1open HolKernel Parse boolLib bossLib; 2 3(* 4quietdec := true; 5loadPath := 6 (concat [Globals.HOLDIR, "/examples/separationLogic/src"]) :: 7 (concat [Globals.HOLDIR, "/examples/separationLogic/src/holfoot"]) :: 8 !loadPath; 9 10map load ["finite_mapTheory", "relationTheory", "congLib", "sortingTheory", 11 "rich_listTheory", "generalHelpersTheory", "latticeTheory", "separationLogicTheory", 12 "stringTheory", 13 "vars_as_resourceTheory", "containerTheory"]; 14show_assums := true; 15*) 16 17open generalHelpersTheory finite_mapTheory relationTheory pred_setTheory 18 sortingTheory listTheory rich_listTheory arithmeticTheory 19 combinTheory optionTheory separationLogicTheory 20 vars_as_resourceTheory pairTheory; 21open stringTheory ConseqConv boolSimps treeTheory 22 quantHeuristicsLib bagTheory containerTheory 23 24(* 25quietdec := false; 26*) 27 28val _ = new_theory "holfoot"; 29val _ = ParseExtras.temp_loose_equality() 30 31(*===================================================================== 32 = 33 = Basic constructs of the new language and the specification logic 34 = 35 =====================================================================*) 36 37 38(********************** 39 * States 40 *********************) 41 42val holfoot_tag = Hol_datatype `holfoot_tag = 43 holfoot_tag of string` 44val holfoot_tag_11 = DB.fetch "-" "holfoot_tag_11"; 45 46val holfoot_var = Hol_datatype `holfoot_var = 47 holfoot_var of string` 48val holfoot_var_11 = DB.fetch "-" "holfoot_var_11"; 49 50 51 52val INFINITE_UNIV_STRING = store_thm ("INFINITE_UNIV_STRING", 53 ``INFINITE (UNIV:string set)``, 54SIMP_TAC std_ss [INFINITE_UNIV] THEN 55Q.EXISTS_TAC `\s. c::s` THEN 56SIMP_TAC std_ss [CONS_11] THEN 57Q.EXISTS_TAC `""` THEN 58SIMP_TAC list_ss []); 59 60 61val INFINITE_UNIV_HOLFOOT_TAG = store_thm ("INFINITE_UNIV_HOLFOOT_TAG", 62 ``INFINITE (UNIV:holfoot_tag set)``, 63 64`UNIV:holfoot_tag set = IMAGE (holfoot_tag) UNIV` by ( 65 SIMP_TAC std_ss [EXTENSION, IN_UNIV, IN_IMAGE] THEN 66 Cases_on `x` THEN 67 PROVE_TAC[] 68) THEN 69METIS_TAC[IMAGE_11_INFINITE, INFINITE_UNIV_STRING, holfoot_tag_11]); 70 71 72 73val INFINITE_UNIV_HOLFOOT_VAR = store_thm ("INFINITE_UNIV_HOLFOOT_VAR", 74 ``INFINITE (UNIV:holfoot_var set)``, 75 76`UNIV:holfoot_var set = IMAGE (holfoot_var) UNIV` by ( 77 SIMP_TAC std_ss [EXTENSION, IN_UNIV, IN_IMAGE] THEN 78 Cases_on `x` THEN 79 PROVE_TAC[] 80) THEN 81METIS_TAC[IMAGE_11_INFINITE, INFINITE_UNIV_STRING, holfoot_var_11]); 82 83 84 85val INFINITE_UNIV_NUM = store_thm ("INFINITE_UNIV_NUM", 86 ``INFINITE (UNIV:num set)``, 87 88SIMP_TAC std_ss [INFINITE_UNIV] THEN 89Q.EXISTS_TAC `SUC` THEN 90SIMP_TAC std_ss [] THEN 91Q.EXISTS_TAC `0` THEN 92SIMP_TAC arith_ss []); 93 94val _ = type_abbrev_pp("holfoot_heap", ���:num |-> (holfoot_tag -> num)���) 95val _ = type_abbrev_pp("holfoot_stack", ���:(num, holfoot_var) var_res_state���) 96val _ = type_abbrev_pp("holfoot_state", ���:(holfoot_stack # holfoot_heap)���) 97 98(* equivalent to x:(num,holfoot_var) var_res_expression*) 99val _ = type_abbrev_pp("holfoot_a_expression", ���:holfoot_stack -> num option���); 100 101(* equivalent to (num,holfoot_var,holfoot_heap) var_res_proposition*) 102val _ = type_abbrev_pp("holfoot_a_proposition", ���:holfoot_state -> bool���); 103 104 105 106(*************************************** 107 * Separation combinator on these states 108 **************************************) 109 110val holfoot_separation_combinator_def = Define ` 111 holfoot_separation_combinator = 112 (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION): holfoot_state bin_option_function`; 113 114 115val IS_SEPARATION_ALGEBRA___holfoot_separation_combinator = 116 store_thm ("IS_SEPARATION_ALGEBRA___holfoot_separation_combinator", 117``IS_SEPARATION_ALGEBRA holfoot_separation_combinator (FEMPTY, FEMPTY)``, 118 119REWRITE_TAC [holfoot_separation_combinator_def] THEN 120MATCH_MP_TAC IS_SEPARATION_ALGEBRA___VAR_RES_COMBINATOR THEN 121REWRITE_TAC[IS_SEPARATION_ALGEBRA___FINITE_MAP]); 122 123 124 125val IS_SEPARATION_COMBINATOR___holfoot_separation_combinator = 126 store_thm ("IS_SEPARATION_COMBINATOR___holfoot_separation_combinator", 127``IS_SEPARATION_COMBINATOR holfoot_separation_combinator``, 128PROVE_TAC[IS_SEPARATION_ALGEBRA___IS_COMBINATOR, IS_SEPARATION_ALGEBRA___holfoot_separation_combinator]); 129 130 131val holfoot_separation_combinator___COMM = store_thm ("holfoot_separation_combinator___COMM", 132``!s1 s2. holfoot_separation_combinator s1 s2 = holfoot_separation_combinator s2 s1``, 133PROVE_TAC[IS_SEPARATION_ALGEBRA___holfoot_separation_combinator, IS_SEPARATION_ALGEBRA_def, COMM_DEF]); 134 135 136 137val IS_VAR_RES_COMBINATOR___holfoot_separation_combinator = 138store_thm ("IS_VAR_RES_COMBINATOR___holfoot_separation_combinator", 139``IS_VAR_RES_COMBINATOR holfoot_separation_combinator``, 140SIMP_TAC std_ss [IS_VAR_RES_COMBINATOR_def, holfoot_separation_combinator_def] THEN 141Q.EXISTS_TAC `DISJOINT_FMAP_UNION` THEN 142REWRITE_TAC[IS_SEPARATION_COMBINATOR___FINITE_MAP]); 143 144 145val GET_VAR_RES_COMBINATOR___holfoot_separation_combinator = 146store_thm ("GET_VAR_RES_COMBINATOR___holfoot_separation_combinator", 147``GET_VAR_RES_COMBINATOR holfoot_separation_combinator = DISJOINT_FMAP_UNION``, 148 149SIMP_TAC std_ss [holfoot_separation_combinator_def] THEN 150MATCH_MP_TAC GET_VAR_RES_COMBINATOR_THM THEN 151REWRITE_TAC[IS_SEPARATION_COMBINATOR___FINITE_MAP]); 152 153 154val holfoot_separation_combinator___REWRITE_helper = prove (`` 155!s1 s2. holfoot_separation_combinator (SOME s1) (SOME s2) = 156 (if (VAR_RES_STACK_IS_SEPARATE (FST s1) (FST s2) /\ (DISJOINT (FDOM (SND s1)) (FDOM (SND s2)))) then 157 SOME (THE (VAR_RES_STACK_COMBINE (SOME (FST s1)) (SOME (FST s2))),FUNION (SND s1) (SND s2)) 158 else 159 NONE)``, 160 161Cases_on `s1` THEN Cases_on `s2` THEN 162SIMP_TAC std_ss [holfoot_separation_combinator_def, VAR_RES_COMBINATOR_def, 163 PRODUCT_SEPARATION_COMBINATOR_REWRITE, LET_THM, 164 DISJOINT_FMAP_UNION_def, BIN_OPTION_MAP_THM] THEN 165SIMP_TAC std_ss [COND_RAND, COND_RATOR] THEN 166Cases_on `DISJOINT (FDOM r) (FDOM r')` THEN ASM_REWRITE_TAC[] THEN 167SIMP_TAC std_ss [VAR_RES_STACK_COMBINE_REWRITE]); 168 169 170 171val holfoot_separation_combinator___REWRITE = 172save_thm ("holfoot_separation_combinator___REWRITE", 173 174let 175 val thm0 = IS_SEPARATION_ALGEBRA___holfoot_separation_combinator; 176 val thm1 = SIMP_RULE std_ss [IS_SEPARATION_ALGEBRA_EXPAND_THM] thm0; 177in CONJ thm1 holfoot_separation_combinator___REWRITE_helper end); 178 179 180 181val holfoot_separation_combinator___asl_emp___REWRITE = 182store_thm ("holfoot_separation_combinator___asl_emp___REWRITE", 183``(holfoot_separation_combinator (SOME (FEMPTY,FEMPTY)) X = X) /\ 184 (holfoot_separation_combinator X (SOME (FEMPTY,FEMPTY)) = X)``, 185Cases_on `X` THEN 186SIMP_TAC std_ss [holfoot_separation_combinator___REWRITE]); 187 188 189 190val SOME___holfoot_separation_combinator = store_thm ("SOME___holfoot_separation_combinator", 191``!s1 s2 s. 192((holfoot_separation_combinator (SOME s1) (SOME s2) = SOME s) = 193 194(DISJOINT (FDOM (SND s1)) (FDOM (SND s2)) /\ 195(VAR_RES_STACK_COMBINE (SOME (FST s1)) (SOME (FST s2)) = SOME (FST s)) /\ 196((SND s) = FUNION (SND s1) (SND s2))))``, 197 198REPEAT GEN_TAC THEN 199SIMP_TAC std_ss [holfoot_separation_combinator___REWRITE, COND_NONE_SOME_REWRITES, 200SOME___VAR_RES_STACK_COMBINE] THEN 201Cases_on `VAR_RES_STACK_IS_SEPARATE (FST s1) (FST s2)` THEN ASM_REWRITE_TAC[] THEN 202Cases_on `s` THEN 203ASM_SIMP_TAC std_ss [VAR_RES_STACK_COMBINE_EXPAND] THEN 204METIS_TAC[]); 205 206 207 208 209val holfoot_separation_combinator___asl_emp = store_thm ("holfoot_separation_combinator___asl_emp", 210``asl_emp holfoot_separation_combinator = {(FEMPTY, FEMPTY)}``, 211 212SIMP_TAC std_ss [asl_emp_def, holfoot_separation_combinator___REWRITE, 213 EXTENSION, IN_ABS, IN_SING]); 214 215val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star___holfoot = 216store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star___holfoot", 217``!exS P1 P2. 218 VAR_RES_IS_STACK_IMPRECISE___USED_VARS exS P1 /\ 219 VAR_RES_IS_STACK_IMPRECISE___USED_VARS exS P2 ==> 220 VAR_RES_IS_STACK_IMPRECISE___USED_VARS exS 221 (asl_star holfoot_separation_combinator P1 P2)``, 222REWRITE_TAC [holfoot_separation_combinator_def, 223 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star]) 224 225 226val VAR_RES_IS_STACK_IMPRECISE___asl_star___holfoot = 227store_thm ("VAR_RES_IS_STACK_IMPRECISE___asl_star___holfoot", 228``!P1 P2. 229 VAR_RES_IS_STACK_IMPRECISE P1 /\ 230 VAR_RES_IS_STACK_IMPRECISE P2 ==> 231 VAR_RES_IS_STACK_IMPRECISE (asl_star holfoot_separation_combinator P1 P2)``, 232REWRITE_TAC [holfoot_separation_combinator_def, 233 VAR_RES_IS_STACK_IMPRECISE___asl_star]) 234 235 236val asl_star_holfoot_THM = store_thm ("asl_star_holfoot_THM", 237``(asl_star holfoot_separation_combinator P (asl_emp holfoot_separation_combinator) = P) /\ 238 (asl_star holfoot_separation_combinator (asl_emp holfoot_separation_combinator) P = P) /\ 239 (asl_star holfoot_separation_combinator (var_res_bool_proposition DISJOINT_FMAP_UNION b1) (var_res_bool_proposition DISJOINT_FMAP_UNION b2) = 240 var_res_bool_proposition DISJOINT_FMAP_UNION (b1 /\ b2)) /\ 241 (asl_star holfoot_separation_combinator (var_res_bool_proposition DISJOINT_FMAP_UNION b1) (asl_star holfoot_separation_combinator 242 (var_res_bool_proposition DISJOINT_FMAP_UNION b2) P) = 243 asl_star holfoot_separation_combinator (var_res_bool_proposition DISJOINT_FMAP_UNION (b1 /\ b2)) P) /\ 244 (asl_star holfoot_separation_combinator (var_res_bool_proposition DISJOINT_FMAP_UNION b1) (var_res_prop_stack_true DISJOINT_FMAP_UNION) = 245 var_res_bool_proposition DISJOINT_FMAP_UNION b1) /\ 246 (asl_star holfoot_separation_combinator (var_res_prop_stack_true DISJOINT_FMAP_UNION) (var_res_bool_proposition DISJOINT_FMAP_UNION b1) = 247 var_res_bool_proposition DISJOINT_FMAP_UNION b1)``, 248 SIMP_TAC std_ss [REWRITE_RULE [ASSOC_DEF] asl_star___PROPERTIES, 249 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 250 SIMP_TAC std_ss [asl_star___var_res_bool_proposition, holfoot_separation_combinator_def, 251 IS_SEPARATION_COMBINATOR___FINITE_MAP, var_res_prop_stack_true_def]); 252 253 254val var_res_prop_varlist_update___asl_star___holfoot = 255store_thm ("var_res_prop_varlist_update___asl_star___holfoot", 256``!vL p1 p2. 257 VAR_RES_IS_STACK_IMPRECISE p1 /\ VAR_RES_IS_STACK_IMPRECISE p2 ==> 258 (var_res_prop_varlist_update vL (asl_star holfoot_separation_combinator p1 p2) = 259 asl_star holfoot_separation_combinator 260 (var_res_prop_varlist_update vL p1) 261 (var_res_prop_varlist_update vL p2))``, 262SIMP_TAC std_ss [holfoot_separation_combinator_def, 263 var_res_prop_varlist_update___asl_star]); 264 265 266(*************************************** 267 * SUBSTATES 268 **************************************) 269 270val HOLFOOT_IS_SUBSTATE_def = Define 271`HOLFOOT_IS_SUBSTATE = 272 ASL_IS_SUBSTATE holfoot_separation_combinator`; 273 274 275 276val HOLFOOT_IS_SUBSTATE___IS_PREORDER = 277 store_thm ("HOLFOOT_IS_SUBSTATE___IS_PREORDER", 278``PreOrder HOLFOOT_IS_SUBSTATE``, 279 280PROVE_TAC[HOLFOOT_IS_SUBSTATE_def, ASL_IS_SUBSTATE___IS_PREORDER, 281 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator]); 282 283 284 285val HOLFOOT_IS_SUBSTATE___TRANS = 286 save_thm ("HOLFOOT_IS_SUBSTATE___TRANS", 287CONJUNCT2 ( 288REWRITE_RULE[PreOrder, transitive_def] HOLFOOT_IS_SUBSTATE___IS_PREORDER)); 289 290val HOLFOOT_IS_SUBSTATE___REFL = 291 save_thm ("HOLFOOT_IS_SUBSTATE___REFL", 292CONJUNCT1 ( 293REWRITE_RULE[PreOrder, reflexive_def] HOLFOOT_IS_SUBSTATE___IS_PREORDER)); 294 295 296 297 298val HOLFOOT_IS_SUBSTATE_INTRO = store_thm ("HOLFOOT_IS_SUBSTATE_INTRO", 299``!x1 x2 x. 300 (holfoot_separation_combinator (SOME x1) (SOME x2) = SOME x) ==> 301 (HOLFOOT_IS_SUBSTATE x1 x /\ 302 HOLFOOT_IS_SUBSTATE x2 x)``, 303 304SIMP_TAC std_ss [HOLFOOT_IS_SUBSTATE_def, 305 ASL_IS_SUBSTATE_def] THEN 306ASSUME_TAC IS_SEPARATION_COMBINATOR___holfoot_separation_combinator THEN 307FULL_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR_def, COMM_DEF] THEN 308METIS_TAC[]); 309 310 311 312val HOLFOOT_IS_SUBSTATE_REWRITE = store_thm ( 313"HOLFOOT_IS_SUBSTATE_REWRITE", 314``!s1 s2. 