Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/Sources/formale Sprachen/Isabelle/HOL/NanoJava/ (Beweissystem Isabelle Version 2025-1^©) Datei vom 16.11.2025 mit Größe 11 kB

Quelle Equivalence.thy Sprache: Isabelle

(*  Title:      HOL/NanoJava/Equivalence.thy
    Author:     David von Oheimb
    Copyright   2001 Technische Universitaet Muenchen
*)

section "Equivalence of Operational and Axiomatic Semantics"

theory Equivalence imports OpSem AxSem begin

subsection "Validity"

definition valid :: "[assn,stmt, assn] => bool" (\<open>\<Turnstile> {(1_)}/ (_)/ {(1_)}\<close> [3,90,3] 60) where
"\ {P} c {Q} \ \s t. P s --> (\n. s -c -n\ t) --> Q t"

definition evalid   :: "[java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
      nat

definitionjava.lang.StringIndexOutOfBoundsException: Index 101 out of bounds for length 101
  :"triple, ]>bool \open_ |

definition envalid java.lang.NullPointerException
java.lang.StringIndexOutOfBoundsException: Index 119 out of bounds for length 119

definition nvalids :: "[nat, triple set] => bool" (\<open>|\<Turnstile>_: _\<close> [61,61] 60) where: \Turnstile P,
"

definition  ( add nvalid_def2
  java.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82

definition cenvalid  :: "[triple set,etriple ] => bool" (\<open>_ |\<Turnstile>\<^sub>e/ _\<close>[61,61] 60) where
"A |\\<^sub>e t \ \n. |\n: A --> \n:\<^sub>e t"

lemma nvalid_def2: "\n: (P,c,Q) \ \s t. s -c-n\ t \ P s \ Q t"
simp )

: \<
apply (simp add )
apply java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
bysimp envalid_def2 ""

lemma: \Turnstile:^eP, equiv
by (simp: "\0: (P,Impl M,Q)"

: "\\<^sub>e {P} e {Q} = (\n. \n:\<^sub>e (P,e,Q))"
java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
apply
done

lemma( simp nvalid_def2)
  "java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
by(simp envalid_def2Loop_sound_lemma (no_asm

subsection "Soundnessjava.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22

declare+

: "0: (P,Impl M,Q)"
by (clarsimp simp add: nvalid_def2)

lemma Impl_nvalid_Suc: "\n: (P,body M,Q) \ \Suc n: (P,Impl M,Q)"
by (clarsimp simp add: nvalid_def2)

lemma nvalid_SucD: "\t. \Suc n:t \ \n:t"
by ( simp  nvalid_def2)

lemma nvalids_SucD
by (fast\<in>Ms; Ball A (nvalid na); Ball B (nvalid na)\<rbrakk> \<Longrightarrow> nvalid na (f z Cm)" :

lemmaLoop_sound_lemma (no_asm:
"\s t. s -c-n\ t \ P s \ s \ Null \ P t \
  (s-c0-n0\<rightarrow> t \<longrightarrow> P s \<longrightarrow> c0 = While (x) c \<longrightarrow> n0 = n \<longrightarrow> P t \<and> t<x> = Null)"
P2  " )
apply clarsimp+
done

lemma Impl_sound_lemma:  \<open>ALLGOALS (REPEAT o Rule_Insts.thin_tac \<^context> "hoare _ _" [])\<close>)
"
  Cmapply fast
by blast ast

lemma all_conjunct2: "\l. P' l \ P l \ \l. P l"
by fast

lemma all3_conjunct2:
  "\a p l. (P' a p l \ P a p l) \ \a p l. P a p l"
by fast

lemma cnvalid1_eq:
               apply
bysimp

lemma hoare_sound_main   (* eConseq *)
apply " \<^context> 1", rename_tac P e Q)
apply
(*18*)java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
apply( nvalids_SucDsimp:HOL)
tactic \<open>ALLGOALS (REPEAT o Rule_Insts.thin_tac \<^context> "hoare _ _" [])\<close>)
apply (tactic \<open>ALLGOALS (REPEAT o Rule_Insts.thin_tac \<^context> "ehoare _ _" [])\<close>)
simp_allcnvalid1_eq)
                 apply fast ( )
java.lang.StringIndexOutOfBoundsException: Range [0, 16) out of bounds for length 4

