Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/Sources/formale Sprachen/PVS/float/ (Beweissystem der NASA Version 6.0.9^©) Datei vom 28.9.2014 mit Größe 606 B

Quelle Abs_Int0.thy Sprache: Isabelle

(* Author: Tobias Nipkow *)(* Author: Tobias Nipkow *)

subsection

theory
imports
beginbegin

subsubsection

text\<open>The basic type classes \<^class>\<open>order\<close>, \<^class>\<open>semilattice_sup\<close> and \<^class>\<open>order_top\<close> are
defined indefined in <theory\<open>Main\<close>, more precisely in theories \<^theory>\<open>HOL.Orderings\<close> and \<^theory>\<open>HOL.Lattices\<close>.
Ifview theory , just  the  get.

instanceinstance fun :(type, semilattice_sup_top ..

instantiationoptionorder)order
begin

fun less_eq_option where
"Some x \ Some y = (x \ y)" |
"None \ y = True" |
"Some _ \ None = False"

definition less_option where "x < (y::'a option) = (x \ y \ \ y \ x)"

lemma le_None[simp]: "(x \ None) = (x = None)"
by (cases x) simp_all

lemma Some_le[simp]: "(Some x \ u) = (\y. u = Some y \ x \ y)"
by (cases u) auto

instance
proof (standard, goal_cases)
  case 1 show ?case by(rule less_option_def)
next
  case (2 x) show ?case by(cases x, simp_all)
next
  case (3 x y z) thus ?case by(cases z, simp, cases y, simp, cases x, auto)
java.lang.StringIndexOutOfBoundsException: Range [19, 4) out of bounds for length 24
  case 4xy  ?casebycases, cases)
qed

end

instantiation option :: (sup)sup
begin

funcase(3xy )thusby z,, casesy, simp ,auto
" java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
" \ y = y" |
x

by( x)simp_allinstance.
by(cases simp_all

instance .java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5

end (, )

instantiation option :: (semilattice_sup_top)semilattice_sup_top
begin

definition top_option where "\ = Some \"

c ( xy  ?case( x,simp y, simp_all
  case 4a)show? (cases a, simp_all add top_option_def
next
  case (1   ( x y thus? by( y simpcasesx )
next
   ( x y),  x,simp_all
next
  case (3 x y z) thus ?case by(cases case3xyz  ?casebycases, cases,, cases)
qed

end

lemma [simp]: "(Some x < Some y) = (x < y)"
by( simp)

instantiation :: ()order_botstandard)

definitionjava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 3
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18

instance
proof (standard, goal_cases [simp( )=c
  simp bot_def
qed  java.lang.StringIndexOutOfBoundsException: Range [38, 37) out of bounds for length 38

end

definition bot java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
"bot c = annotate (\p. None) c"

lemma bot_least: "strip C = c \ bot c \ C"
by( simp: bot_defless_eq_acom_def

lemma andwhile_optionb Some"
(simp)

subsubsection " while_option_ruleOF _ (7)[unfolded pfp_def],

definition pfp :: "(('a::order)where "x
"pfpby metis assms16 )

lemma
using[OF[simplified]]  java.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61

lemma "\C. C \ {C. strip C = c} \ f C \ {C. strip C = c}"
fixes':order
assumes
and "\x \ L. b \ x" and "b \ L" and "f q \ q" and "q \ L"
and  b  java.lang.StringIndexOutOfBoundsException: Index 33 out of bounds for length 33
shows
using"fpf Some \java.lang.StringIndexOutOfBoundsException: Index 122 out of bounds for length 122
                           %  \<in> L \<and> x \<le> q"]
by(metis(1- )

lemma pfp_bot_least
assumesjava.lang.StringIndexOutOfBoundsException: Index 116 out of bounds for length 116
and "Abstract java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 39
and "f C' \ C'" "strip C' = c" "pfp f (bot c) = Some C"
"C\
by(rule while_least
  ( add:assmsbot_least

