s ## s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   416
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   417
    from hh(1) show "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   418
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   419
  from hh(1) have s1_belong: "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   420
  from hh(3)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   421
  have "(EXS ks ia.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   422
         ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   423
         zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   424
         zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   425
         reps 2 ia ks \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   426
         fam_conj {ia<..} zero \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   427
         (st i \<and>* fam_conj sr (recse_map ks)) \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   428
        s1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   429
    apply (unfold IA_def fam_conj_disj_simp[OF h(2)])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   430
    apply (unfold eq_s)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   431
    by (insert eq_s(2), simp add: fam_conj_disj_simp[OF eq_s(2)] fam_conj_simps set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   432
  then obtain ks ia
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   433
    where "((fam_conj sr (recse_map ks) \<and>* st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   434
             reps 2 ia ks \<and>* fam_conj {ia<..} zero) \<and>* fam_conj s' (recse_map ks)) s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   435
    (is "(?PP \<and>* ?QQ) s1")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   436
    by (unfold pred_ex_def, auto simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   437
  then obtain ss1 ss2 where pres:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   438
        "s1 = ss1 + ss2" "ss1 ## ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   439
        "?PP ss1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   440
        "?QQ ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   441
    by (auto elim!:sep_conjE intro!:sep_conjI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   442
  from ia_disj.at_disj1 [OF `At i \<in> s`]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   443
  have at_fresh_s': "At ?e \<notin>  s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   444
  have at_fresh_sr: "At ?e \<notin> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   445
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   446
    assume at_in: "At ?e \<in> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   447
    from h(3)[unfolded IA_def fam_conj_disj_simp[OF h(2)]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   448
    have "TAt ?e \<in> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   449
      apply (elim EXS_elim1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   450
      apply (unfold eq_s fam_conj_disj_simp[OF eq_s(2), unfolded set_ins_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   451
             fam_conj_elm_simp[OF at_in])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   452
      apply (erule_tac sep_conjE, unfold set_ins_def)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   453
      by (auto simp:sep_conj_ac fam_conj_simps st_def sg_def tpn_set_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   454
    moreover from pres(1, 3) hh(1) have "TAt i \<in> trset_of cnf" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   455
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   456
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   457
      by (auto simp:st_def tpc_set_def sg_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   458
    ultimately have "i = ?e"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   459
      by (cases cnf, auto simp:tpn_set_def trset_of.simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   460
    from eq_s[unfolded this] at_in
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   461
    show "False" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   462
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   463
  from pres(3) and hh(2, 4, 5) pres(2, 4)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   464
  have pres1: "(?PP \<and>* i :[ ?code(?e)]: j \<and>*  (r \<and>* (fam_conj s' (recse_map ks))))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   465
         (trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   466
    apply (unfold hh(1) pres(1))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   467
    apply (rule sep_conjI[where x=ss1 and y = "ss2 + s2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   468
    apply (rule sep_conjI[where x="s2" and y = "ss2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   469
    apply (rule sep_conjI[where x="s3" and y = ss2], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   470
    by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   471
  (*****************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   472
  let ?ks_f = "\<lambda> sr ks. list_ext a ks[a:=0]"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   473
  let ?elm_f = "\<lambda> sr. {M a 0}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   474
  let ?idx_f = "\<lambda> sr ks ia. (ia + int (reps_len (list_ext a ks)) - int (reps_len ks))"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   475
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   476
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   477
  from tm_hoare_dec_fail[OF `?P sr`, unfolded tm.Hoare_gen_def, rule_format, OF pres1]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   478
  obtain k where "((fam_conj (?elm_f sr) (recse_map (?ks_f sr ks)) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   479
        st ?e \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   480
        ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   481
        zero 0 \<and>* zero 1 \<and>* reps 2 (?idx_f sr ks ia) (?ks_f sr ks) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   482
        fam_conj {?idx_f sr ks ia<..} zero) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   483
       i :[ ?code ?e ]: j \<and>* r \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   484
       (trset_of (sep_exec.run tstep (Suc k) cnf))" by blast
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   485
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   486
  moreover have "(pc ?e \<and>* ?Q) ({At ?e} \<union> ?elm_f sr)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   487
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   488
    have "pc ?e {At ?e}" by (simp add:pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   489
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   490
    moreover have "?Q (?elm_f sr)" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   491
      by (simp add:mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   492
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   493
    moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   494
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   495
    have "{At ?e} ## ?elm_f sr" by (simp add:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   496
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   497
    ultimately show ?thesis by (auto intro!:sep_conjI simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   498
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   499
  moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   500
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   501
  from ia_disj.m_disj1 `?P sr` `s = {At i} \<union> sr` 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   502
  have "?elm_f sr ## s'" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   503
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   504
  with at_fresh_s' 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   505
  have fresh_atm: "{At ?e} \<union> ?elm_f sr ## s'" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   506
  moreover have eq_map: "\<And> elm. elm \<in> s' \<Longrightarrow> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   507
                           (recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   508
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   509
    fix elm
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   510
    assume elm_in: "elm \<in> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   511
    show "(recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   512
    proof(cases elm)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   513
      (*******************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   514
      case (M a' v')
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   515
      from eq_s have "M a 0 \<in> s" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   516
      with elm_in ia_disj.m_disj1[OF this] M
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   517
