-
Notifications
You must be signed in to change notification settings - Fork 0
/
XPres.thy
268 lines (241 loc) · 8.06 KB
/
XPres.thy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
(*
* Copyright 2014, NICTA
*
* This software may be distributed and modified according to the terms of
* the BSD 2-Clause license. Note that NO WARRANTY is provided.
* See "LICENSE_BSD2.txt" for details.
*
* @TAG(NICTA_BSD)
*)
theory XPres
imports SIMPL_Lemmas
begin
(* We don't really care if the computation gets stuck or faults, only that xf isn't changed *)
definition
xpres :: "('s \<Rightarrow> 'a) \<Rightarrow> 'a \<Rightarrow> ('i \<rightharpoonup> ('s, 'i, 'x) com) \<Rightarrow> ('s, 'i, 'x) com \<Rightarrow> bool"
where
"xpres xf v \<Gamma> c \<equiv> \<forall>s t. \<Gamma> \<turnstile> \<langle>c, s\<rangle> \<Rightarrow> t
\<longrightarrow> s \<in> Normal ` {s. xf s = v}
\<longrightarrow> (\<forall>t'. t = Normal t' \<or> t = Abrupt t' \<longrightarrow> xf t' = v)"
lemma xpresI:
"\<lbrakk>\<And>s t t'. \<lbrakk>\<Gamma> \<turnstile> \<langle>c, Normal s\<rangle> \<Rightarrow> t; xf s = v; t = Normal t' \<or> t = Abrupt t' \<rbrakk> \<Longrightarrow> xf t' = v\<rbrakk> \<Longrightarrow>
xpres xf v \<Gamma> c"
unfolding xpres_def by auto
(* Sometimes it's easier to reason syntactically --- the two are more or less equivalent, under the assumption
that c doesn't fault or get stuck *)
lemma xpres_hoareI:
"\<Gamma> \<turnstile> {s. xf s = v } c {s. xf s = v} \<Longrightarrow> xpres xf v \<Gamma> c"
apply (rule xpresI)
apply (drule hoare_sound)
apply (simp add:HoarePartialDef.valid_def cvalid_def)
apply (drule spec, drule spec, drule (1) mp)
apply clarsimp
done
lemma xpres_skip:
"xpres xf v \<Gamma> Skip"
apply (rule xpres_hoareI)
apply rule
done
lemma xpres_basic:
assumes rl: "\<And>s. xf s = v \<Longrightarrow> xf (f s) = v"
shows "xpres xf v \<Gamma> (Basic f)"
apply (rule xpresI)
apply (drule rl)
apply (erule exec_Normal_elim_cases)
apply clarsimp
done
lemma xpres_exec0:
assumes xp: "xpres xf v \<Gamma> c"
and ex: "\<Gamma> \<turnstile> \<langle>c, Normal s\<rangle> \<Rightarrow> y"
and xy: "y = Normal s' \<or> y = Abrupt s'"
and xf: "xf s = v"
shows "xf s' = v"
using xp ex xy xf
unfolding xpres_def
apply -
apply (drule spec, drule spec, drule (1) mp)
apply (erule disjE)
apply (drule mp, simp)
apply simp
apply (drule mp, simp)
apply simp
done
lemma xpres_exec:
assumes xp: "xpres xf v \<Gamma> c"
and ex: "\<Gamma> \<turnstile> \<langle>c, Normal s\<rangle> \<Rightarrow> Normal s'"
and xf: "xf s = v"
shows "xf s' = v"
using xp ex xf by (auto intro: xpres_exec0)
lemma xpresD:
assumes xf: "xf s = v"
and xp: "xpres xf v \<Gamma> a"
and ex: "\<Gamma> \<turnstile> \<langle>a, Normal s\<rangle> \<Rightarrow> Normal s'"
shows "xf s' = v"
by (rule xpres_exec [OF xp ex]) fact+
lemma xpres_abruptD:
assumes xf: "xf s = v"
and xp: "xpres xf v \<Gamma> a"
and ex: "\<Gamma> \<turnstile> \<langle>a, Normal s\<rangle> \<Rightarrow> Abrupt s'"
shows "xf s' = v"
by (rule xpres_exec0 [OF xp ex], simp) fact+
lemma xpres_seq:
assumes xa: "xpres xf v \<Gamma> a"
and xb: "xpres xf v \<Gamma> b"
shows "xpres xf v \<Gamma> (a ;; b)"
apply (rule xpresI)
apply (erule exec_Normal_elim_cases)
apply (erule disjE)
apply simp
apply (erule Normal_resultE)
apply simp
apply (drule (1) xpresD [OF _ xa])
apply (erule (1) xpresD [OF _ xb])
apply simp
apply (erule Abrupt_resultE)
apply simp
apply (drule (1) xpresD [OF _ xa])
apply (erule (1) xpres_abruptD [OF _ xb])
apply simp
apply (drule Abrupt_end, rule refl)
apply simp
apply (erule (1) xpres_abruptD [OF _ xa])
done
lemma xpres_while0:
assumes ex: "\<Gamma>\<turnstile> \<langle>d,s\<rangle> \<Rightarrow> t"
and xp: "xpres xf v \<Gamma> a"
and d: "d = While b a"
and s: "s \<in> Normal ` {s. xf s = v} \<union> Abrupt ` {s. xf s = v}"
and t: "t = Normal t' \<or> t = Abrupt t'"
shows "xf t' = v"
using ex d s t
proof (induct)
