fun strip :: "acom ==> com"where "strip SKIP = SKIP" | "strip (x ::= a) = (x ::= a)" | "strip (C1;; C2) = (strip C1;; strip C2)" | "strip (IF b THEN C1 ELSE C2) = (IF b THEN strip C1 ELSE strip C2)" | "strip ({_} WHILE b DO C) = (WHILE b DO strip C)"
text‹Weakest precondition from annotated commands:›
funpre :: "acom ==> assn ==> assn"where "pre SKIP Q = Q" | "pre (x ::= a) Q = (λs. Q(s(x := aval a s)))" | "pre (C1;; C2) Q = pre C1 (pre C2 Q)" | "pre (IF b THEN C1 ELSE C2) Q = (λs. if bval b s then pre C1 Q s else pre C2 Q s)" | "pre ({I} WHILE b DO C) Q = (λs. ∃n. I n s)"
text‹Verification condition:›
fun vc :: "acom ==> assn ==> bool"where "vc SKIP Q = True" | "vc (x ::= a) Q = True" | "vc (C1;; C2) Q = (vc C1 (pre C2 Q) ∧ vc C2 Q)" | "vc (IF b THEN C1 ELSE C2) Q = (vc C1 Q ∧ vc C2 Q)" | "vc ({I} WHILE b DO C) Q = (∀s n. (I (Suc n) s ⟶ pre C (I n) s) ∧ (I (Suc n) s ⟶ bval b s) ∧ (I 0 s ⟶¬ bval b s ∧ Q s) ∧ vc C (I n))"
lemma vc_sound: "vc C Q ==>⊨t {pre C Q} strip C {Q}" proof(induction C arbitrary: Q) case (Awhile I b C) show ?case proof(simp, rule conseq[OF _ While[of I]], goal_cases) case (2 n) show ?case using Awhile.IH[of "I n"] Awhile.prems by (auto intro: strengthen_pre) qed (insert Awhile.prems, auto) qed (auto intro: conseq Seq If simp: Skip Assign)
text‹When trying to extend the completeness proof of the VCG for partial correctness
total correctness one runs into the following problem.
the case of the while-rule, the universally quantified ‹n› in the first premise
that for that premise the induction hypothesis does not yield a single
command ‹C› but merely that for every ‹n› such a ‹C› exists.›
end
Messung V0.5 in Prozent
¤ Dauer der Verarbeitung: 0.8 Sekunden
(vorverarbeitet am 2026-06-09)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