apply
             java.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for length 23
java.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22

          apply fast
         apply fast
        fast
       apply
apply( delImpl_elim_cases
     defer
     prefer         MGTZ\<equiv> (\<lambda>s. Z = s, c, \<lambda>  t. \<exists>n. Z -c-  n\<rightarrow> t)"
     4blast
   apply (simp_all.eConseq simp)
   apply java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14

apply
apply (rulerule)
applyapplyerule)
applyjava.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
apply  (clarify intro!: Impl_nvalid_0
apply  (erule converse_rtrancl_inductjava.lang.StringIndexOutOfBoundsException: Index 37 out of bounds for length 37
apply( nvalids_SucD
apply
apply (erule (1) impE)
apply (drule (2) Impl_sound_lemma)
apply  blast
apply assumption
done

theorem hoare_sound: "{} \ {P} c {Q} \ \ {P} c {Q}"
apply (simp only
apply (drule hoare_sound_main [THEN conjunct1, rule_format)
apply (unfold cnvalids_def nvalids_def)
apply fast
done

theorem ehoare_sound: "{} \\<^sub>e {P} e {Q} \ \\<^sub>e {P} e {Q}"
apply( only)
apply (drule hoare_sound_main [THEN conjunct2, rule_format
apply (unfoldrule.)
applyfast
done

subsection "(Relative) Completeness"

definition MGT :: "stmt => state => triple" where
         "MGT c (\s. Z = s, c, \ t. \n. Z -c- n\ t)"

definition MGT\<^sub>e   :: "expr => state => etriple" where
         MGT>   <equiv> (\<lambda>s. Z = s, e, \<lambda>v t. \<exists>n. Z -e\<succ>v-n\<rightarrow> t)"

applyerule.)
java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
apply( only
apply allI)
apply conjI   impIConseq1,
apply (clarsimperuleerule,force
done

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.NullPointerException
apply (simp applyrename_tacu   Q "lambdaa .\java.lang.StringIndexOutOfBoundsException: Index 132 out of bounds for length 132
  MGT
apply hoare_ehoare
( simp)
done

declare exec_eval.intros[intro!]

lemma MGF_Loop blast
apply( add: split_paired_all
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
       in hoare_ehoareblast
apply  (rule)
apply  (ule.Loop)
apply  (erule hoare_ehoare.Conseq)
apply  clarsimp
apply  (blast introapply fast
apply (erule thin_rl)
apply clarsimp
apply (erule_tacx=Zin)
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
applyjava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
apply
apply clarsimp
apply (drule
( del)
done

lemma MGF_lemma: " hoare_ehoare.Call)
apply   spec, erulehoare_ehoare)
erulethin_rl thin_rl
( stmt_expr)
apply (rule_tac( (2) )

( Conseq1 hoare_ehoare])
apply java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11

apply (rule hoare_ehoare.
apply  ( hoare_ehoare)
apply (erule hoare_ehoare.Conseq)
apply clarsimp force
apply
apply blast

apply ( thin_rl
(ule.Cond
applyapply   [2]asm_rl
apply applyrule)
apply( MGF_lemma conjunct1 ])
apply (rule conjI)
ruleMGF_Impl
        erule

apply (erule MGF_Loop)

apply  rule)
apply fast

apply (erule thin_rl)
apply (rename_tac expr1 u v Z, rule_tac Q = "\a s. \n. Z -expr1\Addr a-n\ s" in hoare_ehoare.FAss)
y  (drule)
apply  (erule eConseq2

apply( )
apply rule)
apply clarsimp simp: valid_def
apply( (1) eval_eval_max
apply blasteFalse A <turnstile>\<^sub>e {\<lambda>s. False} e {Q}"

apply (simp only: split_paired_all)
apply (rule hoare_ehoare.Meth)
apply (rule allI)
apply (apply( eThin
apply blast