      have "a \<noteq> a'" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   518
      thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   519
        apply (auto simp:M recse_map.simps pasrt_def list_ext_len)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   520
        apply (case_tac "a < length ks", auto simp:list_ext_len_eq list_ext_lt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   521
        apply (case_tac "a' < Suc a", auto simp:list_ext_len_eq list_ext_lt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   522
        by (metis (full_types) bot_nat_def 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   523
              leI le_trans less_Suc_eq_le list_ext_lt_get list_ext_tail set_zero_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   524
      (*-----------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   525
    qed auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   526
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   527
  ultimately show ?case 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   528
    apply (rule_tac x = k in exI, rule_tac x = "{At ?e} \<union> ?elm_f sr" in exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   529
    apply (unfold IA_def, intro condI, assumption+)
11
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   530
    apply (rule_tac x = "?ks_f sr ks" in tm.pred_exI)
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   531
    apply (rule_tac x = "?idx_f sr ks ia" in tm.pred_exI)
0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   532
    apply (unfold fam_conj_disj_simp[OF fresh_atm])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   533
    apply (auto simp:sep_conj_ac fam_conj_simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   534
    (***************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   535
    (* apply (unfold fam_conj_insert_simp [OF h_fresh1[OF at_fresh_sr]], simp) *)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   536
    (*-------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   537
    apply (sep_cancel)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   538
    by (simp add: fam_conj_ext_eq[where I = "s'", OF eq_map])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   539
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   540
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   541
lemma hoare_dec_fail_gen[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   542
  assumes "v = 0"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   543
  shows 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   544
  "IA. \<lbrace> pc i ** mm a v \<rbrace>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   545
       i:[ (Dec a e) ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   546
       \<lbrace> pc e ** mm a v \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   547
  by (unfold assms, rule hoare_dec_fail)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   548
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   549
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   550
lemma tm_hoare_dec_suc2:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   551
  assumes "mm a (Suc v) sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   552
  shows "\<lbrace> fam_conj sr (recse_map ks) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   553
           st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero \<rbrace>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   554
             i:[(Dec a e)]:j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   555
         \<lbrace> fam_conj {M a v} (recse_map (list_ext a ks[a := v])) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   556
           st j \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   557
           ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   558
           zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   559
           zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   560
           reps 2 (ia  - 1) (list_ext a ks[a := v]) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   561
           fam_conj {ia  - 1<..} zero\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   562
proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   563
  from `mm a (Suc v) sr` have eq_sr: "sr = {M a (Suc v)}" by (auto simp:mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   564
  thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   565
    apply (unfold eq_sr)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   566
    apply (simp add:fam_conj_simps list_ext_get_upd list_ext_len)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   567
    apply (rule tm.pre_condI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   568
    by (drule tm_hoare_dec_suc1[where u = "2"], simp)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   569
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   570
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   571
lemma hoare_dec_suc2: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   572
  "IA. \<lbrace>(pc i \<and>* mm a (Suc v))\<rbrace>  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   573
          i :[ Dec a e ]: j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   574
       \<lbrace>pc j \<and>* mm a v\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   575
       (is "IA. \<lbrace> pc i ** ?P \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   576
                   i:[ ?code ?e]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   577
                \<lbrace> pc ?e ** ?Q\<rbrace>")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   578
proof(induct rule:tm.IHoareI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   579
  case (IPre s' s r cnf)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   580
  let ?cnf = "(trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   581
  from IPre
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   582
  have h: "(pc i \<and>* ?P) s" "(s ## s')" "(IA (s + s') \<and>* i :[ ?code(?e) ]: j \<and>* r) ?cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   583
    by (metis condD)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   584
  from h(1) obtain sr where
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   585
      eq_s: "s = {At i} \<union>  sr" "{At i} ##  sr" "?P sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   586
    by (auto dest!:sep_conjD simp:set_ins_def pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   587
  hence "At i \<in> s" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   588
  from h(3) obtain s1 s2 s3
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   589
    where hh: "?cnf = s1 + s2 + s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   590
              "s1 ## s2 \<and> s2 ## s3 \<and> s1 ## s3" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   591
              "IA (s + s') s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   592
              "(i :[ ?code ?e ]: j) s2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   593
              "r s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   594
    apply (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   595
    by (metis sep_add_commute sep_disj_addD1 sep_disj_addD2 sep_disj_commuteI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   596
  interpret ia_disj: IA_disjoint s s' s1 cnf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   597
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   598
    from `IA (s + s') s1` show "IA (s + s') s1" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   599
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   600
    from `s ## s'` show "s ## s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   601
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   602
    from hh(1) show "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   603
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   604
  from hh(1) have s1_belong: "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   605
  from hh(3)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   606
  have "(EXS ks ia.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   607
         ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   608
         zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   609
         zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   610
         reps 2 ia ks \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   611
         fam_conj {ia<..} zero \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   612
         (st i \<and>* fam_conj sr (recse_map ks)) \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   613
        s1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   614
    apply (unfold IA_def fam_conj_disj_simp[OF h(2)])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   615
    apply (unfold eq_s)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   616
    by (insert eq_s(2), simp add: fam_conj_disj_simp[OF eq_s(2)] fam_conj_simps set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   617
  then obtain ks ia