315HOLFOOT_IS_SUBSTATE s1 s2 = 316VAR_RES_STACK_IS_SUBSTATE (FST s1) (FST s2) /\ 317ASL_IS_SUBSTATE DISJOINT_FMAP_UNION (SND s1) (SND s2)``, 318 319SIMP_TAC std_ss [HOLFOOT_IS_SUBSTATE_def, 320 holfoot_separation_combinator_def, VAR_RES_COMBINATOR_def, 321 ASL_IS_SUBSTATE___PRODUCT_SEPARATION_COMBINATOR, 322 VAR_RES_STACK_IS_SUBSTATE_def]); 323 324 325 326val HOLFOOT_SUBSTATE_IMPLS = store_thm ("HOLFOOT_SUBSTATE_IMPLS", 327``!s1 s2. ASL_IS_SUBSTATE holfoot_separation_combinator s1 s2 ==> 328 (((SND s1) SUBMAP (SND s2)) /\ 329 (!v. (v IN FDOM (FST s1)) ==> ( 330 (v IN FDOM (FST s2)) /\ (FST ((FST s2) ' v) = (FST ((FST s1) ' v))) /\ 331 (IS_VAR_RES_SUBPERMISSION (SND ((FST s1) ' v)) (SND ((FST s2) ' v))))))``, 332 333 334SIMP_TAC std_ss [GSYM HOLFOOT_IS_SUBSTATE_def, 335 HOLFOOT_IS_SUBSTATE_REWRITE, 336 VAR_RES_STACK_IS_SUBSTATE_REWRITE, 337 ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION, 338 SUBMAP_DEF, SUBSET_DEF]); 339 340 341(****************************************** 342 * not in heap 343 ******************************************) 344 345val holfoot_not_in_heap_def = Define ` 346holfoot_not_in_heap (e:holfoot_a_expression) = 347\s. ?c. (e (FST s) = SOME c) /\ (~(c IN FDOM (SND s)))` 348 349 350val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_not_in_heap = 351store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_not_in_heap", 352``!vs e. 353VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e ==> 354VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_not_in_heap e)``, 355 356SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___ALTERNATIVE_DEF, 357 holfoot_not_in_heap_def, IN_ABS, GSYM IS_SOME_EXISTS] THEN 358REPEAT STRIP_TAC THEN 359Q.EXISTS_TAC `c` THEN 360FULL_SIMP_TAC std_ss [] THEN 361 362`e (FST s) = e (FST s2)` suffices_by ASM_REWRITE_TAC[] THEN 363MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___EXP_EQ THEN 364FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___REWRITE, 365 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 366 367Q.EXISTS_TAC `vs'` THEN Q.EXISTS_TAC `vs'` THEN 368ASM_SIMP_TAC std_ss [SUBSET_REFL] THEN 369 370MATCH_MP_TAC (prove (``(((A /\ B) ==> C) /\ (B /\ (B ==> A))) ==> (A /\ B /\ C)``, METIS_TAC[])) THEN 371CONJ_TAC THEN1 ( 372 REPEAT STRIP_TAC THEN 373 Q.PAT_ASSUM `!v. X v` MATCH_MP_TAC THEN 374 FULL_SIMP_TAC std_ss [SUBSET_DEF] 375) THEN 376CONJ_TAC THEN1 ( 377 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_REL___REWRITE] THEN 378 METIS_TAC[optionTheory.option_CLAUSES] 379) THEN 380FULL_SIMP_TAC std_ss [SUBSET_DEF, IN_INTER]); 381 382 383 384(****************************************** 385 * implies in heap 386 ******************************************) 387 388val holfoot_implies_in_heap_pred_def = Define ` 389 holfoot_implies_in_heap_pred p B b e = 390 (!st:holfoot_stack st2:holfoot_stack h1:holfoot_heap h2:holfoot_heap. 391 VAR_RES_STACK_IS_SUBSTATE st2 st /\ 392 (st, h1) IN (var_res_bigstar DISJOINT_FMAP_UNION B) /\ 393 (st2, h2) IN (var_res_bigstar DISJOINT_FMAP_UNION b) ==> 394 (IS_SOME ((e:holfoot_a_expression) st) /\ (p (FDOM h2) (THE (e st)))))`; 395 396val holfoot_implies_in_heap_def = Define ` 397 holfoot_implies_in_heap = 398 holfoot_implies_in_heap_pred (\X x. ~(x = 0) /\ x IN X)` 399 400val holfoot_implies_in_heap_or_null_def = Define ` 401 holfoot_implies_in_heap_or_null = 402 holfoot_implies_in_heap_pred (\X x. (x = 0) \/ x IN X)` 403 404 405val holfoot_implies_in_heap___implies___or_null = 406store_thm ("holfoot_implies_in_heap___implies___or_null", 407 408``!B b e. holfoot_implies_in_heap B b e ==> 409 holfoot_implies_in_heap_or_null B b e``, 410 411SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def, 412 holfoot_implies_in_heap_def, holfoot_implies_in_heap_pred_def] THEN 413METIS_TAC[]); 414 415 416val holfoot_implies_in_heap_or_null___const_null = 417store_thm ("holfoot_implies_in_heap_or_null___const_null", 418``!B b. holfoot_implies_in_heap_or_null B b (var_res_exp_const 0)``, 419SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def, 420 holfoot_implies_in_heap_pred_def, var_res_exp_const_def]); 421 422 423val holfoot_implies_in_heap___or_null___implies_unequal = 424store_thm ("holfoot_implies_in_heap___or_null___implies_unequal", 425``!sfb b1 b2 e1 e2. 426SUB_BAG (BAG_UNION b1 b2) sfb /\ 427holfoot_implies_in_heap sfb b1 e1 /\ 428holfoot_implies_in_heap_or_null sfb b2 e2 ==> 429 430var_res_implies_unequal DISJOINT_FMAP_UNION sfb e1 e2``, 431 432SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def, 433 holfoot_implies_in_heap_def, SUB_BAG_EXISTS, 434 holfoot_implies_in_heap_pred_def, 435 GSYM LEFT_FORALL_IMP_THM, GSYM RIGHT_EXISTS_AND_THM, 436 GSYM LEFT_EXISTS_AND_THM, 437 var_res_implies_unequal_def, 438 holfoot_separation_combinator_def] THEN 439REPEAT STRIP_TAC THEN 440`?st h. s = (st, h)` by (Cases_on `s` THEN SIMP_TAC std_ss []) THEN 441REPEAT (Q.PAT_X_ASSUM `!st st2 h1 h2. X` 442 (MP_TAC o Q.SPEC `h` o CONV_RULE SWAP_FORALL_CONV o Q.SPEC `st`)) THEN 443FULL_SIMP_TAC std_ss [] THEN 444FULL_SIMP_TAC std_ss [ 445 var_res_bigstar_UNION, IS_SEPARATION_COMBINATOR___FINITE_MAP, 446 asl_star_def, IN_ABS, GSYM holfoot_separation_combinator_def, 447 SOME___holfoot_separation_combinator] THEN 448REPEAT STRIP_TAC THEN 449`?st1 st2 h1 h2. (p' = (st1, h1)) /\ (q' = (st2, h2))` by 450 (Cases_on `p'` THEN Cases_on `q'` THEN SIMP_TAC std_ss []) THEN 451Q.PAT_X_ASSUM `!st2 h2. X` (MP_TAC o Q.SPECL [`st2`, `h2`]) THEN 452Q.PAT_X_ASSUM `!st2 h2. X` (MP_TAC o Q.SPECL [`st1`, `h1`]) THEN 453 454`VAR_RES_STACK_IS_SUBSTATE st1 st /\ 455 VAR_RES_STACK_IS_SUBSTATE st2 st` by ( 456 FULL_SIMP_TAC std_ss [] THEN 457 METIS_TAC [VAR_RES_STACK_IS_SUBSTATE_INTRO, 458 VAR_RES_STACK_IS_SUBSTATE___TRANS] 459) THEN 460FULL_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS] THEN 461REPEAT STRIP_TAC THEN ( 462 FULL_SIMP_TAC std_ss [DISJOINT_DEF, EXTENSION, IN_INTER, NOT_IN_EMPTY] THEN 463 METIS_TAC[] 464)); 465 466 467 468 469val holfoot_implies_in_heap___implies_unequal = 470store_thm ("holfoot_implies_in_heap___implies_unequal", 471``!sfb b1 b2 e1 e2. 472SUB_BAG (BAG_UNION b1 b2) sfb /\ 473holfoot_implies_in_heap sfb b1 e1 /\ 474holfoot_implies_in_heap sfb b2 e2 ==> 475 476var_res_implies_unequal DISJOINT_FMAP_UNION sfb e1 e2``, 477 478METIS_TAC[holfoot_implies_in_heap___or_null___implies_unequal, 479 holfoot_implies_in_heap___implies___or_null]); 480 481 482val holfoot_implies_in_heap___implies_unequal___null = 483store_thm ("holfoot_implies_in_heap___implies_unequal___null", 484``!sfb b e. 485SUB_BAG b sfb /\ holfoot_implies_in_heap sfb b e ==> 486var_res_implies_unequal DISJOINT_FMAP_UNION sfb e (var_res_exp_const 0)``, 487 488REPEAT STRIP_TAC THEN 489MATCH_MP_TAC holfoot_implies_in_heap___or_null___implies_unequal THEN 490Q.EXISTS_TAC `b` THEN Q.EXISTS_TAC `EMPTY_BAG` THEN 491ASM_SIMP_TAC std_ss [BAG_UNION_EMPTY, 492 holfoot_implies_in_heap_or_null___const_null]); 493 494 495 496val holfoot_implies_in_heap_or_null___implies_equal = 497store_thm ("holfoot_implies_in_heap_or_null___implies_equal", 498``!wpb rpb sfb b1 b2 e. 499 500SUB_BAG (BAG_UNION b1 b2) sfb /\ 501holfoot_implies_in_heap_or_null sfb b1 e /\ 502holfoot_implies_in_heap_or_null sfb b2 e ==> 503VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 504 (SET_OF_BAG (BAG_UNION wpb rpb)) e ==> 505 506var_res_prop_implies DISJOINT_FMAP_UNION (wpb,rpb) sfb 507 {|var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0)|}``, 508 509 510SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def, 511 SUB_BAG_EXISTS, 512 holfoot_implies_in_heap_pred_def, 513 GSYM LEFT_FORALL_IMP_THM, GSYM RIGHT_EXISTS_AND_THM, 514 GSYM LEFT_EXISTS_AND_THM, 515 var_res_implies_unequal_def, 516 holfoot_separation_combinator_def, 517 var_res_prop_implies_REWRITE, 518 BAG_UNION_INSERT, BAG_UNION_EMPTY] THEN 519REPEAT STRIP_TAC THEN 520`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) 521 ((var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0)):holfoot_a_proposition)` by ( 522 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 523 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 524 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_const, 525 EMPTY_SUBSET] 526) THEN 527`!s. 528 (var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) (b1 + b2 + b) /\ 529 s IN var_res_prop___PROP DISJOINT_FMAP_UNION (wpb,rpb) (b1 + b2 + b)) ==> 530 (e (FST s) = SOME 0)` suffices_by (STRIP_TAC THEN 531 532 ASM_SIMP_TAC std_ss [var_res_prop___REWRITE, 533 var_res_prop___COND_INSERT, var_res_prop___PROP_INSERT] THEN 534 ASM_SIMP_TAC (std_ss++CONJ_ss) [COND_RAND, COND_RATOR, 535 var_res_prop_equal_unequal_EXPAND, IN_ABS, 536 var_res_exp_const_def, asl_emp_DISJOINT_FMAP_UNION, 537 IN_SING, DISJOINT_FMAP_UNION___FEMPTY, 538 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 539 GSYM LEFT_EXISTS_AND_THM] THEN 540 SIMP_TAC std_ss [IN_ABS3] 541) THEN 542 543REPEAT STRIP_TAC THEN 544`s IN var_res_bigstar DISJOINT_FMAP_UNION (b1 + b2 + b)` by ( 545 FULL_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 546 IS_SEPARATION_COMBINATOR___FINITE_MAP, IN_ABS] 547) THEN 548 549`?st h. s = (st, h)` by (Cases_on `s` THEN SIMP_TAC std_ss []) THEN 550Q.PAT_X_ASSUM `s IN var_res_prop___PROP f X Z` MP_TAC THEN 551FULL_SIMP_TAC std_ss [var_res_prop___COND_UNION, 552 var_res_prop___PROP_UNION, IN_ABS] THEN 553REPEAT STRIP_TAC THEN 554Q.PAT_X_ASSUM `!st st2 h1 h2. X` (MP_TAC o Q.SPECL [`st`, `st`, `h`, `s2'`]) THEN 555Q.PAT_X_ASSUM `!st st2 h1 h2. X` (MP_TAC o Q.SPECL [`st`, `st`, `h`, `s1'`]) THEN 556ASM_SIMP_TAC std_ss [VAR_RES_STACK_IS_SUBSTATE___REFL] THEN 557FULL_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, IS_SEPARATION_COMBINATOR___FINITE_MAP, 558 IN_ABS] THEN 559SIMP_TAC (std_ss++CONJ_ss) [IS_SOME_EXISTS, GSYM LEFT_FORALL_IMP_THM, 560 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 561REPEAT STRIP_TAC THEN ASM_REWRITE_TAC[] THEN 562FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, EXTENSION, 563 DISJOINT_DEF, IN_INTER, NOT_IN_EMPTY] THEN 564METIS_TAC[]); 565 566 567 568val holfoot_implies_in_heap_pred___asl_and = 569store_thm ("holfoot_implies_in_heap_pred___asl_and", 570 571``!p B P1 P2 sfb e. 572 (holfoot_implies_in_heap_pred p B (BAG_INSERT P1 sfb) e \/ 573 holfoot_implies_in_heap_pred p B (BAG_INSERT P2 sfb) e) ==> 574 (holfoot_implies_in_heap_pred p B (BAG_INSERT 575 (asl_and P1 P2) sfb) e)``, 576 577SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 578 var_res_bigstar_REWRITE_EXT, 579 holfoot_separation_combinator_def, 580 BAG_INSERT_NOT_EMPTY, 581 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 582REPEAT GEN_TAC THEN 583Q.HO_MATCH_ABBREV_TAC `((!st st2 h1 h2. PP1 st st2 h1 h2 ==> Q st h1 h2) \/ (!st st2 h1 h2. PP2 st st2 h1 h2 ==> Q st h1 h2)) ==> 584 (!st st2 h1 h2. PP st st2 h1 h2 ==> Q st h1 h2)` THEN 585`!st st2 h1 h2. PP st st2 h1 h2 ==> PP1 st st2 h1 h2 /\ PP2 st st2 h1 h2` suffices_by (STRIP_TAC THEN 586 METIS_TAC[] 587) THEN 588UNABBREV_ALL_TAC THEN 589SIMP_TAC std_ss [asl_star_def, IN_ABS, asl_bool_EVAL] THEN 590METIS_TAC[]); 591 592 593 594val holfoot_implies_in_heap_pred___asl_exists = 595store_thm ("holfoot_implies_in_heap_pred___asl_exists", 596``!p B P sfb e. 597 (holfoot_implies_in_heap_pred p B (BAG_INSERT 598 (asl_exists x. P x) sfb) e) = 599 (!x. holfoot_implies_in_heap_pred p B (BAG_INSERT (P x) sfb) e)``, 600 601SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 602 var_res_bigstar_REWRITE_EXT, 603 holfoot_separation_combinator_def, 604 GSYM asl_exists___asl_star_THM, asl_bool_EVAL, 