| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/Archive-of-Formal-Proofs/thys/Hoare_Time/ (Cephes Mathematical Library ©) Datei vom 31.4.2026 mit Größe 16 kB |
|
Quelle DiscussionO.thySprache: Isabelle |
|||||||||||||||
|
subsectionRelation between the Hoare logicsle theory DiscussionO imports SepLogK_Hoare QuantK_Hoare Nielson_Hoare begin (* here we compare quantitative Hoare logic with constant with Nielson's Hoare logic *) subsubsection \> Nielson quantHoare definition emN :: "qassn \<> P = (\<lambdalambda)" (* quanthoare can be simulated by Nielson *) lemma assumes s: "⊨ n ⇓ emN Q' }" (is "⊨ ?P } {?e \Down ?}" showsuantNielson' { P' } c { Q' }" proof - from s obtain k where k: "k>0" and qd: "∧l s. emN P' l s ==> (∃l s. emN\Longrightarrow (∃ p ⇓ p unfolding hoare1_valid_def by blast show ?byblast apply(rule exI[where x=k]) apply safe apply fact proof - fix s assume P': "P' s < ∞" then have "(emN P') (λ_. 0) s" unfolding emN_def by auto with qd obtain p t where i: "(c, s) ==> p ⇓ t" and p: "p ≤ k * ?e s" and e: "emN Q' (λ_. 0) t" by blast have t "↓s (c, s) = t" using bigstepT_the_state[OF i]by java.lang.StringIndexOutOfBound from P' obtain pree "Q't < \infinity odigeNdfby auto from e have Q' t <<infinity>"olding then obtain posthap 0 bigstep_progressprogress have "p > hav: "THE.enat = 's Q' t \exists>n. (c, s) ==> t)) = pre - post" thm enat.inject idiff_enat_enat the_equality have k: "(THE.enat e = P'' s - ' THE. ∃ n ⇓" unfolding t pr postapy(rule th_quality using idiff_enat_enat by auto with p have iethen hav p + k * p pos ≤p>0› then have "p + k * post ≤ib2 using diff_mult_distrib2enat *Q t<> s unfoldingby then have ii: "enat p + k * Q' t ≤ k * P' s" unfolding post pre by simp from i ii show "(∃t p. (c, s) ==> p ⇓ t ∧ enat p + k * Q' t ≤ k * P' s)" by auto qed qed (* Nielson can be simulated by quanthoare *) lemma assumes s: "⊨2' { %s . emb (∀l. P l s) + enat (e s) } c { %s. emb (∀l. Q l s) and sP: "∧l t. P l t ==> ∀l. P l t" (* "support P = {}" *) and shows proof - from s obtain k where assumes s:<><ubsub' { %s . emb (∀ { bforall. Q l s) }" (is "⊨2java.lang.NullPo unfolding QuantK_Hoare.hoare2o_valid_def by blast show ?thesis unfolding hoare1_valid_def apply(rule exI[wherexk]java.lang.StringIndexOutOfBoundsException: Index 30 out of apply - proof sobtain k where k "k qd: "<And ?P <∞t p. (c, s) ==> t ∧ enat k * ?P s)" fix l s assume P': "P l s" then have aP: "foralll. P l s" using sP by auto then have P: "?P s < with obtaint i: "(c, s) \<> by blast have t: "↓ from P apply auto by (metis (full_types) emb.simps(1) enat_ord_simps(2) imult_is_infinity infinity_ileE n with<>.l. P l s" using sP by auto then have "?Q t = 0" by auto with p have "enat p e with aP have p': "p ≤(c, ) ==> t" and p: "enat p + enat k * ?Q t ≤ from i Q p' show "∃ qed qed subsubsection ‹ definition sQ \foralllll t byjava.lang.StringIndexOutOfBoundsException: Index 44 out "em P = (%(ps,n). (\<forall>ex. P (Partial_Evaluation.emb ps ex) \<le> enat n) )" (* with equality n lemma assumes\Turnstile>' { em P} c { em Q }" shows "⊨t p. (c, s) ==> p<Downandp ≤ k * e s ∧ Q l t" by blast proof from \<openlation { fix s assume P: "P s < ∞ (pstate_t ==> then n where ns =at by fastforce with em," uflige_e y ao with s' obtain ps' ps'' m e e' where c: ""<Turnstile>' { P } c { Q }" and - from Q have q: "Q (Partial_Evalua{ have z: "(Partial_Evaluation.emb ps' (Partial_Evaluation.emb unfolding Partial_Evaluation.emb_def yauto apply( ext forv applycases ""' v plyhoimp _isj_fun_def one fromzhave q: " k * QQ (Par.emb (ps'+ps'')(<>_. 