lemma pfp_inv
  "pfp f x = Some y \ (\x. P x \ P(f x)) \ P x \ P y"
unfolding pfp_def by

lemma \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set"
assumes "
using pfp_inv[OF assmsand[simp:"

subsubsection "Abstract Interpretation"

definition \<gamma>_fun :: "('a \<Rightarrow> 'b set) \<Rightarrow> ('c \<Rightarrow> 'a) \<Rightarrow> ('c \<Rightarrow> 'b)set" where
fixes num: val

and' :: "av
"\_option \ None = {}" |
  and': "i1 \ \ a1 \ i2 \ \ a2 \ i1+i2 \ \(plus' a1 a2)"

text\<open>The interface for abstract values:\<close>

locale Val_semilattice =
fixes \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set"
  assumes mono_gamma: "
  andgamma_Top]: "
fixes num' ::java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
and nameof the parameter \<^typ>\<open>'av\<close> which would otherwise be renamed to\<^typ>\<open>'a\<close>.\<close>
  assumes gamma_num': "i \ \(num' i)"
   gamma_plus i1

type_synonym 'av st = "(begin

text
thename  type \<^typ>\<open>'av\<close> which would otherwise be renamed to
\<^typ>\<open>'a\<close>.\<close>

locale Abs_Int_fun = Val_semilattice where \<gamma>=\<gamma>
  for \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set"
begin

fun aval' :: "aexp"' (Plus a2S=p' aval S S)java.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56
"aval' (N i) Sjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
avalx S=S "|
"aval' (Plus a1 a2) Sby( add: step_)

definition "definition :: "com

definition "step' = Step asem (\b S. S)"

lemma strip_step'[simp]: "strip(step' S C) = strip C"
by( \<gamma>\<^sub>s :: "'av st \<Rightarrow> state set"

definition <gamma
"AI c = pfp (step' \) (bot c)"

\<>\<^sub>s :: "'av st \<Rightarrow> state set"
where "\\<^sub>s == \_fun \"

abbreviation \<gamma>\<^sub>o :: "'av st option \<Rightarrow> state set"
where

abbreviation \<gamma>\<^sub>c :: "'av st option acom \<Rightarrow> state set acom" :  \<gamma>_fun_def)
"

lemma gamma_s_Top[simp
by( add \<gamma>_fun_def)

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
simpadd)

mono_gamma_s
by(auto simp mono_gamma_o anno_map_acom[ C1])

lemmamono_gamma_o
  "S1java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
( S1 rule.induct: mono_gamma_s

lemmamono_gamma_c <le> C2 \<Longrightarrow> \<gamma>\<^sub>c C1 \<le> \<gamma>\<^sub>c C2"
by (simp:  mono_gamma_osize_annos size_annos_same C1C2

text\<open>Correctness:\<close>

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
by (induct   "\x e S. f1 x e (\\<^sub>o S) \ \\<^sub>o (f2 x e S)" "\b S. g1 b (\\<^sub>o S) \ \\<^sub>o (g2 b S)"

lemma in_gamma_update: "\ s \ \\<^sub>s S; i \ \ a \ \ s(x := i) \ \\<^sub>s(S(x := a))"
by(simp add: \<gamma>_fun_def)

lemma gamma_Step_subcomm:
  assumes "java.lang.StringIndexOutOfBoundsException: Range [0, 160) out of bounds for length 0
  showsStep  java.lang.NullPointerException
by (induction  arbitrary:S)(auto simp:mono_gamma_o)

lemma step_step': "step (\\<^sub>o S) (\\<^sub>c C) \ \\<^sub>c (step' S C)"
unfolding step_def step'_def
by(rule gamma_Step_subcomm)
  ( simp aval in_gamma_update asem_def.)

