# HG changeset patch # User Christian Urban # Date 1395661179 0 # Node ID dcbf7888a070164af9282555193cd36b5c45ef16 # Parent 192672a6fff450d92dcfec18d0e015a9adc94729 some small modifications diff -r 192672a6fff4 -r dcbf7888a070 thys/Hoare_gen.thy --- a/thys/Hoare_gen.thy Fri Mar 21 15:10:13 2014 +0000 +++ b/thys/Hoare_gen.thy Mon Mar 24 11:39:39 2014 +0000 @@ -7,6 +7,7 @@ "../Separation_Algebra/Sep_Tactics" begin + definition pasrt :: "bool \ 'a::sep_algebra \ bool" ("<_>" [72] 71) where "pasrt b = (\ s . s = 0 \ b)" @@ -60,10 +61,10 @@ Hoare_gen :: "('a \ bool) \ ('a \ bool) \ ('a \ bool) \ bool" ("(\(1_)\/ (_)/ \(1_)\)" 50) where "\p\ c \q\ \ - (\s r. (p \* c \* r) (recse s) \ (\k. ((q \* c \* r) (recse (run (Suc k) s)))))" + \s r. (p \* c \* r) (recse s) \ (\k. (q \* c \* r) (recse (run (Suc k) s)))" lemma HoareI [case_names Pre]: - assumes h: "\ r s. (p \* c \* r) (recse s) \ (\k. ((q \* c \* r) (recse (run (Suc k) s))))" + assumes h: "\ r s. (p \* c \* r) (recse s) \ \k. (q \* c \* r) (recse (run (Suc k) s))" shows "\p\ c \q\" using h unfolding Hoare_gen_def @@ -123,11 +124,12 @@ case (Pre r' s') then obtain k where "(p \* (\ s. c k s) \* r') (recse s')" by (auto elim!: sep_conjE intro!: sep_conjI) - from h[unfolded Hoare_gen_def, rule_format, OF this] + with h[unfolded Hoare_gen_def] show "\k. (q \* (\s. \x. c x s) \* r') (recse (run (Suc k) s'))" - by (auto elim!: sep_conjE intro!: sep_conjI) + by (blast elim!: sep_conjE intro!: sep_conjI) qed +(* FIXME: generic section ? *) lemma code_extension: assumes "\p\ c \q\" shows "\p\ c \* e \q\" @@ -154,12 +156,12 @@ IHoare :: "('b::sep_algebra \ 'a \ bool) \ ('b \ bool) \ ('a \ bool) \ ('b \ bool) \ bool" ("(1_).(\(1_)\/ (_)/ \(1_)\)" 50) where - "I. \P\ c \Q\ = (\s'. \ EXS s.

\* <(s ## s')> \* I(s + s')\ c - \ EXS s. \* <(s ## s')> \* I(s + s')\)" + "I. \P\ c \Q\ = (\s'. \EXS s.

\* <(s ## s')> \* I(s + s')\ c + \EXS s. \* <(s ## s')> \* I(s + s')\)" lemma IHoareI [case_names IPre]: assumes h: "\s' s r cnf . (

\* <(s ## s')> \* I(s + s') \* c \* r) (recse cnf) \ - (\k t. ( \* <(t ## s')> \* I(t + s') \* c \* r) (recse (run (Suc k) cnf)))" + \k t. ( \* <(t ## s')> \* I(t + s') \* c \* r) (recse (run (Suc k) cnf))" shows "I. \P\ c \Q\" unfolding IHoare_def proof @@ -301,6 +303,7 @@ using h1 h2 by (smt IHoare_def sep_exec.composition) +(* FIXME: generic section *) lemma pre_condI: assumes h: "cond \ \p\ c \q\" shows "\ \* p\ c \q\" @@ -314,14 +317,15 @@ qed lemma I_pre_condI: - assumes h: "cond \ I.\P\ c \Q\" - shows "I.\ \* P\ c \Q\" + assumes h: "cond \ I. \P\ c \Q\" + shows "I. \ \* P\ c \Q\" using h by (smt IHoareI condD cond_true_eq2 sep.mult_commute) +(* FIXME: generic section *) lemma code_condI: assumes h: "b \ \p\ c \q\" - shows "\p\ **c \q\" + shows "\p\ \* c \q\" proof(induct rule: HoareI) case (Pre r s) hence h1: "b" "(p \* c \* r) (recse s)" @@ -335,14 +339,15 @@ lemma I_code_condI: assumes h: "b \ I. \P\ c \Q\" - shows "I.\P\ **c \Q\" + shows "I. \P\ \* c \Q\" using h by (smt IHoareI condD cond_true_eq2 sep.mult_commute sep_conj_cond1) +(* FIXME: generic section *) lemma precond_exI: assumes h:"\x. \p x\ c \q\" shows "\EXS x. p x\ c \q\" -proof(induct rule:HoareI) +proof(induct rule: HoareI) case (Pre r s) then obtain x where "(p x \* c \* r) (recse s)" by (unfold pred_ex_def, auto elim!:sep_conjE intro!:sep_conjI) @@ -352,7 +357,7 @@ lemma I_precond_exI: assumes h:"\x. I. \P x\ c \Q\" - shows "I.\EXS x. P x\ c \Q\" + shows "I. \EXS x. P x\ c \Q\" proof(induct rule:IHoareI) case (IPre s' s r cnf) then obtain x @@ -366,14 +371,13 @@ by (auto simp:sep_conj_ac) qed +(* FIXME: generic section *) lemma hoare_sep_false: - "\sep_false\ c - \q\" + "\sep_false\ c \q\" by(unfold Hoare_gen_def, clarify, simp) lemma I_hoare_sep_false: - "I. \sep_false\ c - \Q\" + "I. \sep_false\ c \Q\" by (smt IHoareI condD) end @@ -391,18 +395,9 @@ instance apply(default) - apply(simp add:set_ins_def) - apply(simp add:sep_disj_set_def plus_set_def set_zero_def) - apply (metis inf_commute) - apply(simp add:sep_disj_set_def plus_set_def set_zero_def) - apply(simp add:sep_disj_set_def plus_set_def set_zero_def) - apply (metis sup_commute) - apply(simp add:sep_disj_set_def plus_set_def set_zero_def) - apply (metis (lifting) Un_assoc) - apply(simp add:sep_disj_set_def plus_set_def set_zero_def) - apply (metis (lifting) Int_Un_distrib Un_empty inf_sup_distrib1 sup_eq_bot_iff) - apply(simp add:sep_disj_set_def plus_set_def set_zero_def) - by (metis (lifting) Int_Un_distrib Int_Un_distrib2 sup_eq_bot_iff) + apply(auto simp: set_ins_def) +done + end section {* A big operator of infinite separation conjunction *}