tm2: comparison thys/Hoare

equal deleted inserted replaced

-:dcbf7888a070
+:b88fc9da1970
 ML {*
 fun pretty_terms ctxt trms =
 Pretty.block (Pretty.commas (map (Syntax.pretty_term ctxt) trms))
 *}
-lemma int_add_C :"x + (y::int) = y + x"
-by simp
-lemma int_add_A : "(x + y) + z = x + (y + (z::int))"
-by simp
-lemma int_add_LC: "x + (y + (z::int)) = y + (x + z)"
-by simp
-lemmas int_add_ac = int_add_A int_add_C int_add_LC
-method_setup prune =
-{* Scan.succeed (SIMPLE_METHOD' o (K (K prune_params_tac))) *}
-"pruning parameters"
 ML {*
 structure StepRules = Named_Thms
 (val name = @{binding "step"}
 val description = "Theorems for hoare rules for every step")
 setup {* StepRules.setup *}
 setup {* FwdRules.setup *}
+method_setup prune =
+{* Scan.succeed (SIMPLE_METHOD' o (K (K prune_params_tac))) *}
+"pruning parameters"
+lemma int_add_C :"x + (y::int) = y + x"
+by simp
+lemma int_add_A : "(x + y) + z = x + (y + (z::int))"
+by simp
+lemma int_add_LC: "x + (y + (z::int)) = y + (x + z)"
+by simp
+lemmas int_add_ac = int_add_A int_add_C int_add_LC
 section {* Operational Semantics of TM *}
 datatype taction = W0 | W1 | L | R
 type_synonym tstate = nat
 datatype Block = Oc | Bk
 type_synonym tconf = "nat \<times> (nat \<rightharpoonup> tm_inst) \<times> nat \<times> int \<times> (int \<rightharpoonup> Block)"
-fun next_tape :: "taction \<Rightarrow> (int \<times>  (int \<rightharpoonup> Block)) \<Rightarrow> (int \<times>  (int \<rightharpoonup> Block))"
+fun
-where "next_tape W0 (pos, m) = (pos, m(pos \<mapsto> Bk))" |
+next_tape :: "taction \<Rightarrow> (int \<times>  (int \<rightharpoonup> Block)) \<Rightarrow> (int \<times>  (int \<rightharpoonup> Block))"
-"next_tape W1 (pos, m) = (pos, m(pos \<mapsto> Oc))" |
+where
-"next_tape L  (pos, m) = (pos - 1, m)" |
+"next_tape W0 (pos, m) = (pos, m(pos \<mapsto> Bk))" |
-"next_tape R  (pos, m) = (pos + 1, m)"
+"next_tape W1 (pos, m) = (pos, m(pos \<mapsto> Oc))" |
+"next_tape L  (pos, m) = (pos - 1, m)" |
+"next_tape R  (pos, m) = (pos + 1, m)"
 fun tstep :: "tconf \<Rightarrow> tconf"
 where "tstep (faults, prog, pc, pos, m) =
 (case (prog pc) of
 Some ((action0, pc0), (action1, pc1)) \<Rightarrow>
 m pos = None \<longrightarrow> P (faults + 1, prog, pc, pos, m)) \<and>
 (\<forall> faults prog pc pos m .
 s =  (faults, prog, pc, pos, m) \<longrightarrow>
 prog pc  = None \<longrightarrow> P (faults + 1, prog, pc, pos, m))
 )"
-by (case_tac s, auto split:option.splits Block.splits)
+by (cases s) (auto split: option.splits Block.splits)
 datatype tresource =
 TM int Block
 | TC nat tm_inst
 | TAt nat
 fun trset_of :: "tconf \<Rightarrow> tresource set"
 where "trset_of (faults, prog, pc, pos, m) =
 tprog_set prog \<union> tpc_set pc \<union> tpos_set pos \<union> tmem_set m \<union> tfaults_set faults"
 interpretation tm: sep_exec tstep trset_of .
 section {* Assembly language for TMs and its program logic *}
 subsection {* The assembly language *}
 by simp
 from t_hoare_label_last_pre[OF this[unfolded h1]] h2
 show ?thesis by auto
 qed
 subsection {* Basic assertions for TM *}
+(* ones between tape position i and j *)
 function ones :: "int \<Rightarrow> int \<Rightarrow> tassert" where
-"ones i j = (if j < i then <(i = j + 1)> else
+"ones i j = (if j < i then <(i = j + 1)>
-(one i) ** ones (i + 1) j)"
+else (one i) \<and>* ones (i + 1) j)"
 by auto
-termination by (relation "measure(\<lambda> (i::int, j). nat (j - i + 1))") auto
+termination
-lemma ones_base_simp: "j < i \<Longrightarrow> ones i j = <(i = j + 1)>"
+by (relation "measure(\<lambda> (i::int, j). nat (j - i + 1))") auto
+lemma ones_base_simp:
+"j < i \<Longrightarrow> ones i j = <(i = j + 1)>"
 by simp
-lemma ones_step_simp: "\<not> j < i \<Longrightarrow> ones i j =  ((one i) ** ones (i + 1) j)"
+lemma ones_step_simp:
+"\<not> j < i \<Longrightarrow> ones i j =  ((one i) \<and>* ones (i + 1) j)"