605 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 606 IS_SEPARATION_COMBINATOR___FINITE_MAP, 607 GSYM LEFT_FORALL_IMP_THM, 608 BAG_INSERT_NOT_EMPTY] THEN 609METIS_TAC[]); 610 611 612val holfoot_implies_in_heap_pred___asl_false = 613store_thm ("holfoot_implies_in_heap_pred___asl_false", 614``!p B sfb e. 615 (holfoot_implies_in_heap_pred p B (BAG_INSERT 616 asl_false sfb) e)``, 617 618SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 619 var_res_bigstar_REWRITE_EXT, 620 holfoot_separation_combinator_def, 621 asl_false___asl_star_THM, asl_bool_EVAL, 622 IS_SEPARATION_COMBINATOR___FINITE_MAP, 623 BAG_INSERT_NOT_EMPTY]); 624 625 626val holfoot_implies_in_heap_pred___asl_star = 627store_thm ("holfoot_implies_in_heap_pred___asl_star", 628 629``!p B P1 P2 sfb e. 630 (holfoot_implies_in_heap_pred p B (BAG_INSERT 631 (asl_star holfoot_separation_combinator P1 P2) sfb) e) = 632 holfoot_implies_in_heap_pred p B (BAG_INSERT P1 (BAG_INSERT P2 sfb)) e``, 633 634SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 635 var_res_bigstar_REWRITE_EXT, 636 IS_SEPARATION_COMBINATOR___FINITE_MAP, 637 holfoot_separation_combinator_def, 638 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 639 REWRITE_RULE [ASSOC_DEF] asl_star___PROPERTIES, 640 BAG_INSERT_NOT_EMPTY]); 641 642 643val holfoot_implies_in_heap_pred___asl_bigstar = 644store_thm ("holfoot_implies_in_heap_pred___asl_bigstar", 645 646``!p B sfb1 sfb2 e. 647 ((holfoot_implies_in_heap_pred p B (BAG_INSERT 648 (asl_bigstar holfoot_separation_combinator sfb1) sfb2) e) = 649 (holfoot_implies_in_heap_pred p B (BAG_UNION sfb1 sfb2) e))``, 650 651REPEAT GEN_TAC THEN 652Tactical.REVERSE (Cases_on `FINITE_BAG sfb1`) THEN1 ( 653 SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 654 asl_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 655 FULL_SIMP_TAC std_ss [var_res_bigstar_REWRITE_EXT, 656 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 657 ASM_SIMP_TAC std_ss [var_res_bigstar_def, asl_bigstar_def, FINITE_BAG_UNION, 658 BAG_INSERT_NOT_EMPTY, BAG_UNION_EMPTY, FINITE_BAG_THM, asl_bool_EVAL, 659 asl_false___asl_star_THM] 660) THEN 661Q.SPEC_TAC (`sfb2`, `sfb2`) THEN 662POP_ASSUM MP_TAC THEN 663Q.SPEC_TAC (`sfb1`, `sfb1`) THEN 664HO_MATCH_MP_TAC FINITE_BAG_INDUCT THEN 665REPEAT STRIP_TAC THENL [ 666 SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 667 asl_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 668 asl_star___PROPERTIES, BAG_UNION_EMPTY, var_res_bigstar_REWRITE, 669 IS_SEPARATION_COMBINATOR___FINITE_MAP, 670 GSYM holfoot_separation_combinator_def], 671 672 ASM_SIMP_TAC std_ss [holfoot_implies_in_heap_pred___asl_star, 673 asl_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 674 ONCE_REWRITE_TAC[BAG_INSERT_commutes] THEN 675 ASM_SIMP_TAC std_ss [] THEN 676 SIMP_TAC std_ss [BAG_UNION_INSERT] 677]); 678 679 680 681 682val holfoot_implies_in_heap_pred___SUB_BAG = 683store_thm ("holfoot_implies_in_heap_pred___SUB_BAG", 684``!p B sfb1 sfb2 e. 685 SUB_BAG sfb1 sfb2 /\ 686 (!s1 s2 x. s1 SUBSET s2 /\ p s1 x ==> p s2 x) /\ 687 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 688 (holfoot_implies_in_heap_pred p B sfb1 e) ==> 689 (holfoot_implies_in_heap_pred p B sfb2 e)``, 690 691SIMP_TAC (std_ss++CONJ_ss) [holfoot_implies_in_heap_pred_def, 692 SUB_BAG_EXISTS, 693 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 694 GSYM LEFT_FORALL_IMP_THM, asl_star_def, IN_ABS, 695 var_res_bigstar_UNION, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 696 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 697REPEAT GEN_TAC THEN STRIP_TAC THEN 698REPEAT GEN_TAC THEN STRIP_TAC THEN 699Q.PAT_X_ASSUM `!st st2 h1 h2. X` (MP_TAC o Q.SPECL [ 700 `st`, `FST (p':holfoot_state)`, 701 `h1`, `SND (p':holfoot_state)`]) THEN 702`(VAR_RES_STACK_IS_SUBSTATE (FST p') st) /\ 703 FDOM (SND p') SUBSET FDOM h2` by ( 704 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 705 FDOM_FUNION, SUBSET_UNION, GSYM holfoot_separation_combinator_def] THEN 706 METIS_TAC[VAR_RES_STACK_IS_SUBSTATE___TRANS, VAR_RES_STACK_IS_SUBSTATE_INTRO] 707) THEN 708ASM_SIMP_TAC std_ss [] THEN 709METIS_TAC[]); 710 711 712val holfoot_implies_in_heap_or_null___SUB_BAG = 713store_thm ("holfoot_implies_in_heap_or_null___SUB_BAG", 714``!B sfb1 sfb2 e. 715 SUB_BAG sfb1 sfb2 ==> 716 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 717 ((holfoot_implies_in_heap_or_null B sfb1 e) ==> 718 (holfoot_implies_in_heap_or_null B sfb2 e))``, 719 720REWRITE_TAC[holfoot_implies_in_heap_or_null_def] THEN 721REPEAT STRIP_TAC THEN 722MATCH_MP_TAC holfoot_implies_in_heap_pred___SUB_BAG THEN 723Q.EXISTS_TAC `sfb1` THEN 724ASM_SIMP_TAC std_ss [SUBSET_DEF] THEN 725METIS_TAC[]); 726 727 728val holfoot_implies_in_heap___SUB_BAG = 729store_thm ("holfoot_implies_in_heap___SUB_BAG", 730``!B sfb1 sfb2 e. 731 SUB_BAG sfb1 sfb2 ==> 732 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 733 ((holfoot_implies_in_heap B sfb1 e) ==> 734 (holfoot_implies_in_heap B sfb2 e))``, 735 736REWRITE_TAC[holfoot_implies_in_heap_def] THEN 737REPEAT STRIP_TAC THEN 738MATCH_MP_TAC holfoot_implies_in_heap_pred___SUB_BAG THEN 739Q.EXISTS_TAC `sfb1` THEN 740ASM_SIMP_TAC std_ss [SUBSET_DEF]); 741 742 743val holfoot_implies_in_heap_pred___FIRST = 744store_thm ("holfoot_implies_in_heap_pred___FIRST", 745``!p B P sfb e. 746 (!s1 s2 x. s1 SUBSET s2 /\ p s1 x ==> p s2 x) /\ 747 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 748 (!st h. (st, h) IN P ==> 749 (IS_SOME (e st) /\ p (FDOM h) (THE (e st)))) ==> 750 (holfoot_implies_in_heap_pred p B (BAG_INSERT P sfb) e)``, 751 752SIMP_TAC std_ss [holfoot_implies_in_heap_pred_def, 753 BAG_INSERT_NOT_EMPTY, IS_SEPARATION_COMBINATOR___FINITE_MAP, 754 var_res_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 755REPEAT GEN_TAC THEN STRIP_TAC THEN 756REPEAT GEN_TAC THEN STRIP_TAC THEN 757FULL_SIMP_TAC std_ss [asl_star_def, IN_ABS, 758 holfoot_separation_combinator_def, 759 VAR_RES_COMBINATOR_REWRITE, LET_THM, 760 DISJOINT_FMAP_UNION___REWRITE, 761 COND_NONE_SOME_REWRITES] THEN 762`?st' h'. p' = (st', h')` by (Cases_on `p'` THEN SIMP_TAC std_ss []) THEN 763FULL_SIMP_TAC std_ss [] THEN RES_TAC THEN 764`e st = e st'` by ( 765 MATCH_MP_TAC 766 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_RIGHT THEN 767 ASM_SIMP_TAC std_ss [] THEN 768 PROVE_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO, 769 VAR_RES_STACK_IS_SUBSTATE___TRANS] 770) THEN 771FULL_SIMP_TAC std_ss [IN_UNION, FDOM_FUNION] THEN 772Q.PAT_X_ASSUM `!s1 s2 x. X` MATCH_MP_TAC THEN 773Q.EXISTS_TAC `FDOM h'` THEN 774ASM_SIMP_TAC std_ss [SUBSET_UNION]); 775 776 777val holfoot_implies_in_heap___FIRST = 778store_thm ("holfoot_implies_in_heap___FIRST", 779``!B P sfb e. 780 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 781 (!st h. (st, h) IN P ==> 782 (IS_SOME (e st) /\ (THE (e st)) IN (FDOM h) /\ 783 ~(THE (e st) = 0))) ==> 784 (holfoot_implies_in_heap B (BAG_INSERT P sfb) e)``, 785 786REWRITE_TAC [holfoot_implies_in_heap_def] THEN 787REPEAT STRIP_TAC THEN 788MATCH_MP_TAC holfoot_implies_in_heap_pred___FIRST THEN 789ASM_SIMP_TAC std_ss [SUBSET_DEF] THEN 790PROVE_TAC[]); 791 792 793val holfoot_implies_in_heap_or_null___FIRST = 794store_thm ("holfoot_implies_in_heap_or_null___FIRST", 795``!B P sfb e. 796 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 797 (!st h. (st, h) IN P ==> 798 (IS_SOME (e st) /\ ((THE (e st)) IN (FDOM h) \/ 799 (THE (e st) = 0)))) ==> 800 (holfoot_implies_in_heap_or_null B (BAG_INSERT P sfb) e)``, 801 802REWRITE_TAC [holfoot_implies_in_heap_or_null_def] THEN 803REPEAT STRIP_TAC THEN 804MATCH_MP_TAC holfoot_implies_in_heap_pred___FIRST THEN 805ASM_SIMP_TAC std_ss [SUBSET_DEF] THEN 806PROVE_TAC[]); 807 808 809 810 811 812val holfoot_implies_in_heap_or_null___equal_null = 813store_thm ("holfoot_implies_in_heap_or_null___equal_null", 814``(!B e sfb. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 815 holfoot_implies_in_heap_or_null B 816 (BAG_INSERT 817 (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_const 0) e) sfb) e) /\ 818(!B e sfb. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 819 holfoot_implies_in_heap_or_null B 820 (BAG_INSERT 821 (var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0)) sfb) e) /\ 822(!B e sfb. ~(B = EMPTY_BAG) /\ IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 823 holfoot_implies_in_heap_or_null B 824 (BAG_INSERT 825 (var_res_prop_weak_equal (var_res_exp_const 0) e) sfb) e) /\ 826(!B e sfb. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 827 holfoot_implies_in_heap_or_null B 828 (BAG_INSERT 829 (var_res_prop_weak_equal e (var_res_exp_const 0)) sfb) e)``, 830 831SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def] THEN 832CONSEQ_REWRITE_TAC ([], [holfoot_implies_in_heap_pred___FIRST], []) THEN 833SIMP_TAC std_ss [LEFT_AND_OVER_OR, DISJ_IMP_THM, SUBSET_DEF, 834 var_res_prop_equal_unequal_EXPAND, 835 IN_ABS, var_res_exp_const_def]); 836 837 838 839 840 841 842(****************************************** 843 * Expressions & Propositions 844 ******************************************) 845 846 847(*----------------- 848 * Points to 849 *-----------------*) 850val holfoot_ap_points_to_def = Define ` 851 holfoot_ap_points_to e1 L = \state:holfoot_state. 852 let stack = FST state in 853 let heap = SND state in 854 let loc_opt = (e1 stack) in (IS_SOME (loc_opt) /\ 855 let (loc = THE loc_opt) in (~(loc = 0) /\ ((FDOM heap)= {loc}) /\ 856 (FEVERY (\(tag,exp). 857 (IS_SOME (exp stack)) /\ 858 (THE (exp stack) = (heap ' loc) tag)) L)))`; 859 860 861 862val holfoot_ap_points_to___null = 863store_thm ("holfoot_ap_points_to___null", 864``!L. holfoot_ap_points_to (var_res_exp_const 0) L = asl_false``, 865SIMP_TAC std_ss [holfoot_ap_points_to_def, var_res_exp_const_def, 866 LET_THM, PAIR_BETA_THM, asl_false_def, 867 EMPTY_DEF]); 868 869 870val holfoot_ap_points_to___SUBMAP = 871store_thm ("holfoot_ap_points_to___SUBMAP", 872``!e L1 L2 s. 873(s IN holfoot_ap_points_to e L1 /\ L2 SUBMAP L1) ==> 874(s IN holfoot_ap_points_to e L2)``, 875Cases_on `s` THEN 876SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] THEN 877SIMP_TAC std_ss [SUBMAP_DEF, FEVERY_DEF]); 878 879 880 881 882val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to = 883store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to", 884``!vs e1 L. 885(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e1 /\ 886FEVERY (\x. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs (SND x)) L) ==> 887VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_points_to e1 L)``, 888 889 890 891SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___ALTERNATIVE_DEF, 892 IN_ABS, LET_THM, holfoot_ap_points_to_def] THEN 893REPEAT (GEN_TAC ORELSE DISCH_TAC) THEN 894FULL_SIMP_TAC std_ss [] THEN 895 896`!e:holfoot_a_expression. (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e /\ 897 IS_SOME (e (FST s2))) ==> 898 (e (FST s2) = e (FST s))` by ( 899 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___REWRITE, 900 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_REL___REWRITE] THEN 901 REPEAT STRIP_TAC THEN 902 `vs'' SUBSET FDOM (FST s2)` by METIS_TAC[] THEN 903 `vs'' SUBSET FDOM (FST s)` by ( 904 Q.PAT_X_ASSUM `FDOM (FST s2) INTER X SUBSET Y` MP_TAC THEN 905 FULL_SIMP_TAC std_ss [SUBSET_DEF, IN_INTER] 906 ) THEN 907 Q.PAT_X_ASSUM `!st1 st2. X st1 st2` MATCH_MP_TAC THEN 908 FULL_SIMP_TAC std_ss [SUBSET_DEF] 909) THEN 910 911RES_TAC THEN 912FULL_SIMP_TAC std_ss [] THEN 913REPEAT (Q.PAT_X_ASSUM `FEVERY X L` MP_TAC) THEN 914Q.SPEC_TAC (`L`, `L`) THEN 915 916HO_MATCH_MP_TAC fmap_INDUCT THEN 917SIMP_TAC std_ss [FEVERY_FEMPTY, FEVERY_FUPDATE, NOT_FDOM_DRESTRICT] THEN 918REPEAT (GEN_TAC ORELSE DISCH_TAC) THEN 919FULL_SIMP_TAC std_ss [] THEN 920`y (FST s2) = y (FST s)` by METIS_TAC[] THEN 921FULL_SIMP_TAC std_ss []); 922 923 924 925val VAR_RES_IS_STACK_IMPRECISE___points_to = 926store_thm ("VAR_RES_IS_STACK_IMPRECISE___points_to", 927``!e L. 928(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 929FEVERY (\x. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS (SND x))) L) ==> 930 931VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_points_to e L)``, 932 933REWRITE_TAC [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 934 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 935 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to]); 936 937 938val var_res_prop_varlist_update___holfoot_ap_points_to = 939store_thm ("var_res_prop_varlist_update___holfoot_ap_points_to", 940``!vcL e L. 941var_res_prop_varlist_update vcL (holfoot_ap_points_to e L) = 942holfoot_ap_points_to (var_res_exp_varlist_update vcL e) 943 ((var_res_exp_varlist_update vcL) o_f L)``, 944 945SIMP_TAC std_ss [holfoot_ap_points_to_def, 946 var_res_prop_varlist_update_def, IN_ABS, LET_THM, 947 var_res_ext_state_varlist_update_def, 948 var_res_exp_varlist_update_def, 949 FEVERY_o_f] THEN 950ONCE_REWRITE_TAC[FUN_EQ_THM] THEN 951SIMP_TAC std_ss [FEVERY_DEF]) 952 953 954 955 956val holfoot_ap_points_to___implies_in_heap = store_thm ( 957"holfoot_ap_points_to___implies_in_heap", 958``!B e L sfb. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 959 holfoot_implies_in_heap B 960 (BAG_INSERT (holfoot_ap_points_to e L) sfb) e``, 961 962REPEAT STRIP_TAC THEN 963MATCH_MP_TAC holfoot_implies_in_heap___FIRST THEN 964ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, 965 IN_ABS, LET_THM, IN_SING]); 966 967val holfoot_ap_points_to___implies_in_heap___COMPUTE = store_thm ( 968"holfoot_ap_points_to___implies_in_heap___COMPUTE", 969``!B e L. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 970 holfoot_implies_in_heap B 971 ({| (holfoot_ap_points_to e L) |}) e``, 972SIMP_TAC std_ss [holfoot_ap_points_to___implies_in_heap]); 973 974 975 976val holfoot_ap_points_to___implies_in_heap_or_null = store_thm ( 977"holfoot_ap_points_to___implies_in_heap_or_null", 978``!B e L sfb. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 979 holfoot_implies_in_heap_or_null B 980 (BAG_INSERT (holfoot_ap_points_to e L) sfb) e``, 981 982PROVE_TAC[holfoot_ap_points_to___implies_in_heap, 983 holfoot_implies_in_heap___implies___or_null]); 984 985 986 987val holfoot_ap_points_to___ADD_TAG = store_thm ("holfoot_ap_points_to___ADD_TAG", 988``!t e L. 989~(t IN FDOM L) ==> 990(holfoot_ap_points_to e L = 991 asl_exists c. holfoot_ap_points_to e (L |+ (t, var_res_exp_const c)))``, 992 993SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_points_to_def, EXTENSION, asl_bool_EVAL, 994 IN_ABS, LET_THM, FEVERY_DEF, FDOM_FUPDATE, FAPPLY_FUPDATE_THM, 995 IN_INSERT, DISJ_IMP_THM, var_res_exp_const_def, FORALL_AND_THM] THEN 996REPEAT STRIP_TAC THEN 997DEPTH_CONSEQ_CONV_TAC (K FORALL_EQ___CONSEQ_CONV) THEN 998SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 999REPEAT STRIP_TAC THEN 1000`~(x' = t)` by PROVE_TAC[] THEN 1001ASM_SIMP_TAC std_ss []); 1002 1003 1004 1005 1006 1007val HOLFOOT_COND_INFERENCE___points_to___ADD_TAG = 1008store_thm ("HOLFOOT_COND_INFERENCE___points_to___ADD_TAG", 1009``!t wpb rpb e L sfb prog Q. 1010 1011~(t IN FDOM L) ==> 1012VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 1013FEVERY (\x. 1014 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) (SND x)) L ==> 1015 1016((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 1017 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 1018 (BAG_INSERT (holfoot_ap_points_to e L) sfb)) 1019 prog Q) = 1020(!c. (VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 1021 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 1022 (BAG_INSERT (holfoot_ap_points_to e (L |+ (t, var_res_exp_const c))) sfb)) 1023 prog Q)))``, 1024 1025REPEAT STRIP_TAC THEN 1026IMP_RES_TAC holfoot_ap_points_to___ADD_TAG THEN 1027ASM_SIMP_TAC std_ss [] THEN 1028HO_MATCH_MP_TAC VAR_RES_COND_INFERENCE___asl_exists_pre THEN 1029CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 1030 FEVERY_STRENGTHEN_THM], []) THEN 1031ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL]); 1032 1033 1034 1035 1036val VAR_RES_FRAME_SPLIT___points_to___ADD_TAC___split = store_thm( 1037"VAR_RES_FRAME_SPLIT___points_to___ADD_TAC___split", 1038``!t e L sr wpb rpb wpb' sfb_context sfb_split sfb_imp sfb_restP. 1039~(t IN FDOM L) /\ 1040VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 1041FEVERY (\x. 1042 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) (SND x)) L ==> 1043 1044((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' sfb_context 1045 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) sfb_imp sfb_restP) = 1046 1047 !c. (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' sfb_context 1048 (BAG_INSERT (holfoot_ap_points_to e (L |+ (t, var_res_exp_const c))) 1049 sfb_split) sfb_imp sfb_restP))``, 1050 1051REPEAT STRIP_TAC THEN 1052IMP_RES_TAC holfoot_ap_points_to___ADD_TAG THEN 1053ASM_SIMP_TAC std_ss [] THEN 1054HO_MATCH_MP_TAC VAR_RES_FRAME_SPLIT___asl_exists___split THEN 1055CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 1056 FEVERY_STRENGTHEN_THM], []) THEN 1057ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL]); 1058 1059 1060 1061val VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP___REWRITE = prove ( 1062``!l' L L' e wpb rpb sfb_context sfb_split sfb_imp. 1063 1064VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (wpb + rpb)) e /\ 1065FEVERY (\x. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1066 (SET_OF_BAG (wpb + rpb)) (SND x)) L /\ 1067FEVERY (\x. ~(MEM (FST x) l') \/ VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1068 (SET_OF_BAG (wpb + rpb)) (SND x)) L' /\ 1069(FEVERY (\ (t,a). (t IN FDOM L) /\ ((MEM t l') \/ (a = L ' t))) L') /\ 1070(EVERY (\t. t IN FDOM L') l') ==> 1071 1072VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) sfb_context 1073 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 1074 (BAG_INSERT (holfoot_ap_points_to e L') sfb_imp) 1075 1076 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 1077 sfb_split (BAG_INSERT (asl_bigstar_list holfoot_separation_combinator 1078 ((MAP (\t. var_res_prop_equal DISJOINT_FMAP_UNION (L ' t) (L' ' t)) l')++ 1079 [var_res_prop_stack_true DISJOINT_FMAP_UNION])) sfb_imp)``, 1080 1081 1082SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [VAR_RES_FRAME_SPLIT___REWRITE_OK_def, 1083 var_res_prop___COND_INSERT, BAG_UNION_INSERT, BAG_UNION_EMPTY, 1084 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition] THEN 1085REPEAT STRIP_TAC THEN 1086`FEVERY (\x. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1087 (SET_OF_BAG (wpb + rpb)) (SND x)) L'` by ( 1088 FULL_SIMP_TAC std_ss [FEVERY_DEF] THEN 1089 METIS_TAC[] 1090) THEN 1091`EVERY (\t. 1092 (t IN FDOM L) /\ (t IN FDOM L') /\ 1093 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1094 (SET_OF_BAG (wpb + rpb)) (L ' t) /\ 1095 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1096 (SET_OF_BAG (wpb + rpb)) (L' ' t)) l'` by ( 1097 FULL_SIMP_TAC std_ss [FEVERY_DEF, EVERY_MEM] THEN 1098 METIS_TAC[] 1099) THEN 1100 1101`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) 1102 (holfoot_ap_points_to e L')` by ( 1103 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to THEN 1104 FULL_SIMP_TAC std_ss [FEVERY_DEF] 1105) THEN 1106Q.ABBREV_TAC `eq_pred = 1107 (asl_bigstar_list holfoot_separation_combinator 1108 ((MAP (\t. var_res_prop_equal DISJOINT_FMAP_UNION (L ' t) (L' ' t)) l')++ 1109 [var_res_prop_stack_true DISJOINT_FMAP_UNION]))` THEN 1110`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) eq_pred` by ( 1111 Q.UNABBREV_TAC `eq_pred` THEN 1112 REWRITE_TAC [holfoot_separation_combinator_def] THEN 1113 MATCH_MP_TAC (MP_CANON VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_bigstar_list) THEN 1114 SIMP_TAC list_ss [DISJ_IMP_THM, IS_SEPARATION_COMBINATOR___FINITE_MAP, 1115 FORALL_AND_THM, MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 1116 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_stack_true] THEN 1117 REPEAT STRIP_TAC THEN 1118 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 1119 FULL_SIMP_TAC std_ss [EVERY_MEM] 1120) THEN 1121ASM_REWRITE_TAC[] THEN 1122`eq_pred = \x. (SND x = FEMPTY) /\ EVERY (\t. (IS_SOME ((L ' t) (FST x))) /\ 1123 IS_SOME ((L' ' t) (FST x)) /\ (THE ((L ' t) (FST x)) = (THE ((L' ' t) (FST x))))) l'` by ( 1124 Q.UNABBREV_TAC `eq_pred` THEN 1125 Q.PAT_X_ASSUM `EVERY X l'` MP_TAC THEN 1126 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 1127 SIMP_TAC (list_ss++EQUIV_EXTRACT_ss) [EXTENSION, EVERY_MEM, IN_ABS] THEN 1128 Induct_on `l'` THEN1 ( 1129 SIMP_TAC list_ss [asl_bigstar_list_REWRITE, asl_star___PROPERTIES, 1130 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 1131 SIMP_TAC std_ss [var_res_prop_stack_true_REWRITE, asl_emp_DISJOINT_FMAP_UNION, 1132 IN_SING, IN_ABS] 1133 ) THEN 1134 1135 SIMP_TAC list_ss [asl_bigstar_list_REWRITE, DISJ_IMP_THM, FORALL_AND_THM] THEN 1136 REPEAT STRIP_TAC THEN 1137 FULL_SIMP_TAC std_ss [] THEN 1138 Q.MATCH_ABBREV_TAC `x IN asl_star holfoot_separation_combinator P1 P2 = XXX` THEN 1139 Q.UNABBREV_TAC `XXX` THEN 1140 Tactical.REVERSE ( 1141 sg `VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2`) THEN1 ( 1142 ASM_SIMP_TAC std_ss [holfoot_separation_combinator_def, 1143 asl_star___VAR_RES_IS_STACK_IMPRECISE] THEN 1144 Q.UNABBREV_TAC `P1` THEN 1145 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS, 1146 asl_emp_DISJOINT_FMAP_UNION, IN_SING, DISJOINT_FMAP_UNION___FEMPTY] THEN 1147 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 1148 Cases_on `L ' h (FST x)` THEN 1149 Cases_on `L' ' h (FST x)` THEN 1150 SIMP_TAC std_ss [] 1151 ) THEN 1152 Q.UNABBREV_TAC `P1` THEN Q.UNABBREV_TAC `P2` THEN 1153 EXT_CONSEQ_REWRITE_TAC [] [holfoot_separation_combinator_def] ([], 1154 [VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 1155 MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list], []) THEN 1156 FULL_SIMP_TAC list_ss [DISJ_IMP_THM, FORALL_AND_THM, 1157 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 1158 IS_SEPARATION_COMBINATOR___FINITE_MAP, 1159 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_stack_true, 1160 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 1161 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal] 1162) THEN 1163Q.PAT_X_ASSUM `var_res_prop___PROP f X Y s` MP_TAC THEN 1164ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 1165 var_res_prop___COND_UNION, var_res_prop___COND_INSERT, 1166 IN_ABS, DISJOINT_FMAP_UNION___FEMPTY, 1167 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM] THEN 1168REPEAT STRIP_TAC THEN 1169 1170REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 1171SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 1172REPEAT STRIP_TAC THEN 1173 1174Q.PAT_X_ASSUM `(FST s, s1) IN X` MP_TAC THEN 1175 1176ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, 1177 IN_ABS, LET_THM] THEN 1178 1179Tactical.REVERSE (Cases_on `?ve. e (FST s) = SOME ve`) THEN1 ( 1180 Cases_on `e (FST s)` THEN FULL_SIMP_TAC std_ss [] 1181) THEN 1182FULL_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 1183 1184REPEAT STRIP_TAC THEN 1185`s1' = s1` by ( 1186 ASM_SIMP_TAC std_ss [GSYM fmap_EQ_THM, IN_SING] THEN 1187 FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE] THEN 1188 `(s1' ' ve = (FUNION s1' s2') ' ve) /\ 1189 (s1 ' ve = (FUNION s1 s2) ' ve)` by ( 1190 ASM_SIMP_TAC std_ss [FUNION_DEF, IN_SING] 1191 ) THEN 1192 ASM_REWRITE_TAC[] 1193) THEN 1194ASM_REWRITE_TAC [] THEN 1195FULL_SIMP_TAC std_ss [FEVERY_DEF, EVERY_MEM] THEN 1196EQ_TAC THEN STRIP_TAC THEN GEN_TAC THEN STRIP_TAC THENL [ 1197 FULL_SIMP_TAC std_ss [], 1198 1199 Cases_on `MEM x l'` THEN1 FULL_SIMP_TAC std_ss [] THEN 1200 `L' ' x = L ' x` by METIS_TAC[] THEN 1201 ASM_SIMP_TAC std_ss [] 1202]); 1203 1204 1205 1206 1207 1208 1209 1210 1211val VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP = store_thm ("VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP", 1212``!l' L L' e wpb rpb wpb' sfb_context sfb_split sfb_imp sfb_restP sr. 1213 1214VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (wpb + rpb)) e /\ 1215FEVERY (\x. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1216 (SET_OF_BAG (wpb + rpb)) (SND x)) L /\ 1217FEVERY (\x. ~(MEM (FST x) l') \/ VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1218 (SET_OF_BAG (wpb + rpb)) (SND x)) L' /\ 1219(FEVERY (\ (t,a). (t IN FDOM L) /\ ((MEM t l') \/ (a = L ' t))) L') /\ 1220(EVERY (\t. t IN FDOM L') l') ==> 1221 1222((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' sfb_context 1223 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 1224 (BAG_INSERT (holfoot_ap_points_to e L') sfb_imp) sfb_restP) = 1225 1226 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 1227 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 1228 sfb_split (BAG_INSERT (asl_bigstar_list holfoot_separation_combinator 1229 ((MAP (\t. var_res_prop_equal DISJOINT_FMAP_UNION (L ' t) (L' ' t)) l')++ 1230 [var_res_prop_stack_true DISJOINT_FMAP_UNION])) sfb_imp) sfb_restP))``, 1231 1232 1233REPEAT STRIP_TAC THEN 1234MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 1235MATCH_MP_TAC VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP___REWRITE THEN 1236ASM_REWRITE_TAC[]); 1237 1238 1239val VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP_NULL___REWRITE = prove ( 1240``!L L' e wpb rpb sfb_context sfb_split sfb_imp. 1241 1242VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (wpb + rpb)) e /\ 1243FEVERY (\x. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1244 (SET_OF_BAG (wpb + rpb)) (SND x)) L /\ 1245(FEVERY (\ (t,a). (t IN FDOM L) /\ (a = L ' t)) L') ==> 1246 1247VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) sfb_context 1248 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 1249 (BAG_INSERT (holfoot_ap_points_to e L') sfb_imp) 1250 1251 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 1252 sfb_split sfb_imp``, 1253 1254REPEAT STRIP_TAC THEN 1255MP_TAC (SIMP_RULE list_ss [] 1256 (Q.SPECL [`[]:holfoot_tag list`, `L`, `L'`, `e`, `wpb`, `rpb`, `sfb_context`, 1257 `sfb_split`, `sfb_imp`] VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP___REWRITE)) THEN 1258ASM_REWRITE_TAC [] THEN 1259SIMP_TAC std_ss [asl_bigstar_list_REWRITE, asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 1260 FEVERY_DEF, VAR_RES_FRAME_SPLIT___REWRITE_OK___stack_true]); 1261 1262 1263 1264 1265val VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP_NULL = 1266store_thm ("VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP_NULL", 1267``!L L' e wpb rpb wpb' sfb_context sfb_split sfb_imp sfb_restP sr. 1268 1269VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (wpb + rpb)) e /\ 1270FEVERY (\x. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 1271 (SET_OF_BAG (wpb + rpb)) (SND x)) L /\ 1272FEVERY (\ (t,a). (t IN FDOM L) /\ (a = L ' t)) L' ==> 1273 1274((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' sfb_context 1275 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 1276 (BAG_INSERT (holfoot_ap_points_to e L') sfb_imp) sfb_restP) = 1277 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 1278 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 1279 sfb_split sfb_imp 1280 sfb_restP))``, 1281 1282REPEAT STRIP_TAC THEN 1283MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 1284MATCH_MP_TAC VAR_RES_FRAME_SPLIT___points_to___points_to___SUBMAP_NULL___REWRITE THEN 1285ASM_REWRITE_TAC[]); 1286 1287 1288 1289 1290 1291 1292(*----------------- 1293 * Trees 1294 *-----------------*) 1295 1296val holfoot_ap_data_tree_seg_defn = Defn.Hol_defn "holfoot_ap_data_tree_seg" ` 1297 (holfoot_ap_data_tree_seg tagL startExp (dtagL, leaf) endExpP = 1298 if ALL_DISTINCT (tagL++dtagL) then endExpP startExp else asl_false) /\ 1299 (holfoot_ap_data_tree_seg tagL startExp (dtagL, node v tL) endExpP = 1300 asl_exists lL. if ((LENGTH lL = LENGTH tagL) /\ (LENGTH v = LENGTH dtagL) /\ 1301 (LENGTH tL = LENGTH tagL) /\ ALL_DISTINCT (tagL++dtagL)) then 1302 (asl_bigstar_list holfoot_separation_combinator ((holfoot_ap_points_to startExp (LIST_TO_FMAP (ZIP (tagL++dtagL, (MAP var_res_exp_const (lL++v)))))):: 1303 ((MAP (\ (l,t). holfoot_ap_data_tree_seg tagL (var_res_exp_const l) (dtagL, t) endExpP) (ZIP (lL, tL))) ++ 1304 (MAP (\l. var_res_prop_unequal DISJOINT_FMAP_UNION (var_res_exp_const l) startExp) lL)))) 1305 else asl_false)`; 1306 1307 1308val (holfoot_ap_data_tree_seg_def,_) = 1309Defn.tprove (holfoot_ap_data_tree_seg_defn, 1310Q.EXISTS_TAC `measure (\ (tag,startExp,(dtagL,t),endExpP). tree_size0 t)` THEN 1311REWRITE_TAC[prim_recTheory.WF_measure] THEN 1312SIMP_TAC (std_ss++CONJ_ss) [prim_recTheory.measure_thm, MEM_ZIP] THEN 1313REPEAT STRIP_TAC THEN 1314MATCH_MP_TAC DIRECT_SUBTREES_size THEN 1315SIMP_TAC std_ss [DIRECT_SUBTREES_EXISTS, tree_11] THEN 1316PROVE_TAC[MEM_EL]); 1317 1318val _ = save_thm ("holfoot_ap_data_tree_seg_def", holfoot_ap_data_tree_seg_def); 1319 1320val holfoot_ap_data_tree___WELL_FORMED_DATA_def = 1321Define `holfoot_ap_data_tree___WELL_FORMED_DATA tagL data = 1322((TREE_EVERY (\v. LENGTH v = LENGTH (FST data)) (SND data)) /\ 1323 (NARY (SND data) (LENGTH tagL)) /\ 1324 (ALL_DISTINCT (tagL++(FST data))))`; 1325 1326val holfoot_ap_data_tree_seg___TREE_PROPS = store_thm ("holfoot_ap_data_tree_seg___TREE_PROPS", 1327`` 1328!t tagL startExp endExpP dtagL. 1329(~(holfoot_ap_data_tree___WELL_FORMED_DATA tagL (dtagL, t))) ==> 1330(holfoot_ap_data_tree_seg tagL startExp (dtagL, t) endExpP = asl_false)``, 1331 1332HO_MATCH_MP_TAC tree_INDUCT THEN 1333SIMP_TAC std_ss [NARY_REWRITE, TREE_EVERY_EXISTS_REWRITE, 1334 holfoot_ap_data_tree___WELL_FORMED_DATA_def, 1335 DISJ_IMP_THM, FORALL_AND_THM, asl_exists_ELIM, 1336 holfoot_ap_data_tree_seg_def] THEN 1337SIMP_TAC std_ss [GSYM DISJ_IMP_THM, GSYM FORALL_AND_THM, 1338 NOT_EVERY, GSYM SOME_EL_DISJ] THEN 1339REPEAT STRIP_TAC THEN 1340SIMP_TAC std_ss [EXTENSION, asl_bool_EVAL, COND_RAND, COND_RATOR] THEN 1341CCONTR_TAC THEN FULL_SIMP_TAC std_ss [] THEN 1342Q.PAT_X_ASSUM `x IN X` MP_TAC THEN 1343MATCH_MP_TAC (prove (``(X = asl_false) ==> (x IN X ==> F)``, 1344 SIMP_TAC std_ss [asl_false_def, NOT_IN_EMPTY])) THEN 1345MATCH_MP_TAC asl_bigstar_list_false THEN 1346FULL_SIMP_TAC list_ss [MEM_MAP, MEM_ZIP, GSYM RIGHT_FORALL_IMP_THM, 1347 AND_IMP_INTRO, EVERY_MEM, 1348 GSYM RIGHT_EXISTS_AND_THM, MEM_EL, 1349 GSYM LEFT_FORALL_IMP_THM, GSYM LEFT_EXISTS_AND_THM] THEN 1350DISJ2_TAC THEN DISJ1_TAC THEN 1351FULL_SIMP_TAC std_ss [EXISTS_MEM, MEM_EL] THEN ( 1352 Q.EXISTS_TAC `n'` THEN ASM_REWRITE_TAC [] THEN 1353 MATCH_MP_TAC EQ_SYM THEN 1354 Q.PAT_X_ASSUM `!tagL' startExp. X` MATCH_MP_TAC THEN 1355 PROVE_TAC[] 1356)); 1357 1358 1359 1360 1361val holfoot_ap_data_tree_def = Define ` 1362 holfoot_ap_data_tree tagL startExp data = 1363 holfoot_ap_data_tree_seg tagL startExp data (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_const 0))`; 1364 1365 1366val holfoot_ap_tree_def = Define ` 1367 holfoot_ap_tree tagL startExp = 1368 asl_exists dataTree. holfoot_ap_data_tree tagL startExp ([],dataTree)`; 1369 1370 1371val holfoot_ap_bintree_def = Define ` 1372 holfoot_ap_bintree (lt,rt) startExp = 1373 holfoot_ap_tree [lt;rt] startExp`; 1374 1375 1376 1377val holfoot_ap_data_tree___TREE_PROPS = store_thm ("holfoot_ap_data_tree___TREE_PROPS", 1378``!t tagL startExp dtagL. 1379(~(holfoot_ap_data_tree___WELL_FORMED_DATA tagL (dtagL, t))) ==> 1380(holfoot_ap_data_tree tagL startExp (dtagL, t) = asl_false)``, 1381SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_data_tree_seg___TREE_PROPS]); 1382 1383 1384val holfoot_ap_tree___TREE_PROPS = store_thm ("holfoot_ap_tree___TREE_PROPS", 1385``!tagL startExp. ~(ALL_DISTINCT tagL) ==> 1386(holfoot_ap_tree tagL startExp = asl_false)``, 1387SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_tree_def] THEN 1388SIMP_TAC std_ss [EXTENSION, asl_bool_EVAL] THEN 1389REPEAT STRIP_TAC THEN 1390POP_ASSUM MP_TAC THEN 1391Cases_on `dataTree` THEN ( 1392 ASM_SIMP_TAC list_ss [holfoot_ap_data_tree_seg_def, asl_bool_EVAL] 1393)); 1394 1395 1396val holfoot_ap_data_tree___null = store_thm ("holfoot_ap_data_tree___null", 1397``!tagL data. holfoot_ap_data_tree tagL (var_res_exp_const 0) data = 1398 var_res_bool_proposition DISJOINT_FMAP_UNION (IS_LEAF (SND data) /\ 1399 ALL_DISTINCT (tagL ++ FST data))``, 1400 1401Cases_on `data` THEN 1402Cases_on `r` THEN ( 1403 SIMP_TAC std_ss [holfoot_ap_data_tree_def, 1404 holfoot_ap_data_tree_seg_def, IS_LEAF_def, 1405 var_res_prop_equal_unequal_REWRITES, 1406 COND_RAND, COND_RATOR, 1407 var_res_bool_proposition_TF, 1408 holfoot_ap_points_to___null, 1409 asl_bigstar_list_false, MEM, 1410 asl_exists_ELIM] 1411)); 1412 1413val holfoot_ap_tree___null = store_thm ("holfoot_ap_tree___null", 1414``!tagL. holfoot_ap_tree tagL (var_res_exp_const 0) = 1415 var_res_bool_proposition DISJOINT_FMAP_UNION (ALL_DISTINCT tagL)``, 1416SIMP_TAC list_ss [holfoot_ap_tree_def, holfoot_ap_data_tree___null, 1417 EXTENSION, asl_bool_EVAL, var_res_bool_proposition_REWRITE, IN_ABS, 1418 IS_LEAF_REWRITE]); 1419 1420val holfoot_ap_bintree___null = store_thm ("holfoot_ap_bintree___null", 1421``!lt rt. holfoot_ap_bintree (lt, rt) (var_res_exp_const 0) = 1422 var_res_bool_proposition DISJOINT_FMAP_UNION (~(lt = rt))``, 1423SIMP_TAC list_ss [holfoot_ap_bintree_def, holfoot_ap_tree___null]) 1424 1425 1426val holfoot_ap_data_tree___leaf = store_thm ("holfoot_ap_data_tree___leaf", 1427``!tagL e dtagL. holfoot_ap_data_tree tagL e (dtagL, leaf) = 1428 asl_trivial_cond (ALL_DISTINCT (tagL ++ dtagL)) 1429 (var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0))``, 1430SIMP_TAC std_ss [holfoot_ap_data_tree_def, 1431 holfoot_ap_data_tree_seg_def, 1432 asl_trivial_cond_def, 1433 var_res_prop_equal_symmetric]); 1434 1435val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree_seg = 1436store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree_seg", 1437 1438``!vs tagL startExp data endExpP. 1439 1440((!se. VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs se ==> 1441 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (endExpP se)) /\ 1442VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp) ==> 1443 1444VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 1445 (holfoot_ap_data_tree_seg tagL startExp data endExpP)``, 1446 1447 1448REPEAT STRIP_TAC THEN 1449`?dtagL t. data = (dtagL,t)` by (Cases_on `data` THEN SIMP_TAC std_ss []) THEN 1450ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 1451Q.PAT_X_ASSUM `VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs X` MP_TAC THEN 1452Q.SPEC_TAC (`startExp`, `startExp`) THEN 1453Q.SPEC_TAC (`t`, `t`) THEN 1454HO_MATCH_MP_TAC tree_INDUCT THEN 1455CONJ_TAC THEN1 ( 1456 REPEAT STRIP_TAC THEN 1457 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_seg_def, 1458 COND_RAND, COND_RATOR, 1459 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_false] 1460) THEN 1461 1462REPEAT STRIP_TAC THEN 1463ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_seg_def] THEN 1464HO_MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists THEN 1465SIMP_TAC std_ss [COND_RAND, COND_RATOR, asl_bool_EVAL] THEN 1466REPEAT STRIP_TAC THEN 1467Q.EXISTS_TAC `lL` THEN 1468ASM_SIMP_TAC std_ss [holfoot_separation_combinator_def] THEN 1469 1470MATCH_MP_TAC (MP_CANON VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_bigstar_list) THEN 1471ASM_SIMP_TAC list_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, DISJ_IMP_THM, 1472 FORALL_AND_THM, MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 1473 MEM_ZIP] THEN 1474REPEAT STRIP_TAC THENL [ 1475 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to THEN 1476 ASM_REWRITE_TAC[] THEN 1477 MATCH_MP_TAC FEVERY_LIST_TO_FMAP THEN 1478 ASM_SIMP_TAC list_ss [EVERY_MEM, MEM_ZIP, 1479 GSYM LEFT_FORALL_IMP_THM] THEN 1480 ASM_SIMP_TAC arith_ss [EL_MAP, GSYM MAP_APPEND, LENGTH_MAP, LENGTH_APPEND, 1481 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL], 1482 1483 1484 Q.PAT_X_ASSUM `EVERY X Y` MP_TAC THEN 1485 ASM_SIMP_TAC std_ss [EVERY_MEM, MEM_EL, GSYM LEFT_FORALL_IMP_THM, 1486 GSYM LEFT_EXISTS_IMP_THM] THEN 1487 Q.EXISTS_TAC `n'` THEN 1488 ASM_REWRITE_TAC[] THEN 1489 DISCH_TAC THEN POP_ASSUM MATCH_MP_TAC THEN 1490 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL], 1491 1492 1493 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_unequal THEN 1494 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 1495]); 1496 1497 1498 1499 1500val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree_seg = 1501store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree_seg", 1502``!tagL startExp data endExpP. 