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   618
    where "((fam_conj sr (recse_map ks) \<and>* st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   619
             reps 2 ia ks \<and>* fam_conj {ia<..} zero) \<and>* fam_conj s' (recse_map ks)) s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   620
    (is "(?PP \<and>* ?QQ) s1")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   621
    by (unfold pred_ex_def, auto simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   622
  then obtain ss1 ss2 where pres:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   623
        "s1 = ss1 + ss2" "ss1 ## ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   624
        "?PP ss1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   625
        "?QQ ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   626
    by (auto elim!:sep_conjE intro!:sep_conjI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   627
  from ia_disj.at_disj1 [OF `At i \<in> s`]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   628
  have at_fresh_s': "At ?e \<notin>  s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   629
  have at_fresh_sr: "At ?e \<notin> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   630
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   631
    assume at_in: "At ?e \<in> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   632
    from h(3)[unfolded IA_def fam_conj_disj_simp[OF h(2)]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   633
    have "TAt ?e \<in> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   634
      apply (elim EXS_elim1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   635
      apply (unfold eq_s fam_conj_disj_simp[OF eq_s(2), unfolded set_ins_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   636
             fam_conj_elm_simp[OF at_in])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   637
      apply (erule_tac sep_conjE, unfold set_ins_def)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   638
      by (auto simp:sep_conj_ac fam_conj_simps st_def sg_def tpn_set_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   639
    moreover from pres(1, 3) hh(1) have "TAt i \<in> trset_of cnf" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   640
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   641
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   642
      by (auto simp:st_def tpc_set_def sg_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   643
    ultimately have "i = ?e"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   644
      by (cases cnf, auto simp:tpn_set_def trset_of.simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   645
    from eq_s[unfolded this] at_in
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   646
    show "False" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   647
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   648
  from pres(3) and hh(2, 4, 5) pres(2, 4)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   649
  have pres1: "(?PP \<and>* i :[ ?code(?e)]: j \<and>*  (r \<and>* (fam_conj s' (recse_map ks))))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   650
         (trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   651
    apply (unfold hh(1) pres(1))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   652
    apply (rule sep_conjI[where x=ss1 and y = "ss2 + s2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   653
    apply (rule sep_conjI[where x="s2" and y = "ss2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   654
    apply (rule sep_conjI[where x="s3" and y = ss2], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   655
    by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   656
  (*****************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   657
  let ?ks_f = "\<lambda> sr ks. list_ext a ks[a:=v]"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   658
  let ?elm_f = "\<lambda> sr. {M a v}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   659
  let ?idx_f = "\<lambda> sr ks ia. ia  - 1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   660
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   661
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   662
  from tm_hoare_dec_suc2[OF `?P sr`, unfolded tm.Hoare_gen_def, rule_format, OF pres1]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   663
  obtain k where "((fam_conj (?elm_f sr) (recse_map (?ks_f sr ks)) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   664
        st ?e \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   665
        ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   666
        zero 0 \<and>* zero 1 \<and>* reps 2 (?idx_f sr ks ia) (?ks_f sr ks) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   667
        fam_conj {?idx_f sr ks ia<..} zero) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   668
       i :[ ?code ?e ]: j \<and>* r \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   669
       (trset_of (sep_exec.run tstep (Suc k) cnf))" by blast
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   670
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   671
  moreover have "(pc ?e \<and>* ?Q) ({At ?e} \<union> ?elm_f sr)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   672
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   673
    have "pc ?e {At ?e}" by (simp add:pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   674
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   675
    moreover have "?Q (?elm_f sr)" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   676
      by (simp add:mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   677
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   678
    moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   679
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   680
    have "{At ?e} ## ?elm_f sr" by (simp add:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   681
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   682
    ultimately show ?thesis by (auto intro!:sep_conjI simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   683
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   684
  moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   685
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   686
  from ia_disj.m_disj1 `?P sr` `s = {At i} \<union> sr` 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   687
  have "?elm_f sr ## s'" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   688
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   689
  with at_fresh_s' 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   690
  have fresh_atm: "{At ?e} \<union> ?elm_f sr ## s'" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   691
  moreover have eq_map: "\<And> elm. elm \<in> s' \<Longrightarrow> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   692
                           (recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   693
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   694
    fix elm
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   695
    assume elm_in: "elm \<in> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   696
    show "(recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   697
    proof(cases elm)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   698
      (*******************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   699
      case (M a' v')
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   700
      from eq_s have "M a (Suc v) \<in> s" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   701
      with elm_in ia_disj.m_disj1[OF this] M
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   702
      have "a \<noteq> a'" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   703
      thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   704
        apply (auto simp:M recse_map.simps pasrt_def list_ext_len)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   705
        apply (case_tac "a < length ks", auto simp:list_ext_len_eq list_ext_lt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   706
        apply (case_tac "a' < Suc a", auto simp:list_ext_len_eq list_ext_lt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   707
        by (metis (full_types) bot_nat_def 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   708
              leI le_trans less_Suc_eq_le list_ext_lt_get list_ext_tail set_zero_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   709
      (*-----------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   710
    qed auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   711
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   712
  ultimately show ?case 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   713
    apply (rule_tac x = k in exI, rule_tac x = "{At ?e} \<union> ?elm_f sr" in exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   714
    apply (unfold IA_def, intro condI, assumption+)
11
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   715
    apply (rule_tac x = "?ks_f sr ks" in tm.pred_exI)
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   716