 by simp
 lemmas ones_simps = ones_base_simp ones_step_simp
 declare ones.simps [simp del] ones_simps [simp]
 lemma ones_induct [case_names Base Step]:
-fixes P i j
 assumes h1: "\<And> i j. j < i \<Longrightarrow> P i j (<(i = j + (1::int))>)"
-and h2: "\<And> i j. \<lbrakk>\<not> j < i; P (i + 1) j (ones (i + 1) j)\<rbrakk> \<Longrightarrow> P i j ((one i) ** ones (i + 1) j)"
+and h2: "\<And> i j. \<lbrakk>\<not> j < i; P (i + 1) j (ones (i + 1) j)\<rbrakk> \<Longrightarrow> P i j ((one i) \<and>* ones (i + 1) j)"
 shows "P i j (ones i j)"
 proof(induct i j rule:ones.induct)
 fix i j
 assume ih: "(\<not> j < i \<Longrightarrow> P (i + 1) j (ones (i + 1) j))"
 show "P i j (ones i j)"
 with False show ?thesis by auto
 qed
 qed
 function ones' ::  "int \<Rightarrow> int \<Rightarrow> tassert" where
-"ones' i j = (if j < i then <(i = j + 1)> else
+"ones' i j = (if j < i then <(i = j + 1)>
-ones' i (j - 1) ** one j)"
+else ones' i (j - 1) \<and>* one j)"
 by auto
 termination by (relation "measure(\<lambda> (i::int, j). nat (j - i + 1))") auto
 lemma ones_rev: "\<not> j < i \<Longrightarrow> (ones i j) = ((ones i (j - 1)) ** one j)"
 proof(induct i j rule:ones_induct)
 by (auto simp:sep_conj_ac)
 qed
 qed
 lemma ones_rev_induct [case_names Base Step]:
-fixes P i j
 assumes h1: "\<And> i j. j < i \<Longrightarrow> P i j (<(i = j + (1::int))>)"
 and h2: "\<And> i j. \<lbrakk>\<not> j < i; P i (j - 1) (ones i (j - 1))\<rbrakk> \<Longrightarrow> P i j ((ones i (j - 1)) ** one j)"
 shows "P i j (ones i j)"
 proof(induct i j rule:ones'.induct)
 fix i j
 declare zeros.simps [simp del]
 lemmas zeros_simps [simp] = zeros_base_simp zeros_step_simp
 lemma zeros_induct [case_names Base Step]:
-fixes P i j
 assumes h1: "\<And> i j. j < i \<Longrightarrow> P i j (<(i = j + (1::int))>)"
 and h2: "\<And> i j. \<lbrakk>\<not> j < i; P (i + 1) j (zeros (i + 1) j)\<rbrakk> \<Longrightarrow>
 P i j ((zero i) ** zeros (i + 1) j)"
 shows "P i j (zeros i j)"
 proof(induct i j rule:zeros.induct)
 have "P i j (zero i \<and>* zeros (i + 1) j)" by blast
 with False show ?thesis by auto
 qed
 qed
-lemma zeros_rev: "\<not> j < i \<Longrightarrow> (zeros i j) = ((zeros i (j - 1)) ** zero j)"
+lemma zeros_rev: "\<not> j < i \<Longrightarrow> (zeros i j) = ((zeros i (j - 1)) \<and>* zero j)"
 proof(induct i j rule:zeros_induct)
 case (Base i j)
 thus ?case by auto
 next
 case (Step i j)
 with Step show ?thesis by (auto simp:sep_conj_ac)
 qed
 qed
 lemma zeros_rev_induct [case_names Base Step]:
-fixes P i j
 assumes h1: "\<And> i j. j < i \<Longrightarrow> P i j (<(i = j + (1::int))>)"
 and h2: "\<And> i j. \<lbrakk>\<not> j < i; P i (j - 1) (zeros i (j - 1))\<rbrakk> \<Longrightarrow>
 P i j ((zeros i (j - 1)) ** zero j)"
 shows "P i j (zeros i j)"
 proof(induct i j rule:ones'.induct)
 with zeros_rev and False
 show ?thesis by simp
 qed
 qed
-definition "rep i j k = ((ones i (i + (int k))) ** <(j = i + int k)>)"
+definition "rep i j k = ((ones i (i + (int k))) \<and>* <(j = i + int k)>)"
 fun reps :: "int \<Rightarrow> int \<Rightarrow> nat list\<Rightarrow> tassert"
 where
 "reps i j [] = <(i = j + 1)>" |
 "reps i j [k] = (ones i (i + int k) ** <(j = i + int k)>)" |
 reps_len_cons[OF h(1)]
 sep_conj_ac, subst ss, simp)
 qed
 qed
 subsection {* A theory of list extension *}
 definition "list_ext n xs = xs @ replicate ((Suc n) - length xs) 0"
 lemma list_ext_len_eq: "length (list_ext a xs) = length xs + (Suc a - length xs)"
 by (metis list_ext_len nth_list_update_eq)
 lemma nth_app: "length xs \<le> a \<Longrightarrow> (xs @ ys)!a = ys!(a - length xs)"
 by (metis not_less nth_append)
+(* FIXME in Hoare_gen? *)
 lemma pred_exI:
 assumes "(P(x) \<and>* r) s"
 shows "((EXS x. P(x)) \<and>* r) s"
 by (metis assms pred_ex_def sep_globalise)

changeset 9	b88fc9da1970
parent 5	6c722e960f2e
child 11	f8b2bf858caf