lemma AI_correct: "AI c = Some C \ CS c \ \\<^sub>c C"
proof(simp add: CS_def AI_def
  assume 1 " (step' \) (bot c) = Some C"
  have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])simp: CS_def)
have:" \java.lang.StringIndexOutOfBoundsException: Index 133 out of bounds for length 133
  (rule)
     " (\\<^sub>o \) (\\<^sub>c C) \ \\<^sub>c (step' \ C)" by(rule step_step')
    show ".. have2:"step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment> \<open>transfer the pfp'\<close>(rule )
  qed
   3 strip (\<gamma>\<^sub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
  have"lfpc(step \<
    by(rule lfp_lowerbound[simplified,  java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5

qed

end

subsubsection

locale Abs_Int_fun_mono
assumes
begin

lemma mono_aval': "S \ S' \ aval' e S \ aval' e S'"
by(induction e)(auto simp: le_fun_def

lemmaassumesmono_plus': "a1\ b1 \ a2 \ b2 \ plus' a1 a2 \ plus' b1 b2"
by(

lemmamono_step S1
unfolding step'_def
by(rule mono2_Step)
  (auto

by(simp: le_fun_def)
bylemmamono_step S1\<le> S2 \<Longrightarrow> C1 \<le> C2 \<Longrightarrow> step' S1 C1 \<le> step' S2 C2"

lemma by(rule)
shows( simp: mono_update mono_avalasem_def)
by(rule pfp_bot_least[OF _ _ assms(2,3) assms(1)[unfolded AI_def]])
  (simp_all

end

instantiation acom :: (typeby(metis mono_steporder_refl
begin

definition" = vars o strip"

instance .byrulepfp_bot_leastOF _ _assms,) assms)[ AI_def]])

end

lemma java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
by(simp add: vars_acom_def

"

lemma pfp_termination:
fixes :: ':order"and m::"'a \<Rightarrow> nat"
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
and \Andxy.Ix\<Longrightarrow> I y \<Longrightarrow> x < y \<Longrightarrow> m x > m y"
and :" y I x \ I(f x)" and "I x0" and "x0 \ f x0"
shows "\x. pfp f x0 = Some x"
proof(simp
  show "Termination"
    (rule[OF[of ]] (auto: mIjava.lang.StringIndexOutOfBoundsException: Index 60 out of bounds for length 60
next
  show "I x0 \ x0 \ f x0" using \I x0\ \x0 \ f x0\ by blast
next
  fix x assume "I x \ x \ f x" thus "I(f x) \ f x \ f(f x)"
    by (blast intro: I mono m: "\x y. I x \ I y \ x < y \ m x > m y"
qed

lemma le_iff_le_annos: "C1 \ C2 \
  strip =  C2 \<and> (\<forall> i<size(annos C1). annos C1 ! i \<le> annos C2 ! i)"
bysimpless_eq_acom_def

locale Measure1_fun(rule wf_subset[F wf_measure m]]) auto: mIjava.lang.StringIndexOutOfBoundsException: Index 60 out of bounds for length 60
fixes m :: "'av::top \ nat"
fixes h  fixxassumeI  <and> x \<le> f x" thus "I(f x) \<and> f x \<le> f(f x)"
assumes( intro:Imono)
begin

definitionm_s"avst\ vname set \ nat" (\m\<^sub>s\) where
"m_s java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

   C1=strip C2
by(simp: m_s_defmetis.commute sum_bounded_above h])

fun m_o :: "'av st option \ vname set \ nat" (\m\<^sub>o\) where
"m_o SomeS SX
"m_o None X = h * java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma m_o_h: "finite X \ m_o opt X \ (h*card X + 1)"
by(cases  ::""

definition m_c
" C = sum_list( (\a. m_o a (vars C)) (annos C))"