    apply (rule_tac x = "?idx_f sr ks ia" in tm.pred_exI)
0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   717
    apply (unfold fam_conj_disj_simp[OF fresh_atm])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   718
    apply (auto simp:sep_conj_ac fam_conj_simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   719
    (***************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   720
    (* apply (unfold fam_conj_insert_simp [OF h_fresh1[OF at_fresh_sr]], simp) *)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   721
    (*-------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   722
    apply (sep_cancel)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   723
    by (simp add: fam_conj_ext_eq[where I = "s'", OF eq_map])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   724
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   725
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   726
lemma hoare_dec_suc2_gen[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   727
  assumes "v > 0"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   728
  shows 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   729
  "IA. \<lbrace>pc i \<and>* mm a v\<rbrace>  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   730
          i :[ Dec a e ]: j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   731
       \<lbrace>pc j \<and>* mm a (v - 1)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   732
proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   733
  from assms obtain v' where "v = Suc v'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   734
    by (metis gr_implies_not0 nat.exhaust)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   735
  show ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   736
    apply (unfold `v = Suc v'`, simp)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   737
    by (rule hoare_dec_suc2)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   738
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   739
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   740
definition "Goto e = jmp e"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   741
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   742
lemma hoare_jmp_reps2:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   743
      "\<lbrace> st i \<and>* ps u \<and>* reps u v ks \<and>* tm (v + 1) x \<rbrace>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   744
                 i:[(jmp e)]:j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   745
       \<lbrace> st e \<and>* ps u \<and>* reps u v ks \<and>* tm (v + 1) x \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   746
proof(cases "ks")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   747
  case Nil
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   748
  thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   749
    by (simp add:sep_conj_cond reps.simps, intro tm.pre_condI, simp, hsteps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   750
next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   751
  case (Cons k ks')
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   752
  thus ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   753
  proof(cases "ks' = []")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   754
    case True with Cons
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   755
    show ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   756
      apply(simp add:sep_conj_cond reps.simps, intro tm.pre_condI, simp add:ones_simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   757
      by (hgoto hoare_jmp[where p = u])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   758
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   759
    case False
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   760
    show ?thesis
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   761
      apply (unfold `ks = k#ks'` reps_simp3[OF False], simp add:ones_simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   762
      by (hgoto hoare_jmp[where p = u])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   763
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   764
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   765
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   766
lemma tm_hoare_goto_pre: (* ccc *)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   767
  assumes "(<True>) sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   768
  shows "\<lbrace> fam_conj sr (recse_map ks) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   769
           st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero \<rbrace>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   770
             i:[(Goto e)]:j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   771
         \<lbrace> fam_conj {} (recse_map ks) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   772
           st e \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>* reps 2 ia ks \<and>* fam_conj {ia<..} zero \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   773
  apply (unfold Goto_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   774
  apply (subst (1 2) fam_conj_interv_simp)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   775
  apply (unfold zero_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   776
  apply (hstep hoare_jmp_reps2)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   777
  apply (simp add:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   778
  my_block
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   779
    from assms have "sr = {}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   780
      by (simp add:pasrt_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   781
  my_block_end
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   782
  by (unfold this, sep_cancel+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   783
  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   784
lemma hoare_goto_pre: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   785
  "IA. \<lbrace> pc i \<and>* <True> \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   786
        i:[ (Goto e) ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   787
       \<lbrace> pc e \<and>* <True> \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   788
  (is "IA. \<lbrace> pc i ** ?P \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   789
              i:[ ?code ?e]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   790
           \<lbrace> pc ?e ** ?Q\<rbrace>")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   791
proof(induct rule:tm.IHoareI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   792
  case (IPre s' s r cnf)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   793
  let ?cnf = "(trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   794
  from IPre
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   795
  have h: "(pc i \<and>* ?P) s" "(s ## s')" "(IA (s + s') \<and>* i :[ ?code(?e) ]: j \<and>* r) ?cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   796
    by (metis condD)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   797
  from h(1) obtain sr where
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   798
      eq_s: "s = {At i} \<union>  sr" "{At i} ##  sr" "?P sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   799
    by (auto dest!:sep_conjD simp:set_ins_def pc_def sg_def pasrt_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   800
  hence "At i \<in> s" by auto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   801
  from h(3) obtain s1 s2 s3
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   802
    where hh: "?cnf = s1 + s2 + s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   803
              "s1 ## s2 \<and> s2 ## s3 \<and> s1 ## s3" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   804
              "IA (s + s') s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   805
              "(i :[ ?code ?e ]: j) s2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   806
              "r s3"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   807
    apply (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   808
    by (metis sep_add_commute sep_disj_addD1 sep_disj_addD2 sep_disj_commuteI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   809
  interpret ia_disj: IA_disjoint s s' s1 cnf
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   810
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   811
    from `IA (s + s') s1` show "IA (s + s') s1" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   812
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   813
    from `s ## s'` show "s ## s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   814
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   815
    from hh(1) show "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   816
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   817
  from hh(1) have s1_belong: "s1 \<subseteq> ?cnf" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   818
  from hh(3)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   819
  have "(EXS ks ia.