1503((!se. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS se) ==> 1504 VAR_RES_IS_STACK_IMPRECISE (endExpP se)) /\ 1505IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp)) ==> 1506 1507VAR_RES_IS_STACK_IMPRECISE 1508 (holfoot_ap_data_tree_seg tagL startExp data endExpP)``, 1509 1510SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 1511 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 1512 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree_seg]); 1513 1514 1515 1516 1517val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree = 1518store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree", 1519``!vs tagL startExp data. 1520VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp ==> 1521VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 1522 (holfoot_ap_data_tree tagL startExp data)``, 1523 1524SIMP_TAC std_ss [holfoot_ap_data_tree_def] THEN 1525REPEAT STRIP_TAC THEN 1526MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree_seg THEN 1527ASM_REWRITE_TAC[] THEN 1528REPEAT STRIP_TAC THEN 1529MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 1530ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL]); 1531 1532 1533 1534val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree = 1535store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree", 1536``!tagL startExp data. 1537IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) ==> 1538VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_data_tree tagL startExp data)``, 1539 1540SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 1541 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 1542 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree]); 1543 1544 1545 1546val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree = 1547store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree", 1548``!vs tagL startExp. 1549VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp ==> 1550VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 1551 (holfoot_ap_tree tagL startExp)``, 1552 1553SIMP_TAC std_ss [holfoot_ap_tree_def] THEN 1554REPEAT STRIP_TAC THEN 1555HO_MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct THEN 1556REPEAT STRIP_TAC THEN 1557MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree THEN 1558ASM_REWRITE_TAC[]); 1559 1560 1561val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_tree = 1562store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_tree", 1563``!tagL startExp. 1564IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) ==> 1565VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_tree tagL startExp)``, 1566 1567SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 1568 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 1569 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree]); 1570 1571 1572 1573val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_bintree = 1574store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_bintree", 1575``!vs lt rt startExp. 1576VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp ==> 1577VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 1578 (holfoot_ap_bintree (lt,rt) startExp)``, 1579 1580SIMP_TAC std_ss [holfoot_ap_bintree_def] THEN 1581REPEAT STRIP_TAC THEN 1582MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree THEN 1583ASM_REWRITE_TAC[]); 1584 1585 1586val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_bintree = 1587store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_bintree", 1588``!lt rt startExp. 1589IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) ==> 1590VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_bintree (lt,rt) startExp)``, 1591 1592SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 1593 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 1594 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_bintree]); 1595 1596 1597 1598val holfoot_ap_data_tree___implies_in_heap_or_null___SIMPLE_THM = 1599store_thm ("holfoot_ap_data_tree___implies_in_heap_or_null___SIMPLE_THM", 1600``!tagL st h data c. (st, h) IN holfoot_ap_data_tree tagL (var_res_exp_const c) data ==> 1601 ~(c = 0) ==> (c IN FDOM h)``, 1602 Cases_on `data` THEN Cases_on `r` THEN 1603 SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_data_tree_seg_def, 1604 COND_RAND, COND_RATOR, asl_bool_EVAL, var_res_prop_equal_unequal_EXPAND, 1605 IN_ABS, var_res_exp_const_def, LET_THM, asl_bigstar_list_REWRITE, 1606 asl_star_def, holfoot_ap_points_to_def, GSYM RIGHT_EXISTS_AND_THM, 1607 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM, IN_SING, 1608 SOME___holfoot_separation_combinator, FDOM_FUNION, IN_UNION] 1609); 1610 1611 1612val holfoot_ap_data_tree___REWRITE = store_thm ("holfoot_ap_data_tree___REWRITE", 1613``!tagL e dtagL data. 1614 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 1615 (holfoot_ap_data_tree tagL e (dtagL, data) = 1616 asl_or 1617 (asl_trivial_cond (ALL_DISTINCT (tagL ++ dtagL) /\ IS_LEAF data) 1618 (var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0))) 1619 1620 (asl_exists_list dtagL (\v. 1621 asl_exists_list tagL (\lL. 1622 asl_exists_list tagL (\tL. 1623 asl_trivial_cond ((NULL tagL ==> ALL_DISTINCT dtagL) /\ (data = node v tL)) 1624 (asl_bigstar_list holfoot_separation_combinator 1625 (holfoot_ap_points_to e 1626 (LIST_TO_FMAP 1627 (ZIP (tagL ++ dtagL,MAP var_res_exp_const (lL ++ v)))):: 1628 (MAP 1629 (\lt. 1630 holfoot_ap_data_tree tagL (var_res_exp_const (FST lt)) 1631 (dtagL,SND lt)) (ZIP (lL,tL))))))))))``, 1632 1633Cases_on `data` THEN ( 1634 SIMP_TAC std_ss [holfoot_ap_data_tree___leaf, tree_distinct, 1635 asl_trivial_cond_TF, IS_LEAF_REWRITE] THEN 1636 SIMP_TAC std_ss [asl_exists_list___ELIM, asl_trivial_cond___asl_false, 1637 asl_exists_ELIM, asl_bool_REWRITES] 1638) THEN 1639SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_data_tree_seg_def, 1640 asl_exists_def, asl_trivial_cond_def, COND_RAND, COND_RATOR, 1641 asl_bool_EVAL, IN_ABS, tree_11, GSYM RIGHT_EXISTS_AND_THM] THEN 1642ONCE_REWRITE_TAC[EXTENSION] THEN 1643SIMP_TAC std_ss [IN_ABS] THEN 1644REPEAT STRIP_TAC THEN 1645CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 1646SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [GSYM holfoot_ap_data_tree_def] THEN 1647REPEAT STRIP_TAC THEN 1648Tactical.REVERSE (Cases_on `ALL_DISTINCT (tagL ++ dtagL)`) THEN1 ( 1649 ASM_SIMP_TAC std_ss [] THEN 1650 Cases_on `tagL` THEN1 FULL_SIMP_TAC list_ss [] THEN 1651 `!l t'. holfoot_ap_data_tree (h::t) (var_res_exp_const l) (dtagL,t') = asl_false` by ( 1652 Cases_on `t'` THEN 1653 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_data_tree_seg_def, 1654 asl_exists_ELIM] 1655 ) THEN 1656 `?x1' xs'. x' = x1'::xs'` by (Cases_on `x'` THEN FULL_SIMP_TAC list_ss []) THEN 1657 `?l1 ls. l = l1::ls` by (Cases_on `l` THEN FULL_SIMP_TAC list_ss []) THEN 1658 ASM_SIMP_TAC list_ss [asl_bigstar_list_REWRITE, 1659 asl_false___asl_star_THM, asl_bool_EVAL] 1660) THEN 1661`ALL_DISTINCT dtagL` by FULL_SIMP_TAC std_ss [ALL_DISTINCT_APPEND] THEN 1662Cases_on `NULL tagL` THEN1 ( 1663 FULL_SIMP_TAC list_ss [NULL_EQ, LENGTH_NIL] 1664) THEN 1665`~(NULL x') /\ ~(NULL l)` by ( 1666 Cases_on `tagL` THEN 1667 FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 1668) THEN 1669ASM_SIMP_TAC std_ss [asl_bigstar_list_REWRITE, 1670 asl_bigstar_list_APPEND, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 1671Q.MATCH_ABBREV_TAC `x IN asl_star holfoot_separation_combinator 1672 points_toP (asl_star holfoot_separation_combinator 1673 (asl_bigstar_list holfoot_separation_combinator treePL) 1674 (asl_bigstar_list holfoot_separation_combinator unequalPL)) = 1675 x IN asl_star holfoot_separation_combinator 1676 points_toP (asl_bigstar_list holfoot_separation_combinator treePL')` THEN 1677Q.ABBREV_TAC `treeP = asl_bigstar_list holfoot_separation_combinator treePL` THEN 1678Q.ABBREV_TAC `unequalP = asl_bigstar_list holfoot_separation_combinator unequalPL` THEN 1679 1680`treePL' = treePL` by ( 1681 MAP_EVERY Q.UNABBREV_TAC [`treePL`, `treePL'`] THEN 1682 SIMP_TAC std_ss [pairTheory.ELIM_UNCURRY] 1683) THEN 1684ASM_SIMP_TAC std_ss [] THEN 1685POP_ASSUM (K ALL_TAC) THEN Q.UNABBREV_TAC `treePL'` THEN 1686REWRITE_TAC [holfoot_separation_combinator_def] THEN 1687 1688`EVERY VAR_RES_IS_STACK_IMPRECISE treePL /\ 1689 EVERY VAR_RES_IS_STACK_IMPRECISE unequalPL` by ( 1690 Q.UNABBREV_TAC `treePL` THEN 1691 Q.UNABBREV_TAC `unequalPL` THEN 1692 ASM_SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [EVERY_MAP, 1693 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_unequal, 1694 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 1695 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree, EVERY_MEM] 1696) THEN 1697`VAR_RES_IS_STACK_IMPRECISE points_toP /\ 1698 VAR_RES_IS_STACK_IMPRECISE treeP /\ 1699 VAR_RES_IS_STACK_IMPRECISE unequalP` by ( 1700 Q.UNABBREV_TAC `points_toP` THEN 1701 Q.UNABBREV_TAC `treeP` THEN 1702 Q.UNABBREV_TAC `unequalP` THEN 1703 1704 REWRITE_TAC[holfoot_separation_combinator_def] THEN 1705 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___points_to, 1706 FEVERY_LIST_TO_FMAP, MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list], []) THEN 1707 FULL_SIMP_TAC arith_ss [EVERY_MEM, MEM_ZIP, IS_SEPARATION_COMBINATOR___FINITE_MAP, 1708 MEM_ZIP, LENGTH_MAP, LENGTH_APPEND, GSYM LEFT_FORALL_IMP_THM, 1709 EL_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 1710 Q.UNABBREV_TAC `treePL` THEN Q.UNABBREV_TAC `unequalPL` THEN 1711 FULL_SIMP_TAC std_ss [NULL_EQ, MAP_EQ_NIL] THEN 1712 Cases_on `x'` THEN FULL_SIMP_TAC list_ss [] THEN 1713 Cases_on `l` THEN FULL_SIMP_TAC list_ss [] 1714) THEN 1715 1716ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 1717 VAR_RES_IS_STACK_IMPRECISE___asl_star, 1718 IS_SEPARATION_COMBINATOR___FINITE_MAP, 1719 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR] THEN 1720SIMP_TAC std_ss [GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 1721 IN_ABS, DISJOINT_FMAP_UNION___REWRITE] THEN 1722Cases_on `e (FST x) = NONE` THEN1 ( 1723 Q.UNABBREV_TAC `points_toP` THEN 1724 ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] 1725) THEN 1726`?ec. e (FST x) = SOME ec` by ( 1727 Cases_on `e (FST x)` THEN FULL_SIMP_TAC std_ss [] 1728) THEN 1729`!h. (FST x, h) IN unequalP = 1730 (h = FEMPTY) /\ EVERY (\x. ~(x = ec)) x'` by ( 1731 Q.UNABBREV_TAC `unequalP` THEN 1732 Q.UNABBREV_TAC `unequalPL` THEN 1733 Q.PAT_X_ASSUM `IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)` MP_TAC THEN 1734 Q.PAT_X_ASSUM `e (FST x) = SOME ec` MP_TAC THEN 1735 Q.PAT_X_ASSUM `~(NULL x')` MP_TAC THEN 1736 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 1737 Induct_on `x'` THEN SIMP_TAC list_ss [asl_bigstar_list_REWRITE] THEN 1738 REPEAT STRIP_TAC THEN 1739 Cases_on `x'` THEN1 ( 1740 FULL_SIMP_TAC list_ss [asl_bigstar_list_REWRITE, 1741 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 1742 var_res_prop_equal_unequal_EXPAND, IN_ABS, var_res_exp_const_def, 1743 asl_emp_DISJOINT_FMAP_UNION, IN_SING] 1744 ) THEN 1745 Q.ABBREV_TAC `PP = asl_bigstar_list holfoot_separation_combinator 1746 (MAP (\l. var_res_prop_unequal DISJOINT_FMAP_UNION (var_res_exp_const