(* * Copyright 2016, Data61 * * This software may be distributed and modified according to the terms of * the BSD 2-Clause license. Note that NO WARRANTY is provided. * See "LICENSE_BSD2.txt" for details. * * @TAG(NICTA_BSD) *) theory ExtraSpecs imports "CLib.TypHeapLib" begin definition "simple_simpl_refines \ com com' = (\s. (\ft. \ \ \com', Normal s\ \ Fault ft) \ ((\xs. \ \ \com, Normal s\ \ xs \ \ \ \com', Normal s\ \ xs) \ (\ terminates \ com (Normal s) \ \ terminates \ com' (Normal s))))" lemma simple_simpl_refines_no_fault_execD: "\ \ \com,Normal s\ \ xs \ simple_simpl_refines \ com com' \ (\ft. \ \ \ \com',Normal s\ \ Fault ft) \ \ \ \com', Normal s\ \ xs" by (auto simp add: simple_simpl_refines_def) lemma simple_simpl_refines_no_fault_terminatesD: "simple_simpl_refines \ com com' \ (\ft. \ \ \ \com',Normal s\ \ Fault ft) \ \ terminates \ com (Normal s) \ \ terminates \ com' (Normal s)" by (auto simp add: simple_simpl_refines_def) lemma simple_simpl_refines_refl: "simple_simpl_refines \ com com" by (auto simp add: simple_simpl_refines_def) lemma simple_simpl_refines_from_def_eq: "body \ body' \ simple_simpl_refines \ body' body" (* these are flipped, because the "implementation" is on the rhs of definitional equalities, but the lhs of refinement thms. *) by (simp add: simple_simpl_refines_def) lemma simple_simpl_refines_trans: "simple_simpl_refines \ com com' \ simple_simpl_refines \ com' com'' \ simple_simpl_refines \ com com''" by (simp add: simple_simpl_refines_def, metis) lemma simple_simpl_refines_drop_Guard: "simple_simpl_refines \ com (Guard F G com)" apply (clarsimp simp add: simple_simpl_refines_def) apply (case_tac "s \ G") apply (auto intro: exec.Guard exec.GuardFault elim!: terminates_Normal_elim_cases) done lemma simple_simpl_refines_guarded_Basic_guarded_spec_body: "(\s s'. (s, s') \ R \ (s \ G \ (s, f s) \ R)) \ simple_simpl_refines \ (Guard F' G (Basic f)) (guarded_spec_body F R)" apply (simp add: guarded_spec_body_def simple_simpl_refines_def) apply (intro allI, drule_tac x=s in spec) apply (erule impCE) apply (rule disjI1) apply (fastforce intro: exec.GuardFault) apply (rule disjI2) apply (auto intro!: exec.Guard terminates.Guard intro: exec.GuardFault exec.Spec terminates.Basic image_eqI[rotated] elim!: exec_Normal_elim_cases terminates_Normal_elim_cases) done lemmas simple_simpl_refines_Basic_guarded_spec_body = simple_simpl_refines_trans[OF simple_simpl_refines_drop_Guard[where G=UNIV] simple_simpl_refines_guarded_Basic_guarded_spec_body ] ML \ structure Get_Body_Refines = struct fun get ctxt name = let fun pget sfx = try (Proof_Context.get_thm ctxt o suffix sfx) name val eqv = pget "_body_refines" val def = pget "_body_def" in case (eqv, def) of (SOME eqvt, _) => eqvt | (_, SOME deft) => (deft RS @{thm simple_simpl_refines_from_def_eq}) | _ => raise THM ("Get_Body_Refines.get: " ^ "no body_def or body_refines: " ^ name, 1, []) end end \ end