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   820
         ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   821
         zero 0 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   822
         zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   823
         reps 2 ia ks \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   824
         fam_conj {ia<..} zero \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   825
         (st i \<and>* fam_conj sr (recse_map ks)) \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   826
        s1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   827
    apply (unfold IA_def fam_conj_disj_simp[OF h(2)])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   828
    apply (unfold eq_s)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   829
    by (insert eq_s(2), simp add: fam_conj_disj_simp[OF eq_s(2)] fam_conj_simps set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   830
  then obtain ks ia
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   831
    where "((fam_conj sr (recse_map ks) \<and>* st i \<and>* ps 2 \<and>* zero 0 \<and>* zero 1 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   832
             reps 2 ia ks \<and>* fam_conj {ia<..} zero) \<and>* fam_conj s' (recse_map ks)) s1" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   833
    (is "(?PP \<and>* ?QQ) s1")
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   834
    by (unfold pred_ex_def, auto simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   835
  then obtain ss1 ss2 where pres:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   836
        "s1 = ss1 + ss2" "ss1 ## ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   837
        "?PP ss1"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   838
        "?QQ ss2"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   839
    by (auto elim!:sep_conjE intro!:sep_conjI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   840
  from ia_disj.at_disj1 [OF `At i \<in> s`]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   841
  have at_fresh_s': "At ?e \<notin>  s'" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   842
  have at_fresh_sr: "At ?e \<notin> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   843
  proof
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   844
    assume at_in: "At ?e \<in> sr"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   845
    from h(3)[unfolded IA_def fam_conj_disj_simp[OF h(2)]]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   846
    have "TAt ?e \<in> trset_of cnf"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   847
      apply (elim EXS_elim1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   848
      apply (unfold eq_s fam_conj_disj_simp[OF eq_s(2), unfolded set_ins_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   849
             fam_conj_elm_simp[OF at_in])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   850
      apply (erule_tac sep_conjE, unfold set_ins_def)+
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   851
      by (auto simp:sep_conj_ac fam_conj_simps st_def sg_def tpn_set_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   852
    moreover from pres(1, 3) hh(1) have "TAt i \<in> trset_of cnf" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   853
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   854
      apply(erule_tac sep_conjE)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   855
      by (auto simp:st_def tpc_set_def sg_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   856
    ultimately have "i = ?e"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   857
      by (cases cnf, auto simp:tpn_set_def trset_of.simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   858
    from eq_s[unfolded this] at_in
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   859
    show "False" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   860
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   861
  from pres(3) and hh(2, 4, 5) pres(2, 4)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   862
  have pres1: "(?PP \<and>* i :[ ?code(?e)]: j \<and>*  (r \<and>* (fam_conj s' (recse_map ks))))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   863
         (trset_of cnf)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   864
    apply (unfold hh(1) pres(1))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   865
    apply (rule sep_conjI[where x=ss1 and y = "ss2 + s2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   866
    apply (rule sep_conjI[where x="s2" and y = "ss2 + s3"], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   867
    apply (rule sep_conjI[where x="s3" and y = ss2], assumption+)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   868
    by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   869
  (*****************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   870
  let ?ks_f = "\<lambda> sr ks. ks"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   871
  let ?elm_f = "\<lambda> sr. {}"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   872
  let ?idx_f = "\<lambda> sr ks ia. ia"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   873
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   874
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   875
  from tm_hoare_goto_pre[OF `?P sr`, unfolded tm.Hoare_gen_def, rule_format, OF pres1]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   876
  obtain k where "((fam_conj (?elm_f sr) (recse_map (?ks_f sr ks)) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   877
        st ?e \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   878
        ps 2 \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   879
        zero 0 \<and>* zero 1 \<and>* reps 2 (?idx_f sr ks ia) (?ks_f sr ks) \<and>* 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   880
        fam_conj {?idx_f sr ks ia<..} zero) \<and>*
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   881
       i :[ ?code ?e ]: j \<and>* r \<and>* fam_conj s' (recse_map ks))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   882
       (trset_of (sep_exec.run tstep (Suc k) cnf))" by blast
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   883
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   884
  moreover have "(pc ?e \<and>* ?Q) ({At ?e} \<union> ?elm_f sr)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   885
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   886
    have "pc ?e {At ?e}" by (simp add:pc_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   887
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   888
    moreover have "?Q (?elm_f sr)" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   889
     by (simp add:pasrt_def set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   890
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   891
    moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   892
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   893
    have "{At ?e} ## ?elm_f sr" by (simp add:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   894
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   895
    ultimately show ?thesis by (auto intro!:sep_conjI simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   896
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   897
  moreover 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   898
  (******************************************************************************)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   899
  from ia_disj.m_disj1 `?P sr` `s = {At i} \<union> sr` 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   900
  have "?elm_f sr ## s'" by (auto simp:set_ins_def mm_def sg_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   901
  (*----------------------------------------------------------------------------*)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   902
  with at_fresh_s' 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   903
  have fresh_atm: "{At ?e} \<union> ?elm_f sr ## s'" by (auto simp:set_ins_def)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   904
  moreover have eq_map: "\<And> elm. elm \<in> s' \<Longrightarrow> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   905
                           (recse_map ks elm) = (recse_map (?ks_f sr ks) elm)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   906
  proof -
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   907
    fix elm
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   908
    assume elm_in: "elm \<in> s'"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   909
    show "(recse_map ks elm) = (recse_map (?ks_f sr ks) elm)" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   910
      by simp
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   911
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   912
  ultimately show ?case 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   913
    apply (rule_tac x = k in exI, rule_tac x = "{At ?e} \<union> ?elm_f sr" in exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   914
    apply (unfold IA_def, intro condI, assumption+)
11
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   915
    apply (rule_tac x = "?ks_f sr ks" in tm.pred_exI)
f8b2bf858caf moved some lemmas
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 0
diff changeset
   916
    apply (rule_tac x = "?idx_f sr ks ia" in tm.pred_exI)
0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   917