l) e) (h''::t))` THEN 1747 `VAR_RES_IS_STACK_IMPRECISE PP` by ( 1748 Q.UNABBREV_TAC `PP` THEN 1749 REWRITE_TAC [holfoot_separation_combinator_def] THEN 1750 MATCH_MP_TAC (MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list) THEN 1751 ASM_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, 1752 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, MAP_EQ_NIL, 1753 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_unequal, NOT_CONS_NIL, 1754 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 1755 ) THEN 1756 FULL_SIMP_TAC list_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, holfoot_separation_combinator_def, 1757 IS_SEPARATION_COMBINATOR___FINITE_MAP, VAR_RES_IS_STACK_IMPRECISE___var_res_prop_unequal, 1758 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 1759 IN_ABS] THEN 1760 ASM_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___FEMPTY, var_res_prop_equal_unequal_EXPAND, 1761 IN_ABS, asl_emp_DISJOINT_FMAP_UNION, IN_SING, var_res_exp_const_def] THEN 1762 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] 1763) THEN 1764ASM_SIMP_TAC std_ss [FDOM_FEMPTY, FUNION_FEMPTY_1, FUNION_FEMPTY_2, 1765 DISJOINT_EMPTY] THEN 1766REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 1767SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 1768REPEAT STRIP_TAC THEN 1769 1770`(FDOM es1 = {ec}) /\ ~(ec = 0)` by ( 1771 Q.PAT_X_ASSUM `(FST x, es1) IN Y` MP_TAC THEN 1772 Q.UNABBREV_TAC `points_toP` THEN 1773 ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] 1774) THEN 1775`EVERY (\x. ~(x = 0) ==> (x IN FDOM es2)) x'` by ( 1776 Q.PAT_X_ASSUM `(FST x, es2) IN treeP` MP_TAC THEN 1777 Q.PAT_X_ASSUM `EVERY X treePL` MP_TAC THEN 1778 `LENGTH l = LENGTH x'` by ASM_REWRITE_TAC[] THEN POP_ASSUM MP_TAC THEN 1779 Q.PAT_X_ASSUM `~NULL x'` MP_TAC THEN 1780 Q.UNABBREV_TAC `treeP` THEN 1781 Q.UNABBREV_TAC `treePL` THEN 1782 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 1783 Q.SPEC_TAC (`es2`, `h`) THEN 1784 Q.SPEC_TAC (`l`, `l`) THEN 1785 Induct_on `x'` THEN ( 1786 SIMP_TAC list_ss [LENGTH_EQ_NUM, 1787 GSYM LEFT_FORALL_IMP_THM, asl_bigstar_list_REWRITE, 1788 holfoot_separation_combinator_def] 1789 ) THEN 1790 Cases_on `x'` THEN1 ( 1791 FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM, asl_bigstar_list_REWRITE, 1792 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___FINITE_MAP, 1793 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR] THEN 1794 METIS_TAC[holfoot_ap_data_tree___implies_in_heap_or_null___SIMPLE_THM] 1795 ) THEN 1796 REPEAT GEN_TAC THEN 1797 Q.PAT_X_ASSUM `!l. X l` (ASSUME_TAC o Q.SPEC `l'`) THEN 1798 REPEAT (GEN_TAC ORELSE DISCH_TAC) THEN 1799 FULL_SIMP_TAC list_ss [holfoot_separation_combinator_def] THEN 1800 Q.ABBREV_TAC `PP = asl_bigstar_list (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 1801 (MAP (\ (l,t). holfoot_ap_data_tree tagL (var_res_exp_const l) 1802 (dtagL,t)) (ZIP (h::t,l')))` THEN 1803 `VAR_RES_IS_STACK_IMPRECISE PP` by ( 1804 Q.UNABBREV_TAC `PP` THEN 1805 MATCH_MP_TAC (MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list) THEN 1806 FULL_SIMP_TAC list_ss [MEM_MAP, GSYM LEFT_FORALL_IMP_THM, MAP_EQ_NIL, 1807 EVERY_MEM, IS_SEPARATION_COMBINATOR___FINITE_MAP, LENGTH_EQ_NUM] 1808 ) THEN 1809 Q.PAT_X_ASSUM `(FST x, h'') IN X` MP_TAC THEN 1810 FULL_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS, 1811 GSYM LEFT_FORALL_IMP_THM, DISJOINT_FMAP_UNION___REWRITE, FDOM_FUNION, 1812 IN_UNION, EVERY_MEM] THEN 1813 REPEAT GEN_TAC THEN STRIP_TAC THEN 1814 METIS_TAC[holfoot_ap_data_tree___implies_in_heap_or_null___SIMPLE_THM] 1815) THEN 1816FULL_SIMP_TAC std_ss [EVERY_MEM, DISJOINT_DEF, EXTENSION, IN_SING, IN_INTER, NOT_IN_EMPTY] THEN 1817METIS_TAC[]); 1818 1819 1820 1821val holfoot_ap_tree___REWRITE = store_thm ("holfoot_ap_tree___REWRITE", 1822``!tagL e. 1823 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 1824 (holfoot_ap_tree tagL e = 1825 asl_or 1826 (asl_trivial_cond (ALL_DISTINCT tagL) 1827 (var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0))) 1828 1829 (asl_exists_list tagL (\lL. 1830 (asl_bigstar_list holfoot_separation_combinator 1831 (holfoot_ap_points_to e 1832 (LIST_TO_FMAP 1833 (ZIP (tagL,MAP var_res_exp_const lL))):: 1834 (MAP (\l. holfoot_ap_tree tagL (var_res_exp_const l)) lL))))))``, 1835 1836SIMP_TAC list_ss [holfoot_ap_tree_def, holfoot_ap_data_tree___REWRITE, 1837 asl_exists_list___REWRITE, asl_exists___asl_or_THM] THEN 1838REPEAT STRIP_TAC THEN 1839BINOP_TAC THEN1 ( 1840 SIMP_TAC std_ss [EXTENSION, asl_bool_EVAL, IS_LEAF_REWRITE, 1841 asl_trivial_cond_def, COND_RAND, COND_RATOR, 1842 asl_bool_REWRITES, asl_exists_ELIM] 1843) THEN 1844SIMP_TAC std_ss [asl_exists_list_def, IN_ABS, GSYM RIGHT_EXISTS_AND_THM, 1845 GSYM LEFT_EXISTS_AND_THM, asl_exists_def, 1846 asl_trivial_cond_def, COND_RAND, COND_RATOR, asl_bool_EVAL, 1847 asl_bigstar_list_REWRITE] THEN 1848`!l P. asl_bigstar_list holfoot_separation_combinator 1849 (MAP (\l:num. asl_exists (x:num list tree). P l x) l) = 1850 asl_exists xL. 1851 asl_trivial_cond (LENGTH xL = LENGTH l) 1852 (asl_bigstar_list holfoot_separation_combinator 1853 (MAP (\lx. P (FST lx) (SND lx)) (ZIP (l, xL))))` suffices_by (STRIP_TAC THEN 1854 FULL_SIMP_TAC std_ss [asl_exists_def, 1855 asl_trivial_cond_def, COND_RAND, COND_RATOR, asl_bool_EVAL] THEN 1856 SIMP_TAC std_ss [EXTENSION, IN_ABS, asl_star_def, 1857 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM] THEN 1858 METIS_TAC[] 1859) THEN 1860Induct_on `l` THEN ( 1861 FULL_SIMP_TAC list_ss [asl_bigstar_list_REWRITE, asl_trivial_cond_def, 1862 asl_exists_def, COND_RAND, COND_RATOR, asl_bool_EVAL, 1863 LENGTH_EQ_NUM, IN_ABS3, GSYM LEFT_EXISTS_AND_THM, 1864 GSYM RIGHT_EXISTS_AND_THM, asl_star_def, IN_ABS] 1865) THEN 1866METIS_TAC[]); 1867 1868 1869 1870val var_res_prop_varlist_update___holfoot_ap_data_tree = 1871store_thm ("var_res_prop_varlist_update___holfoot_ap_data_tree", 1872``!vcL tagL data e. 1873 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 1874 (var_res_prop_varlist_update vcL (holfoot_ap_data_tree tagL e data) = 1875 (holfoot_ap_data_tree tagL (var_res_exp_varlist_update vcL e) data))``, 1876 1877NTAC 3 GEN_TAC THEN 1878`?dtagL data_tree. data = (dtagL, data_tree)` by ( 1879 Cases_on `data` THEN SIMP_TAC std_ss [] 1880) THEN 1881ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 1882 1883Tactical.REVERSE (Cases_on `holfoot_ap_data_tree___WELL_FORMED_DATA tagL (dtagL, data_tree)`) THEN1 ( 1884 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_def, 1885 holfoot_ap_data_tree_seg___TREE_PROPS, var_res_prop_varlist_update___BOOL] 1886) THEN 1887POP_ASSUM MP_TAC THEN 1888Q.SPEC_TAC (`data_tree`, `data_tree`) THEN 1889HO_MATCH_MP_TAC tree_INDUCT THEN 1890REPEAT CONJ_TAC THEN1 ( 1891 SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_data_tree_seg_def, 1892 holfoot_ap_data_tree___WELL_FORMED_DATA_def, 1893 var_res_prop_varlist_update___equal_unequal, 1894 var_res_exp_varlist_update___const_EVAL] 1895) THEN 1896REPEAT STRIP_TAC THEN 1897`(LENGTH n = LENGTH dtagL) /\ 1898 (LENGTH tL = LENGTH tagL) /\ 1899 ALL_DISTINCT (tagL ++ dtagL)` by ( 1900 FULL_SIMP_TAC std_ss [holfoot_ap_data_tree___WELL_FORMED_DATA_def, 1901 TREE_EVERY_EXISTS_REWRITE, NARY_REWRITE] 1902) THEN 1903ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_seg_def, holfoot_ap_data_tree_def, 1904 var_res_prop_varlist_update___BOOL, 1905 COND_RAND, COND_RATOR] THEN 1906AP_TERM_TAC THEN ABS_TAC THEN 1907Tactical.REVERSE (Cases_on `LENGTH lL = LENGTH tagL`) THEN ( 1908 ASM_SIMP_TAC std_ss [] 1909) THEN 1910 1911Q.MATCH_ABBREV_TAC ` 1912var_res_prop_varlist_update vcL 1913 (asl_bigstar_list holfoot_separation_combinator pL) = 1914(asl_bigstar_list holfoot_separation_combinator pL')` THEN 1915 1916`pL <> [] /\ (!p. MEM p pL ==> VAR_RES_IS_STACK_IMPRECISE p)` by ( 1917 Q.UNABBREV_TAC `pL` THEN 1918 ASM_SIMP_TAC list_ss [MEM_MAP, DISJ_IMP_THM, FORALL_AND_THM, 1919 GSYM LEFT_FORALL_IMP_THM, MEM_ZIP] THEN 1920 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree_seg, 1921 VAR_RES_IS_STACK_IMPRECISE___points_to, VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 1922 FEVERY_LIST_TO_FMAP, VAR_RES_IS_STACK_IMPRECISE___var_res_prop_unequal], []) THEN 1923 ASM_SIMP_TAC list_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 1924 EVERY_MEM, MEM_ZIP, GSYM LEFT_FORALL_IMP_THM] THEN 1925 SIMP_TAC std_ss [GSYM MAP_APPEND] THEN 1926 REPEAT STRIP_TAC THEN 1927 `LENGTH dtagL + LENGTH tagL = LENGTH (lL ++ n)` by ASM_SIMP_TAC list_ss [] THEN 1928 ASM_SIMP_TAC arith_ss [EL_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 1929) THEN 1930ASM_SIMP_TAC std_ss [var_res_prop_varlist_update___asl_bigstar_list, 1931 IS_SEPARATION_COMBINATOR___FINITE_MAP, holfoot_separation_combinator_def] THEN 1932AP_TERM_TAC THEN 1933 1934 1935Q.UNABBREV_TAC `pL` THEN Q.UNABBREV_TAC `pL'` THEN 1936FULL_SIMP_TAC list_ss [MEM_MAP, DISJ_IMP_THM, GSYM LEFT_FORALL_IMP_THM, 1937 FORALL_AND_THM, MAP_MAP_o, o_DEF, APPEND_11_LENGTH] THEN 1938REPEAT STRIP_TAC THENL [ 1939 ASM_SIMP_TAC std_ss [var_res_prop_varlist_update___holfoot_ap_points_to, 1940 o_f_LIST_TO_FMAP] THEN 1941 `LENGTH (tagL ++ dtagL) = LENGTH (lL ++ n)` by ASM_SIMP_TAC list_ss [] THEN 1942 ASM_SIMP_TAC arith_ss [GSYM MAP_APPEND, ZIP_MAP, MAP_MAP_o, 1943 o_DEF, var_res_exp_varlist_update___const_EVAL], 1944 1945 1946 MATCH_MP_TAC (prove (``!L f f'. (!l t. MEM (l,t) L ==> (f (l, t) = f' (l,t))) ==> 1947 (MAP f L = MAP f' L)``, 1948 Induct_on `L` THEN ASM_SIMP_TAC list_ss [DISJ_IMP_THM, FORALL_AND_THM, FORALL_PROD])) THEN 1949 FULL_SIMP_TAC std_ss [EVERY_MEM, GSYM holfoot_ap_data_tree_def] THEN 1950 REPEAT STRIP_TAC THEN 1951 `MEM t tL` by ( 1952 Q.PAT_X_ASSUM `MEM (l,t) (ZIP (lL,tL))` MP_TAC THEN 1953 ASM_SIMP_TAC list_ss [MEM_ZIP, GSYM LEFT_FORALL_IMP_THM, EL_IS_EL] 1954 ) THEN 1955 `holfoot_ap_data_tree___WELL_FORMED_DATA tagL (dtagL,t)` by ( 1956 FULL_SIMP_TAC std_ss [holfoot_ap_data_tree___WELL_FORMED_DATA_def, 1957 NARY_REWRITE, EVERY_MEM, TREE_EVERY_EXISTS_REWRITE] 1958 ) THEN 1959 Q.PAT_X_ASSUM `!data_tree. MEM data_tree tL ==> X` (MP_TAC o Q.SPEC `t`) THEN 1960 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 1961 var_res_exp_varlist_update___const_EVAL], 1962 1963 1964 SIMP_TAC std_ss [var_res_prop_varlist_update___equal_unequal, 1965 var_res_exp_varlist_update___const_EVAL] 1966]); 1967 1968 1969val var_res_prop_varlist_update___holfoot_ap_tree = 1970store_thm ("var_res_prop_varlist_update___holfoot_ap_tree", 1971``!vcL tagL e. 1972 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 1973 (var_res_prop_varlist_update vcL (holfoot_ap_tree tagL e) = 1974 (holfoot_ap_tree tagL (var_res_exp_varlist_update vcL e)))``, 1975 1976 SIMP_TAC std_ss [holfoot_ap_tree_def, var_res_prop_varlist_update___BOOL, 1977 var_res_prop_varlist_update___holfoot_ap_data_tree]); 1978 1979 1980val var_res_prop_varlist_update___holfoot_ap_bintree = 1981store_thm ("var_res_prop_varlist_update___holfoot_ap_bintree", 1982``!vcL lt rt e. 1983 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 1984 (var_res_prop_varlist_update vcL (holfoot_ap_bintree (lt,rt) e) = 1985 (holfoot_ap_bintree (lt,rt) (var_res_exp_varlist_update vcL e)))``, 1986SIMP_TAC std_ss [holfoot_ap_bintree_def, var_res_prop_varlist_update___holfoot_ap_tree]); 1987 1988 1989val holfoot_ap_data_tree___implies_in_heap_or_null = store_thm ("holfoot_ap_data_tree___implies_in_heap_or_null", 1990``!e B tagL data sfb. 1991 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 1992 holfoot_implies_in_heap_or_null B 1993 (BAG_INSERT (holfoot_ap_data_tree tagL e data) sfb) e``, 1994 1995REPEAT STRIP_TAC THEN 1996`?dtagL t. data = (dtagL, t)` by (Cases_on `data` THEN SIMP_TAC std_ss []) THEN 1997Tactical.REVERSE (Cases_on `holfoot_ap_data_tree___WELL_FORMED_DATA tagL (dtagL, t)`) THEN1 ( 1998 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_def, holfoot_ap_data_tree_seg___TREE_PROPS, 1999 