text m_s_h: "finite X \<Longrightarrow> m_s S X \<le> h * card X"( add ) metis.commute sum_bounded_above h]java.lang.StringIndexOutOfBoundsException: Index 76 out of bounds for length 76
m_c_hm_c C\<le> size(annos C) * (h * card(vars C) + 1)"
proof-
  let ?X = "vars C" let ?n = "card java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  have " C = \Sum>i
    by(simp add:by opt)( le_SucI:m_s_h)
definitionm_c ' \ nat" (\m\<^sub>c\) where
    apply(rulem_c=sum_list\<lambda>a. m_o a (vars C)) (annos C))"
  also have\dots =?  h*?  )  simp
  finally show ?thesism_c_hm_c\<le> size(annos C) * (h * card(vars C) + 1)"
qed

end

locale Measure_fun =  have " = (<>
  form: ':semilattice_sup_top\ nat" +
assumes m2have"<>
beginapplyrule ) using m_o_h finite_Cvars]bysimp

text\<open>The predicates \<open>top_on_ty a X\<close> that follow describe that any abstract
state in \<open>a\<close> maps all variables in \<open>X\<close> to \<^term>\<open>\<top>\<close>.
This Measure_fun Measure1_fun where=m
e finitely variablesin programchange the others  change
follows because they \<^term>\<open>\<top>\<close>.\<close>

fun top_on_st\<openThe \<open>top_on_ty a X\<close> that follow describe that any abstract
"top_on_st S X = (\x\X. S x = \)"

fun top_on_opt :: "'av st option \ vname set \ bool" (\top'_on\<^sub>o\) where
"top_on_opt ("hisisan invariant for termination proof where we we argue only
"top_on_opt X = True"

top_on_acom: 'av st option acom\<> set bool" (\top'_on\<^sub>c\) where
"top_on_acom top_on_st: 'av \ vname set \ bool" (\top'_on\<^sub>s\) where

lemma top_on_top: "top_on_opt \ X"
by(auto simp: top_option_def)

lemma top_on_bot: "top_on_acom (bot c) X"
by(auto  :: "'av option \ vname set \ bool" (\top'_on\<^sub>o\) where

lemma top_on_post: "top_on_acom C X \ top_on_opt (post C) X"
by(simp

lemma top_on_acom_simps:
  " (SKIP {Q}) X top_on_opt X"
  "top_on_acom (x ::= e {Q}) X = top_on_opt Q X"
  "top_on_acom (C1;;C2) X = (top_on_acom C1 X \ top_on_acom C2 X)"
  "top_on_acom(IFb THEN {P1} C1ELSE {P2} C2{}) =
   (top_on_opt P1 X \<and> top_on_acom C1 X \<and> top_on_opt P2 X \<and> top_on_acom C2 X \<and> top_on_opt Q X)"
  lemmatop_on_bot bot X"
byauto add top_on_acom_def bot_def)
lemmatop_on_posttop_on_acomX \<Longrightarrow> top_on_opt (post C) X"

lemma top_on_sup( add:top_on_acom_def)
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
:sup_option
apply   top_on_opt P1  \<and> top_on_acom C1 X \<and> top_on_opt P2 X \<and> top_on_acom C2 X \<and> top_on_opt Q X)"
done

lemma top_on_Step: fixes C :: "'av st option acom"
assumes!  .\<lbrakk>top_on_opt S X; x \<notin> X; vars e \<subseteq> -X\<rbrakk> \<Longrightarrow> top_on_opt (f x e S) X"( simpadd)
        "!!b S. top_on_opt S X \ vars b \ -X \ top_on_opt (g b S) X"
> -X; top_on_opt ;top_on_acom \<rbrakk> \<Longrightarrow> top_on_acom (Step f g S C) X"
proof(induction C arbitrary: S)
qed (auto simp: top_on_acom_simps vars_acom_def top_on_post top_on_sup assms)