0) \le> enat k * enat e" k by (metis i0_lb mult_left_mono) have i: "(c, s) ==> java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 8 have ii: "enat m enat * (.embps'+'') <>. 0)<> k * s" n sn m using enat_ile by fastforce from ii e "<>.)<Rightarrowp ⇓ t ∧<> enat"by au B= show ?thesis unfolding QuantK_Hoare.hoare2o_valid_def apply(uleeIweexk,sf) ply fact apply (etis i0lb mul_eft_mo) qed definition "embe P = (%s. Inf lemma assumes s: "⊨i(\exists>t p. (c, s) ==> p <Down t ∧ enat k * P s)" shows3java.lang.NullPointerException proof - fromobtainwhere k:k and:\And>mbe s infinity ⟶ (∃ p ⇓ enat p + enat k * embe Q t ≤ unfolding { fix ps embe :(state_t bool) ==> let ?s =" (Partial_Evaluation.emb ps (λ ssume P "(, n)" with full have "dom ps = UNIV" by auto then have ps: "part ?s = ps" by simp from P have l': "enat n |n.P (ps, }= { " by auto have t: "embe s k where "k>0""<>s. e P <<<inf>\longrightarrow(∃t p. (c, s) ==> p ⇓ enat apply(rule ccontr) using l' a{ fi ps n mono_tagsotag, lifing)Leastle inininity_ieE with s obtain t p where c: "(cassumeP" ps, n) from t obtain zwhere z: "embes = z" using less_infinityE by blast with in obtain y where y: " Q t = y" using k by fastforce : "mbe infinity by auto then have zz: "({enat n|n. Q (part t, n)} = {}) = False" unfolding embe_def f_enat_def from have"Q (p, ) unfolding embe_def zz Inf_enat_def apply auto using zz apply auto by (smt Collect_empty_eq LeastI enat.inject) from full_to_part[OF c] papply(rule ccontr) using l' apply auto have "∧ p ⇓: "enat p +ena k * embe Q t <le> enak * embe P ?s"st from z P have zn P ?s =enat to byineqembe Qt =enat fromzveenat enaty \le> k *" auto then have "p + k * y ≤" by auto also have "…Q t, n)= {}= " unfolding embe_def Inf_enat_def apply by simp obtain e' "k * = y+ e' p"sing k (etisadd.asoc dcmut lffad) \exists>ps' '' m e e'.(c, ps) \Rightarrow>' + ps'' \and> ps' ## ps'' \\<> k * nn apply(rule exI[wherex=" t"]) apply(rule exI[ apply(rule exI[where x="p"]) apply(rule exI[where x="y"]) apply(rule exI[where x="e'"]) apply auto by fact+ } show ?thesis unfolding hoare3alidf lyule exI[were x=kx=] afe) apply fact by fact qed subsection ‹ enat k * z" by auto definition valid where " P c Q n = (∀ ≤ k * n" using zn k by simp validk whfinally obtain e' where "k * n = k * y + e' + " using k by (metis ad "validk P c Q n = (\<have validk P c Q n= (\ n) unfolding valid_def validk_def by simp ‹ "⊨(rule exI[wher x="y"]) - assume vavalid: "\<TurnstileTurnstile2 (P s) + enat n} c {λ (Q s)}" then obtain k where val: "∧s. ↑ and k: "k>0" unfolding QuantK_Hoare.hoare2o_validapplyfaby fac { fix s assume Ps: "P s" then have " ↑ (P s) + enat n < \ with val obtain t m where c: "(c, s) \Rightarrowm ⇓>k * (\up (Ps) + + enat )" by blast then have "m ≤ k * n ∧ Q t" using k using Ps add.commute add.right_neutral emb.simps(1) emb.simps(2) enat_ord_simps( by (metis (full_types) mult_zero_right not_gr_zero times_enat_simps(1) times_ena with c have "(∃s' m. (c, s) ==> m ⇓ s' ∧ m ≤ k * n ∧ Q s')" by blast } note bla=this show "∃k>0. valid P c Q (k*n)" unfolding valid_def apply(rule exI[where x=k]) us valid_quan: "∃>⊨ + enat n} c { λ (Q s) }"}" - assume "∃k>0. valid P c Q (k*n)" then obtain k where valid: "valid P c Q (k*n)" and k: "k>0" by blast { fix s assume "(%s. emb (P s) + enat n) s < \∞" then have Ps: "P s" apply auto by (metis emb.elims enat.distinct(2) enat.simps(5) enat_defs(4)) with valid[unfolded valid_def] obtain t m where c: "(c, s) ==> m ⇓ t" and "m ≤ k * n" "Q t" by blast then have "enat m + k * ↑ (Q t) ≤(\exists>. (\foralls. P s \><>s with c have "(∃s' m. (c, s) ==> m ⇓ s' ∧ enat m + enat k * ↑ (Q s') ≤ enat k * (↑ (P s) + } note funk=this show "⊨2' {%s. emb (P s) + enat n} c { λs. emb (Q s) }" unfolding QuantK_Hoare apply(rule exI[where x=k]) using funk k by auto ‹Relation between valid predicate and Hoare Logic based on Separation Logic› "embP2 P = (%(ps,n). ∀s. P (Partial_Evaluation.emb ps s) ∧ n = 0)" "embP3 P = (%(ps,n). dom ps = UNIV ∧ (∀s. P (Partial_Evaluation.emb ps s)) ∧ n emp: "a + Map.empty = a" by (simp add: plus_fun_conv) java.lang.NullPointerException - assume partial_true: "⊨3' {embP3 P ** $n} c {embP2 Q}" from partial_true[unfolded hoare3o_valid_def] obtain k where k unfo valid_def va q : "∀ (∃^ub>A m \Down ps'ps' ps'' \and ps' ## ps' \<nd { fix s assume "P s" then have g: " (embP3 P ∧* $ n) (part s, n)" unfolding embP3_def dollar_def sep_conj_def by auto from q g obtain ps' ps'' m e e' where pbig: "(c, part s) ==>A m ⇓ ps' + ps''" and orth: "p and ii: "k * n = k * e + e' + m" and erg: "embP2 Q (ps', e)" by blast have ii': "m ≤ k * n" using ii by auto from part_to_full'[OF pbig] have i: "(c, s ) ==> m ⇓ Partial_Evaluation.emb (ps' from erg have z2: "∧s. Q (Partial_Evaluation.emb ps' s)" unfolding embP2_def by have "Partial_Evaluation.emb (ps' + ps'') s = Partial_Evaluation.emb (ps'' + ps' using orth by (simp add: sep_add_commute) also have "Partial_Evaluation.emb (ps'' + ps') s = Partial_Evaluation.emb (ps') apply rule unfolding emb_def plus_fun_conv map_add_def by (metis option.case_eq_if option.simps(5)) finally have z: "Partial_Evaluation.emb (ps' + ps'') s = Partial_Evaluation.emb have iii: "Q (Partial_Evaluation.emb (ps' + ps'') s)" unfolding z apply (fact) . from i ii' iii have "∃s' m. (c, s) ==> m ⇓ s' ∧ m ≤ k * n ∧ Q s'" by auto } with k show "validk P c Q n" unfolding validk_def by blast theother: "validk P c Q n ==>\<>\ - assume valid: "validk P c Q n" then obtain k where k : "k>0" and v: "(∀s. P s ⟶ (∃s' m. (c, s) ==> m ⇓ s' ∧ m ≤ unfolding validk_def by blast { fix ps na assume an: "(embP3 P ∧* $ n) (ps, na)" have dom: "dom ps = UNIV" and Pps: "∧s. P (Partial_Evaluation.emb ps s)" and nan by (auto simp: embP3_def dollar_def) from v Pps obtain s' m where big: "(c, (Partial_Evaluation.emb ps (%_. 0))) ==> m ⇓ s'" and have "part (Partial_Evaluation.emb ps (λ_. 0)) = ps " using dom by simp with full_to_part[OF big] have i: "(c, ps) ==> u Qu.hoare2 b blast have iii: "embP2 Q (part s', 0)" unfolding embP2_def apply auto by fact have "k * na = k * n - m + m" using ii k nan by simp have "(∃ apply(rule exI[where x="part s'"]) ply(rule ex[where x= x="0x=""]) apply(rule exI[where x="m"]) apply(rule exI[where x="0"]) apply( exIwhere x="k * n - m"])apply auuto by fact+ } with k show "⊨ t and "enat + k * ↑ena n" by blast "validk P c Q n ⟷ ⊨3' {embP3 P ** $n} c {embP2 Q }" oneway and theother by metis
¤ Dauer der Verarbeitung: 0.6 Sekunden ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-06-09