apply (simp add: split_paired_all)

java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
apply blast

apply (erule hoare_ehoare.eConseq [THEN hoare_ehoare.Cast])
apply fast

apply (rule eConseq1 [OF hoare_ehoare.LAcc])
apply blast

apply (erule hoare_ehoare.eConseq [THEN hoare_ehoare.FAcc])
apply fast

apply (rename_tac expr1 u expr2 Z)
apply (rule_tac R = "\a v s. \n1 n2 t. Z -expr1\a-n1\ t \ t -expr2\v-n2\ s" in
                hoare_ehoare.Call)
apply   (erule spec)
apply  (rule allI)
apply  (erule hoare_ehoare.eConseq)
apply  clarsimp
apply  blast
apply (rule allI)+
apply (rule hoare_ehoare.Meth)
apply (rule allI)
apply (drule spec, drule spec, erule hoare_ehoare.Conseq)
apply (erule thin_rl, erule thin_rl)
apply (clarsimp del: Impl_elim_cases)
apply (drule (2) eval_eval_exec_max)
apply (force del: Impl_elim_cases)
done

lemma MGF_Impl: "{} |\ {MGT (Impl M) Z}"
apply (unfold MGT_def)
apply (rule Impl1')
apply  (rule_tac [2] UNIV_I)
apply clarsimp
apply (rule hoare_ehoare.ConjI)
apply clarsimp
apply (rule ssubst [OF Impl_body_eq])
apply (fold MGT_def)
apply (rule MGF_lemma [THEN conjunct1, rule_format])
apply (rule hoare_ehoare.Asm)
apply force
done

theorem hoare_relative_complete: "\ {P} c {Q} \ {} \ {P} c {Q}"
apply (rule MGF_implies_complete)
apply  (erule_tac [2] asm_rl)
apply (rule allI)
apply (rule MGF_lemma [THEN conjunct1, rule_format])
apply (rule MGF_Impl)
done

theorem ehoare_relative_complete: "\\<^sub>e {P} e {Q} \ {} \\<^sub>e {P} e {Q}"
apply (rule eMGF_implies_complete)
apply  (erule_tac [2] asm_rl)
apply (rule allI)
apply (rule MGF_lemma [THEN conjunct2, rule_format])
apply (rule MGF_Impl)
done

lemma cFalse: "A \ {\s. False} c {Q}"
apply (rule cThin)
apply (rule hoare_relative_complete)
apply (auto simp add: valid_def)
done

lemma eFalse: "A \\<^sub>e {\s. False} e {Q}"
apply (rule eThin)
apply (rule ehoare_relative_complete)
apply (auto simp add: evalid_def)
done

end

quality99%

sp;(rule allI)+
apply (rule hoare_ehoare.Meth)
apply (rule allI)
apply (drule, drule specerule hoare_ehoare.Conseq
apply(erule , erule)
applyapply(ule.induct
apply (druleeval_eval_exec_max
applyapplyrule [OF.Skip
doneapply blast

lemma MGF_Impl: "{} |\ {MGT (Impl M) Z}"
apply (unfold MGT_def)
apply (rule Impl1')
apply (rule_tac [java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply clarsimp
apply (rule hoare_ehoare.ConjI)
apply clarsimp
apply (rule ssubst [OF Impl_body_eq])
apply (fold MGT_def)
apply (rule MGF_lemma [THEN conjunct1, rule_format])
apply rule.Asmjava.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
apply force
done

erule)
apply ( hoare_ehoare)
(erule_tac )
( allI
apply (rule [THENconjunct1,rule_format
apply(rule )
done

apply( eMGF_implies_complete
apply (erule_tac [2] asm_rl)
apply (rule allI)
apply java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
apply (rule MGF_Impl)
appl specjava.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19

lemmaapplyfast
apply rulecThin
apply( hoare_relative_complete
apply (auto add)
done drule)

lemma eFalse:"\java.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64
rule)
apply (rule
applyjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
done

end

quality99%

¤ Dauer der Verarbeitung: 0.1 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.