    apply (unfold fam_conj_disj_simp[OF fresh_atm])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   918
    by (auto simp:sep_conj_ac fam_conj_simps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   919
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   920
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   921
lemma hoare_goto[step]: "IA. \<lbrace> pc i \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   922
                          i:[ (Goto e) ]:j   
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   923
                       \<lbrace> pc e \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   924
proof(rule tm.I_hoare_adjust [OF hoare_goto_pre])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   925
  fix s assume "pc i s" thus "(pc i \<and>* <True>) s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   926
    by (metis cond_true_eq2)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   927
next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   928
  fix s assume "(pc e \<and>* <True>) s" thus "pc e s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   929
    by (metis cond_true_eq2)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   930
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   931
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   932
lemma I_hoare_sequence: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   933
  assumes h1: "\<And> i j. I. \<lbrace>pc i ** p\<rbrace> i:[c1]:j \<lbrace>pc j ** q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   934
  and h2: "\<And> j k. I. \<lbrace>pc j ** q\<rbrace> j:[c2]:k \<lbrace>pc k ** r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   935
  shows "I. \<lbrace>pc i ** p\<rbrace> i:[(c1 ; c2)]:k \<lbrace>pc k ** r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   936
proof(unfold tassemble_to.simps, intro tm.I_code_exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   937
  fix j'
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   938
  show "I.\<lbrace>pc i \<and>* p\<rbrace>  i :[ c1 ]: j' \<and>* j' :[ c2 ]: k \<lbrace>pc k \<and>* r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   939
  proof(rule tm.I_sequencing)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   940
    from tm.I_code_extension[OF h1 [of i j'], of" j' :[ c2 ]: k"]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   941
    show "I.\<lbrace>pc i \<and>* p\<rbrace>  i :[ c1 ]: j' \<and>* j' :[ c2 ]: k \<lbrace>pc j' \<and>* q\<rbrace>" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   942
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   943
    from tm.I_code_extension[OF h2 [of j' k], of" i :[ c1 ]: j'"]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   944
    show "I.\<lbrace>pc j' \<and>* q\<rbrace>  i :[ c1 ]: j' \<and>* j' :[ c2 ]: k \<lbrace>pc k \<and>* r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   945
      by (auto simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   946
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   947
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   948
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   949
lemma I_hoare_seq1:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   950
  assumes h1: "\<And>j'. I. \<lbrace>pc i ** p\<rbrace> i:[c1]:j' \<lbrace>pc j' ** q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   951
  and h2: "\<And>j' . I. \<lbrace>pc j' ** q\<rbrace> j':[c2]:k \<lbrace>pc k' ** r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   952
  shows "I. \<lbrace>pc i ** p\<rbrace> i:[(c1 ; c2)]:k \<lbrace>pc k' ** r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   953
proof(unfold tassemble_to.simps, intro tm.I_code_exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   954
  fix j'
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   955
  show "I.\<lbrace>pc i \<and>* p\<rbrace>  i :[ c1 ]: j' \<and>* j' :[ c2 ]: k \<lbrace>pc k' \<and>* r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   956
  proof(rule tm.I_sequencing)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   957
    from tm.I_code_extension[OF h1 [of j'], of "j' :[ c2 ]: k "]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   958
    show "I.\<lbrace>pc i \<and>* p\<rbrace>  i :[ c1 ]: j' \<and>* j' :[ c2 ]: k \<lbrace>pc j' \<and>* q\<rbrace>" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   959
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   960
    from tm.I_code_extension[OF h2 [of j'], of" i :[ c1 ]: j'"]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   961
    show "I.\<lbrace>pc j' \<and>* q\<rbrace>  i :[ c1 ]: j' \<and>* j' :[ c2 ]: k \<lbrace>pc k' \<and>* r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   962
      by (auto simp:sep_conj_ac)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   963
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   964
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   965
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   966
lemma t_hoare_local1: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   967
  "(\<And>l. \<lbrace>p\<rbrace>  i :[ c l ]: j \<lbrace>q\<rbrace>) \<Longrightarrow>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   968
    \<lbrace>p\<rbrace> i:[TLocal c]:j \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   969
by (unfold tassemble_to.simps, rule tm.code_exI, auto)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   970
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   971
lemma I_hoare_local:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   972
  assumes h: "(\<And>l. I.\<lbrace>pc i \<and>* p\<rbrace>  i :[ c l ]: j \<lbrace>pc k \<and>* q\<rbrace>)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   973
  shows "I. \<lbrace>pc i ** p\<rbrace> i:[TLocal c]:j \<lbrace>pc k ** q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   974
proof(unfold tassemble_to.simps, rule tm.I_code_exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   975
  fix l
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   976
  from h[of l]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   977
  show " I.\<lbrace>pc i \<and>* p\<rbrace>  i :[ c l ]: j \<lbrace>pc k \<and>* q\<rbrace>" .
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   978
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   979
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   980
lemma t_hoare_label1: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   981
      "(\<And>l. l = i \<Longrightarrow> \<lbrace>p\<rbrace>  l :[ c l ]: j \<lbrace>q\<rbrace>) \<Longrightarrow>
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   982
             \<lbrace>p \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   983
               i:[(TLabel l; c l)]:j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   984
             \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   985
by (unfold tassemble_to.simps, intro tm.code_exI tm.code_condI, clarify, auto)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   986
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   987
lemma I_hoare_label: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   988
  assumes h:"\<And>l. l = i \<Longrightarrow> I. \<lbrace>pc l \<and>* p\<rbrace>  l :[ c l ]: j \<lbrace>pc k \<and>* q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   989
  shows "I. \<lbrace>pc i \<and>* p \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   990
               i:[(TLabel l; c l)]:j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   991
             \<lbrace>pc k \<and>* q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   992
proof(unfold tm.IHoare_def, default)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   993
  fix s'
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   994
  show " \<lbrace>EXS s. <(pc i \<and>* p) s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>  i :[ (TLabel l ; c l) ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   995
         \<lbrace>EXS s. <(pc k \<and>* q) s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   996
  proof(rule t_hoare_label1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   997
    fix l assume "l = i"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   998
    from h[OF this, unfolded tm.IHoare_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   999
    show "\<lbrace>EXS s. <(pc i \<and>* p) s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>  l :[ c l ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1000
          \<lbrace>EXS s. <(pc k \<and>* q) s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>" 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1001
      by (simp add:`l = i`)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1002
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1003
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1004
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1005
lemma I_hoare_label_last: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1006
  assumes h1: "t_last_cmd c = Some (TLabel l)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1007
  and h2: "l = j \<Longrightarrow> I. \<lbrace>p\<rbrace> i:[t_blast_cmd c]:j \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1008
  shows "I. \<lbrace>p\<rbrace> i:[c]:j \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1009
proof(unfold tm.IHoare_def, default)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1010
  fix s'
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1011