case (WhileTrue s' b' c' t u)
hence eqs: "b' = b" "c' = a" and xfs: "xf s' = v" by auto
{
fix w
assume tv: "t = Normal w" and "\<Gamma> \<turnstile> \<langle>a, Normal s'\<rangle> \<Rightarrow> Normal w"
have ?thesis
proof (rule WhileTrue.hyps(5))
have "xf w = v" using xfs xp by (rule xpresD) fact+
thus "t \<in> Normal ` {s. xf s = v} \<union> Abrupt ` {s. xf s = v}" using tv
by simp
qed fact+
} moreover
{
fix w
assume tv: "t = Abrupt w" and "\<Gamma> \<turnstile> \<langle>a, Normal s'\<rangle> \<Rightarrow> Abrupt w"
have ?thesis
proof (rule WhileTrue.hyps(5))
have "xf w = v" using xfs xp by (rule xpres_abruptD) fact+
thus "t \<in> Normal ` {s. xf s = v} \<union> Abrupt ` {s. xf s = v}" using tv
by simp
qed fact+
} ultimately
show ?thesis using WhileTrue.prems(3) WhileTrue.hyps(2) WhileTrue.hyps(4) eqs
apply -
apply (erule disjE)
apply simp
apply (erule Normal_resultE)
apply simp
apply simp
apply (erule Abrupt_resultE)
apply simp
apply simp
done
qed auto
lemma xpres_while:
assumes xp: "xpres xf v \<Gamma> x"
shows "xpres xf v \<Gamma> (While b x)"
apply (rule xpresI)
apply (erule xpres_while0 [OF _ xp refl])
apply simp
apply simp
done
lemma xpres_call:
assumes ret: "\<And>s t. xf s = v \<Longrightarrow> xf (r s t) = v"
and xp: "\<And>s t. xpres xf v \<Gamma> (c s t)"
shows "xpres xf v \<Gamma> (call i f r c)"
apply (rule xpresI)
apply (erule exec_call_Normal_elim)
apply (erule (1) xpres_exec0 [OF xp])
apply (erule ret)
apply simp
apply (erule subst, erule ret)
apply simp
apply simp
apply simp
done
lemma xpres_catch:
assumes xpb: "xpres xf v \<Gamma> b"
and xpc: "xpres xf v \<Gamma> c"
shows "xpres xf v \<Gamma> (Catch b c)"
apply (rule xpresI)
apply (erule exec_Normal_elim_cases)
apply (drule (1) xpres_abruptD [OF _ xpb])
apply (erule (2) xpres_exec0 [OF xpc])
apply (erule (2) xpres_exec0 [OF xpb])
done
lemma xpres_guard:
assumes xp: "xpres xf v \<Gamma> c"
shows "xpres xf v \<Gamma> (Guard f g c)"
apply (rule xpresI)
apply (erule exec_Normal_elim_cases)
apply (erule (2) xpres_exec0 [OF xp])
apply simp
done
lemma xpres_cond:
assumes xpa: "xpres xf v \<Gamma> a"
and xpb: "xpres xf v \<Gamma> b"
shows "xpres xf v \<Gamma> (Cond x a b)"
apply (rule xpresI)
apply (erule exec_Normal_elim_cases)
apply (erule (2) xpres_exec0 [OF xpa])
apply (erule (2) xpres_exec0 [OF xpb])
done
lemma xpres_throw:
shows "xpres xf v \<Gamma> Throw"
apply (rule xpresI)
apply (erule exec_Normal_elim_cases)
apply simp
done
lemma xpres_creturn:
assumes xfu: "\<And>s f. xf (xfu f s) = xf s"
and xfg: "\<And>s f. xf (exnu f s) = xf s"
shows "xpres xf v \<Gamma> (creturn exnu xfu v')"
unfolding creturn_def
apply (rule xpresI)
apply (clarsimp elim!: exec_Normal_elim_cases simp add: xfg xfu)+
done
lemma xpres_creturn_void:
assumes xfg: "\<And>s f. xf (exnu f s) = xf s"
shows "xpres xf v \<Gamma> (creturn_void exnu)"
unfolding creturn_void_def
apply (rule xpresI)
apply (clarsimp elim!: exec_Normal_elim_cases simp add: xfg)
done
lemma xpres_cbreak:
assumes xfg: "\<And>s f. xf (exnu f s) = xf s"
shows "xpres xf v \<Gamma> (cbreak exnu)"
unfolding cbreak_def
apply (rule xpresI)
apply (clarsimp elim!: exec_Normal_elim_cases simp add: xfg)
done
lemma xpres_catchbrk_C:
shows "xpres xf v \<Gamma> (ccatchbrk exnu)"
unfolding ccatchbrk_def
apply (rule xpresI)
apply (fastforce elim!: exec_Normal_elim_cases)
done
lemma xpres_lvar_nondet_init:
assumes xfg: "\<And>s f. xf (st f s) = xf s"
shows "xpres xf v \<Gamma> (lvar_nondet_init gt st)"
apply (rule xpresI)
apply (simp add: lvar_nondet_init_def)
apply (auto elim!: exec_Normal_elim_cases simp add: xfg)
done
(* We ignore DynCom and Call and (for now) Spec. The first two are covered by xpres_call *)
lemmas xpres_rules = xpres_skip xpres_basic xpres_seq xpres_while
xpres_call xpres_catch xpres_skip xpres_guard xpres_cond xpres_throw
xpres_creturn xpres_creturn_void xpres_cbreak xpres_catchbrk_C
xpres_lvar_nondet_init
end