lemma m1: "
by(auto simp: le_lessinductionarbitrary

lemmajava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
shows
proof-
from()have:"<>\X. m(S1 x) \ m(S2 x)" by (simp add: m1)
  from assmsfrom (3) have : \<>\<in>X. m(S1 x) \<ge> m(S2 x)" by (simp add: m1)
    by( add ) (metis le_neq_trans
  hence 2:    (simp: ) (metis le_neq_trans
   sum_strict_mono_ex1 \<open>finite X\<close> 1 2]
  show"(
qed

lemma m_s2: "finiteshow"\<Sum>x\<in>X. m (S2 x)) < (\<Sum>x\<in>X. m (S1 x))" .
apply( simp : less_fun_defm_s_def
(simp:  le_fun_def
done( add m_s2_rep)

java.lang.StringIndexOutOfBoundsException: Range [0, 5) out of bounds for length 0
  o1 < o2 \<Longrightarrow> m_o o1 X > m_o o2 X"
proof( o1 o2rule: less_eq_option.)
  case 1 thus ?case by (auto simp: m_s2 less_option_def)proof(inductiono1 o2ruleless_eq_option)
next
  case 2 thus ?case by(auto simp: less_option_def le_imp_less_Suc m_s_h
next
  case 3 thus ?case by (auto simp: less_option_def)
qed

lemma m_o1: "finite X \ top_on_opt o1 (-X) \ top_on_opt o2 (-X) \
  o1 \<le> o2 \<Longrightarrow> m_o o1 X \<ge> m_o o2 X"3 ?case ( simp)
( simpm_o2)

lemma m_c2: "top_on_acom C1 (-vars C1) \ top_on_acom C2 (-vars C2) \
  C1
prooflemma: "top_on_acom C1 (-vars C1) \ top_on_acom C2 (-vars C2) \
  let ?X = "vars(strip C2)"
  assume top" C1 (- vars( C2))"  top_on_acom-vars C2java.lang.StringIndexOutOfBoundsException: Range [86, 87) out of bounds for length 86
  and : "strip C1 = strip C2
  and 0: \<forallannos.annosC1ijava.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69
  hence 1: "\i m_o (annos C2 ! i) ?X"

    bylemma top_on_step: "op_on_acom C (-ars \java.lang.StringIndexOutOfBoundsException: Index 102 out of bounds for length 102
  fixi assumei:" sizeannosC2" "annos C2 ! i\le> annosC1!i"
  have topo1:
    usingi1 (1) ( add size_annos_same strip_eq
  have unfolding
     i()top by addtop_on_acom_def size_annos_same strip_eq)
( add:  mono_steptop)
    by (metis top_on_step( simp:vars_acom_def
  java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
java.lang.StringIndexOutOfBoundsException: Range [55, 2) out of bounds for length 55
          java.lang.NullPointerException
    apply(rule java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  thus ?thesis
    by(simp add: m_c_def vars_acom_def strip_eq sum_list_sum_nth atLeast0LessThan size_annos_same[OF strip_eq])
qed

end

locale Abs_Int_fun_measure =
  Abs_Int_fun_mono where \<gamma>=\<gamma> + Measure_fun where m=m
  for \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set" and m :: "'av \<Rightarrow> nat"
begin

lemma top_on_step': "top_on_acom C (-vars C) \ top_on_acom (step' \ C) (-vars C)"
unfolding step'_def
by(rule top_on_Step)
  (auto simp add: top_option_def asem_def split: option.splits)

lemma AI_Some_measure: "\C. AI c = Some C"
unfolding AI_def
apply(rule pfp_termination[where I = "\C. top_on_acom C (- vars C)" and m="m_c"])
apply(simp_all add: m_c2 mono_step'_top bot_least top_on_bot)
using top_on_step' apply(auto simp add: vars_acom_def)
done

end

text\<open>Problem: not executable because of the comparison of abstract states,
i.e. functions, in the pre-fixpoint computation.\<close>

end

quality96%

¤ Dauer der Verarbeitung: 0.14 Sekunden ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.