  show "\<lbrace>EXS s. <p s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>  i :[ c ]: j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1012
        \<lbrace>EXS s. <q s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1013
  proof(rule t_hoare_label_last[OF h1])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1014
    assume "l = j"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1015
    from h2[OF this, unfolded tm.IHoare_def]
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1016
    show "\<lbrace>EXS s. <p s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>  i :[ t_blast_cmd c ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1017
          \<lbrace>EXS s. <q s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1018
      by fast
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1019
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1020
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1021
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1022
lemma I_hoare_seq2:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1023
 assumes h: "\<And>j'. I. \<lbrace>pc i ** p\<rbrace> i:[c1]:j' \<lbrace>pc k' \<and>* r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1024
 shows "I. \<lbrace>pc i ** p\<rbrace> i:[(c1 ; c2)]:j \<lbrace>pc k' ** r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1025
  apply (unfold tassemble_to.simps, intro tm.I_code_exI)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1026
  apply (unfold tm.IHoare_def, default)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1027
  apply (rule tm.code_extension)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1028
  by (rule h[unfolded tm.IHoare_def, rule_format])
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1029
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1030
lemma IA_pre_stren:
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1031
  assumes h1: "IA. \<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1032
  and h2:  "\<And>s. r s \<Longrightarrow> p s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1033
  shows "IA. \<lbrace>r\<rbrace> c \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1034
  by (rule tm.I_pre_stren[OF assms], simp)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1035
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1036
lemma IA_post_weaken: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1037
  assumes h1: "IA. \<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1038
    and h2: "\<And> s. q s \<Longrightarrow> r s"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1039
  shows "IA. \<lbrace>p\<rbrace> c \<lbrace>r\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1040
  by (rule tm.I_post_weaken[OF assms], simp)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1041
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1042
section {* Making triple processor for IA *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1043
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1044
ML {* (* Functions specific to Hoare triple: IA {P} c {Q} *)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1045
  fun get_pre ctxt t = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1046
    let val pat = term_of @{cpat "IA. \<lbrace>?P\<rbrace> ?c \<lbrace>?Q\<rbrace>"} 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1047
        val env = match ctxt pat t 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1048
    in inst env (term_of @{cpat "?P::aresource set \<Rightarrow> bool"}) end
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1049
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1050
  fun can_process ctxt t = ((get_pre ctxt t; true) handle _ => false)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1051
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1052
  fun get_post ctxt t = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1053
    let val pat = term_of @{cpat "IA. \<lbrace>?P\<rbrace> ?c \<lbrace>?Q\<rbrace>"} 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1054
        val env = match ctxt pat t 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1055
    in inst env (term_of @{cpat "?Q::aresource set \<Rightarrow> bool"}) end;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1056
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1057
  fun get_mid ctxt t = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1058
    let val pat = term_of @{cpat "IA. \<lbrace>?P\<rbrace> ?c \<lbrace>?Q\<rbrace>"} 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1059
        val env = match ctxt pat t 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1060
    in inst env (term_of @{cpat "?c::tresource set \<Rightarrow> bool"}) end;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1061
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1062
  fun is_pc_term (Const (@{const_name pc}, _) $ _) = true
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1063
    | is_pc_term _ = false
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1064
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1065
  fun mk_pc_term x =
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1066
     Const (@{const_name pc}, @{typ "nat \<Rightarrow> aresource set \<Rightarrow> bool"}) $ Free (x, @{typ "nat"})
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1067
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1068
  val sconj_term = term_of @{cterm "sep_conj::assert \<Rightarrow> assert \<Rightarrow> assert"}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1069
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1070
  val abc_triple = {binding = @{binding "abc_triple"}, 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1071
                   can_process = can_process,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1072
                   get_pre = get_pre,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1073
                   get_mid = get_mid,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1074
                   get_post = get_post,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1075
                   is_pc_term = is_pc_term,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1076
                   mk_pc_term = mk_pc_term,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1077
                   sconj_term = sconj_term,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1078
                   sep_conj_ac_tac = sep_conj_ac_tac,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1079
                   hoare_seq1 = @{thm I_hoare_seq1},
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1080
                   hoare_seq2 = @{thm I_hoare_seq2},
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1081
                   pre_stren = @{thm IA_pre_stren},
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1082
                   post_weaken = @{thm IA_post_weaken},
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1083
                   frame_rule = @{thm tm.I_frame_rule}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1084
                  }:HoareTriple
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1085
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1086
  val _ = (HoareTriples_get ()) |> (fn orig => HoareTriples_store (abc_triple::orig))
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1087
*}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1088
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1089
section {* Example proofs *}
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1090
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1091
definition "clear a = (TL start exit. TLabel start; Dec a exit; Goto start; TLabel exit)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1092
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1093
lemma hoare_clear[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1094
  "IA. \<lbrace>pc i ** mm a v\<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1095
         i:[clear a]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1096
       \<lbrace>pc j ** mm a 0\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1097
proof(unfold clear_def, intro I_hoare_local I_hoare_label, simp,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1098
      rule I_hoare_label_last, simp+, prune)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1099
  show "IA.\<lbrace>pc i \<and>* mm a v\<rbrace>  i :[ (Dec a j ; Goto i) ]: j \<lbrace>pc j \<and>* mm a 0\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1100
  proof(induct v)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1101
    case 0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1102
    show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1103
      by hgoto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1104
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1105
    case (Suc v)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1106
    show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1107
      apply (rule_tac Q = "pc i \<and>* mm a v" in tm.I_sequencing)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1108
      by hsteps
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1109
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1110
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1111
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1112
definition "dup a b c = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1113
       (TL start exit. TLabel start; Dec a exit; Inc b; Inc c; Goto start; TLabel exit)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1114
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1115
lemma hoare_dup[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1116
        "IA. \<lbrace>pc i ** mm a va ** mm b vb ** mm c vc \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1117
                  i:[dup a b c]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1118
             \<lbrace>pc j ** mm a 0 ** mm b (va + vb) ** mm c (va + vc)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1119
proof(unfold dup_def, intro I_hoare_local I_hoare_label, clarsimp,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1120
     rule I_hoare_label_last, simp+, prune)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1121
  show "IA. \<lbrace>pc i \<and>* mm a va \<and>* mm b vb \<and>* mm c vc\<rbrace>  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1122
               i :[ (Dec a j ; Inc b ; Inc c ; Goto i) ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1123
            \<lbrace>pc j \<and>* mm a 0 \<and>* mm b (va + vb) \<and>* mm c (va + vc)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1124
  proof(induct va arbitrary: vb vc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1125
    case (0 vb vc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1126
    show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1127
      by hgoto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1128
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1129
    case (Suc va vb vc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1130
    show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1131
      apply (rule_tac Q = "pc i \<and>* mm a va \<and>* mm b (Suc vb) \<and>* mm c (Suc vc)" in tm.I_sequencing)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1132
      by (hsteps Suc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1133
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1134
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1135
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1136
definition "clear_add a b = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1137
               (TL start exit. TLabel start; Dec a exit; Inc b; Goto start; TLabel exit)"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1138
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1139
lemma hoare_clear_add[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1140
                 "IA. \<lbrace>pc i ** mm a va ** mm b vb \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1141
                          i:[clear_add a b]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1142
                      \<lbrace>pc j ** mm a 0 ** mm b (va + vb)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1143
proof(unfold clear_add_def, intro I_hoare_local I_hoare_label, clarsimp,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1144
      rule I_hoare_label_last, simp+, prune)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1145
  show "IA. \<lbrace>pc i \<and>* mm a va \<and>* mm b vb\<rbrace>  
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1146
               i :[ (Dec a j ; Inc b ; Goto i) ]: j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1147
            \<lbrace>pc j \<and>* mm a 0 \<and>* mm b (va + vb)\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1148
  proof(induct va arbitrary: vb)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1149
    case 0
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1150
    show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1151
      by hgoto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1152
  next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1153
    case (Suc va vb)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1154
    show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1155
      apply (rule_tac Q = "pc i \<and>* mm a va \<and>* mm b (Suc vb)" in tm.I_sequencing)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1156
      by (hsteps Suc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1157
  qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1158
qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1159
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1160
definition "copy_to a b c = clear b; clear c; dup a b c; clear_add c a"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1161
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1162
lemma hoare_copy_to[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1163
    "IA. \<lbrace>pc i ** mm a va ** mm b vb ** mm c vc \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1164
               i:[copy_to a b c]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1165
         \<lbrace>pc j ** mm a va ** mm b va ** mm c 0\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1166
  by (unfold copy_to_def, hsteps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1167
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1168
definition "preserve_add a b c = clear c; dup a b c; clear_add c a"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1169
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1170
lemma hoare_preserve_add[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1171
    "IA. \<lbrace>pc i ** mm a va ** mm b vb ** mm c vc \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1172
              i:[preserve_add a b c]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1173
         \<lbrace>pc j ** mm a va ** mm b (va + vb) ** mm c 0\<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1174
  by (unfold preserve_add_def, hsteps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1175
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1176
definition "mult a b c t1 t2 = 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1177
                clear c;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1178
                copy_to a t2 t1; 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1179
                (TL start exit. 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1180
                    TLabel start;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1181
                    Dec a exit;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1182
                    preserve_add b c t1;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1183
                    Goto start;
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1184
                    TLabel exit
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1185
                );
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1186
                clear_add t2 a"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1187
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1188
lemma hoare_mult[step]: 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1189
    "IA. \<lbrace>pc i ** mm a va ** mm b vb ** mm c vc ** mm t1 vt1 ** mm t2 vt2 \<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1190
                         i:[mult a b c t1 t2]:j 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1191
         \<lbrace>pc j ** mm a va ** mm b vb ** mm c (va * vb) ** mm t1 0 ** mm t2 0 \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1192
  apply (unfold mult_def, hsteps)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1193
  apply (rule_tac q = "mm a 0 \<and>* mm b vb \<and>* mm c (va * vb) \<and>* mm t1 0 \<and>* mm t2 va" in I_hoare_seq1)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1194
  apply (intro I_hoare_local I_hoare_label, clarify,
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1195
      rule I_hoare_label_last, simp+, clarify, prune)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1196
  my_block
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1197
  fix i j vc
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1198
    have "IA. \<lbrace>pc i \<and>* mm a va \<and>* mm t1 0 \<and>* mm c vc \<and>* mm b vb\<rbrace> 
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1199
               i :[ (Dec a j ; preserve_add b c t1 ; Goto i) ]: j
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1200
              \<lbrace>pc j \<and>* mm a 0 \<and>* mm b vb \<and>* mm c (va * vb + vc) \<and>* mm t1 0 \<rbrace>"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1201
    proof(induct va arbitrary:vc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1202
      case (0 vc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1203
      show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1204
        by hgoto
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1205
    next
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1206
      case (Suc va vc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1207
      show ?case
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1208
        apply (rule_tac Q = "pc i \<and>* mm a va \<and>* mm t1 0 \<and>* mm c (vb + vc) \<and>* mm b vb"
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1209
                in tm.I_sequencing)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1210
        apply (hsteps Suc)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1211
        by (sep_cancel+, simp, smt)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1212
    qed
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1213
  my_block_end
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1214
  by (hsteps this)
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1215
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1216
end
1378b654acde initial commit for Isabelle 2013-1
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1217