holfoot_implies_in_heap_or_null_def, holfoot_implies_in_heap_pred___asl_false] 2000) THEN 2001FULL_SIMP_TAC std_ss [holfoot_ap_data_tree___WELL_FORMED_DATA_def] THEN 2002Cases_on `t` THEN1 ( 2003 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_def, 2004 holfoot_ap_data_tree_seg_def, 2005 holfoot_implies_in_heap_or_null___equal_null] 2006) THEN 2007 2008ASM_SIMP_TAC std_ss [holfoot_ap_data_tree_def, 2009 holfoot_ap_data_tree_seg_def, asl_bool_EVAL, 2010 COND_RAND, COND_RATOR, GSYM LEFT_FORALL_IMP_THM, 2011 holfoot_implies_in_heap_or_null_def, 2012 holfoot_implies_in_heap_pred___asl_exists, 2013 holfoot_implies_in_heap_pred___asl_false, 2014 asl_bigstar_list_REWRITE, 2015 holfoot_implies_in_heap_pred___asl_star 2016] THEN 2017ASM_SIMP_TAC std_ss [GSYM holfoot_implies_in_heap_or_null_def, 2018 holfoot_ap_points_to___implies_in_heap_or_null]); 2019 2020 2021val holfoot_ap_data_tree___implies_in_heap_or_null___COMPUTE = store_thm ( 2022 "holfoot_ap_data_tree___implies_in_heap_or_null___COMPUTE", 2023``!e tagL data B. 2024 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 2025 holfoot_implies_in_heap_or_null B {|holfoot_ap_data_tree tagL e data|} e``, 2026SIMP_TAC std_ss [holfoot_ap_data_tree___implies_in_heap_or_null]); 2027 2028 2029val holfoot_ap_tree___implies_in_heap_or_null = store_thm ("holfoot_ap_tree___implies_in_heap_or_null", 2030``!e B tagL sfb. 2031 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 2032 holfoot_implies_in_heap_or_null B 2033 (BAG_INSERT (holfoot_ap_tree tagL e) sfb) e``, 2034 2035SIMP_TAC std_ss [holfoot_ap_tree_def, 2036 holfoot_implies_in_heap_or_null_def, 2037 holfoot_implies_in_heap_pred___asl_exists] THEN 2038SIMP_TAC std_ss [GSYM holfoot_implies_in_heap_or_null_def, 2039 holfoot_ap_data_tree___implies_in_heap_or_null]); 2040 2041 2042 2043val holfoot_ap_tree___implies_in_heap_or_null___COMPUTE = store_thm ( 2044 "holfoot_ap_tree___implies_in_heap_or_null___COMPUTE", 2045``!e tagL B. 2046 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 2047 holfoot_implies_in_heap_or_null B {|holfoot_ap_tree tagL e|} e``, 2048SIMP_TAC std_ss [holfoot_ap_tree___implies_in_heap_or_null]); 2049 2050 2051 2052val holfoot_ap_data_tree___var_res_prop_implies_eq___split = 2053store_thm ("holfoot_ap_data_tree___var_res_prop_implies_eq___split", 2054``!tagL e1 dtagL data sfb1 sfb2 wpb rpb. 2055 (var_res_implies_unequal DISJOINT_FMAP_UNION (BAG_UNION 2056 sfb1 (BAG_INSERT (holfoot_ap_data_tree tagL e1 (dtagL, data)) sfb2)) e1 (var_res_exp_const 0)) ==> 2057 2058 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 2059 (SET_OF_BAG (BAG_UNION wpb rpb)) e1 ==> 2060 2061 (var_res_prop_implies_eq DISJOINT_FMAP_UNION (wpb, rpb) sfb1 2062 (BAG_INSERT (holfoot_ap_data_tree tagL e1 (dtagL, data)) sfb2) 2063 2064 (BAG_INSERT (asl_exists_list dtagL (\v. asl_exists_list tagL (\lL. asl_exists_list tagL (\tL. 2065 asl_trivial_cond ((NULL tagL ==> ALL_DISTINCT dtagL) /\ (data = node v tL)) 2066 (asl_bigstar_list holfoot_separation_combinator 2067 (holfoot_ap_points_to e1 (LIST_TO_FMAP (ZIP (tagL ++ dtagL, MAP var_res_exp_const (lL ++ v)))):: 2068 MAP (\lt. holfoot_ap_data_tree tagL 2069 (var_res_exp_const (FST lt)) (dtagL,(SND lt))) (ZIP (lL,tL)))))))) 2070 sfb2))``, 2071 2072REPEAT STRIP_TAC THEN 2073Q.MATCH_ABBREV_TAC ` 2074 var_res_prop_implies_eq DISJOINT_FMAP_UNION (wpb,rpb) sfb1 2075 (BAG_INSERT (holfoot_ap_data_tree tagL e1 (dtagL,data)) sfb2) 2076 (BAG_INSERT PP sfb2)` THEN 2077`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1)` by ( 2078 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 2079) THEN 2080`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (BAG_UNION wpb rpb)) 2081 (holfoot_ap_data_tree tagL e1 (dtagL,data))` by ( 2082 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree] 2083) THEN 2084`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (BAG_UNION wpb rpb)) PP` by ( 2085 Q.UNABBREV_TAC `PP` THEN 2086 ASM_SIMP_TAC std_ss [asl_exists_list___ELIM, holfoot_separation_combinator_def] THEN 2087 CONSEQ_HO_REWRITE_TAC ([], [ 2088 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 2089 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_trivial_cond, 2090 MP_CANON VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_bigstar_list], []) THEN 2091 SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [ 2092 GSYM RIGHT_FORALL_IMP_THM, MEM_MAP, FORALL_AND_THM, 2093 DISJ_IMP_THM, GSYM LEFT_FORALL_IMP_THM, IS_SEPARATION_COMBINATOR___FINITE_MAP, 2094 MEM, NOT_CONS_NIL] THEN 2095 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 2096 FEVERY_LIST_TO_FMAP, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree], []) THEN 2097 ASM_SIMP_TAC arith_ss [EVERY_MEM, MEM_ZIP, LENGTH_MAP, LENGTH_APPEND, 2098 GSYM LEFT_FORALL_IMP_THM, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 2099 EL_MAP] 2100) THEN 2101ASM_SIMP_TAC std_ss [var_res_prop_implies_eq_def, var_res_prop___EQ, 2102 var_res_prop___COND_UNION, var_res_prop___COND_INSERT] THEN 2103REPEAT STRIP_TAC THEN 2104ONCE_REWRITE_TAC[EXTENSION] THEN 2105REPEAT STRIP_TAC THEN 2106Tactical.REVERSE EQ_TAC THEN1 ( 2107 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 2108 BAG_UNION_INSERT, IN_ABS, 2109 var_res_prop___COND_INSERT, var_res_prop___COND_UNION] THEN 2110 REPEAT STRIP_TAC THEN 2111 Q.LIST_EXISTS_TAC [`s1`, `s2`] THEN 2112 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, asl_bool_EVAL] 2113) THEN 2114STRIP_TAC THEN 2115`(x:holfoot_state) IN var_res_prop_weak_unequal e1 (var_res_exp_const 0)` by ( 2116 MATCH_MP_TAC (ISPECL [``DISJOINT_FMAP_UNION:holfoot_heap bin_option_function``, 2117 ``e1:holfoot_a_expression``] 2118 var_res_implies_unequal___var_res_prop___PROP) THEN 2119 ASM_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, 2120 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 2121 METIS_TAC[] 2122) THEN 2123REPEAT (Q.PAT_X_ASSUM `x IN XXX` MP_TAC) THEN 2124ASM_SIMP_TAC std_ss [BAG_UNION_INSERT, var_res_prop_equal_unequal_EXPAND, 2125 IN_ABS, var_res_exp_const_def, 2126 var_res_prop___PROP_INSERT, var_res_prop___COND_UNION, 2127 var_res_prop___COND_INSERT] THEN 2128ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, asl_bool_EVAL, 2129 asl_trivial_cond_def, var_res_prop_equal_unequal_EXPAND, 2130 COND_RAND, COND_RATOR, IN_ABS, var_res_exp_const_def, 2131 asl_emp_DISJOINT_FMAP_UNION, DISJOINT_FMAP_UNION___FEMPTY, IN_SING] THEN 2132METIS_TAC[]); 2133 2134 2135 2136 2137val holfoot_ap_tree___var_res_prop_implies_eq___split = 2138store_thm ("holfoot_ap_tree___var_res_prop_implies_eq___split", 2139``!tagL e1 sfb1 sfb2 wpb rpb. 2140 (var_res_implies_unequal DISJOINT_FMAP_UNION (BAG_UNION 2141 sfb1 (BAG_INSERT (holfoot_ap_tree tagL e1) sfb2)) e1 (var_res_exp_const 0)) ==> 2142 2143 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 2144 (SET_OF_BAG (BAG_UNION wpb rpb)) e1 ==> 2145 2146 (var_res_prop_implies_eq DISJOINT_FMAP_UNION (wpb, rpb) sfb1 2147 (BAG_INSERT (holfoot_ap_tree tagL e1) sfb2) 2148 2149 (BAG_INSERT (asl_exists_list tagL (\lL. 2150 asl_bigstar_list holfoot_separation_combinator 2151 (holfoot_ap_points_to e1 (LIST_TO_FMAP (ZIP (tagL,MAP var_res_exp_const lL))):: 2152 MAP (\l. holfoot_ap_tree tagL (var_res_exp_const l)) lL))) 2153 sfb2))``, 2154 2155REPEAT STRIP_TAC THEN 2156Q.MATCH_ABBREV_TAC ` 2157 var_res_prop_implies_eq DISJOINT_FMAP_UNION (wpb,rpb) sfb1 2158 (BAG_INSERT (holfoot_ap_tree tagL e1) sfb2) 2159 (BAG_INSERT PP sfb2)` THEN 2160`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1)` by ( 2161 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 2162) THEN 2163`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (BAG_UNION wpb rpb)) 2164 (holfoot_ap_tree tagL e1)` by ( 2165 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree] 2166) THEN 2167`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (BAG_UNION wpb rpb)) PP` by ( 2168 Q.UNABBREV_TAC `PP` THEN 2169 ASM_SIMP_TAC std_ss [asl_exists_list___ELIM, holfoot_separation_combinator_def] THEN 2170 CONSEQ_HO_REWRITE_TAC ([], [ 2171 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 2172 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_trivial_cond, 2173 MP_CANON VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_bigstar_list], []) THEN 2174 SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [ 2175 GSYM RIGHT_FORALL_IMP_THM, MEM_MAP, FORALL_AND_THM, 2176 DISJ_IMP_THM, GSYM LEFT_FORALL_IMP_THM, IS_SEPARATION_COMBINATOR___FINITE_MAP, 2177 MEM, NOT_CONS_NIL] THEN 2178 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 2179 FEVERY_LIST_TO_FMAP, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree], []) THEN 2180 ASM_SIMP_TAC arith_ss [EVERY_MEM, MEM_ZIP, LENGTH_MAP, LENGTH_APPEND, 2181 GSYM LEFT_FORALL_IMP_THM, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 2182 EL_MAP] 2183) THEN 2184ASM_SIMP_TAC std_ss [var_res_prop_implies_eq_def, var_res_prop___EQ, 2185 var_res_prop___COND_UNION, var_res_prop___COND_INSERT] THEN 2186REPEAT STRIP_TAC THEN 2187ONCE_REWRITE_TAC[EXTENSION] THEN 2188REPEAT STRIP_TAC THEN 2189Tactical.REVERSE EQ_TAC THEN1 ( 2190 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 2191 BAG_UNION_INSERT, IN_ABS, 2192 var_res_prop___COND_INSERT, var_res_prop___COND_UNION] THEN 2193 REPEAT STRIP_TAC THEN 2194 Q.LIST_EXISTS_TAC [`s1`, `s2`] THEN 2195 ASM_SIMP_TAC std_ss [holfoot_ap_tree___REWRITE, asl_bool_EVAL] 2196) THEN 2197STRIP_TAC THEN 2198`(x:holfoot_state) IN var_res_prop_weak_unequal e1 (var_res_exp_const 0)` by ( 2199 MATCH_MP_TAC (ISPECL [``DISJOINT_FMAP_UNION:holfoot_heap bin_option_function``, 2200 ``e1:holfoot_a_expression``] 2201 var_res_implies_unequal___var_res_prop___PROP) THEN 2202 ASM_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, 2203 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 2204 METIS_TAC[] 2205) THEN 2206REPEAT (Q.PAT_X_ASSUM `x IN XXX` MP_TAC) THEN 2207ASM_SIMP_TAC std_ss [BAG_UNION_INSERT, var_res_prop_equal_unequal_EXPAND, 2208 IN_ABS, var_res_exp_const_def, 2209 var_res_prop___PROP_INSERT, var_res_prop___COND_UNION, 2210 var_res_prop___COND_INSERT] THEN 2211ASM_SIMP_TAC std_ss [holfoot_ap_tree___REWRITE, asl_bool_EVAL, 2212 asl_trivial_cond_def, var_res_prop_equal_unequal_EXPAND, 2213 COND_RAND, COND_RATOR, IN_ABS, var_res_exp_const_def, 2214 asl_emp_DISJOINT_FMAP_UNION, DISJOINT_FMAP_UNION___FEMPTY, IN_SING] THEN 2215METIS_TAC[]); 2216 2217 2218 2219val VAR_RES_FRAME_SPLIT___points_to___data_tree___REWRITE = prove ( 2220``!v tL e tagL dtagL data L wpb rpb sfb_context sfb_split sfb_imp. 2221 2222(LIST_TO_SET (tagL++dtagL) SUBSET FDOM L) /\ ~(NULL tagL) /\ 2223VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 2224(FEVERY (\x. 2225 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 2226 (SND x))) L) 2227==> 2228 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 2229 sfb_context 2230 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 2231 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data)) sfb_imp) 2232 2233 2234 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 2235 sfb_split 2236 (BAG_INSERT (asl_exists_list dtagL (\v. asl_exists_list tagL (\lL. asl_exists_list tagL (\tL. 2237 (asl_trivial_cond (data = node v tL) 2238 (asl_bigstar_list holfoot_separation_combinator 2239 ((MAP (\x. 2240 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 2241 (var_res_exp_const (SND x)))) (ZIP (tagL++dtagL, lL++v))++ 2242 MAP (\lt. holfoot_ap_data_tree tagL 2243 (var_res_exp_const (FST lt)) (dtagL,SND lt)) (ZIP (lL,tL))))))))) sfb_imp)``, 2244 2245REPEAT STRIP_TAC THEN 2246SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 2247 VAR_RES_FRAME_SPLIT___REWRITE_OK_def, 2248 var_res_prop___COND_UNION, 2249 var_res_prop___COND_INSERT, 2250 BAG_UNION_INSERT] THEN 2251REPEAT STRIP_TAC THEN 2252 2253MATCH_MP_TAC (prove (``((A /\ A') /\ (A /\ A' ==> (B = B'))) ==> ((A ==> B) = (A' ==> B'))``, 2254 SIMP_TAC (std_ss++CONJ_ss) [])) THEN 2255CONJ_TAC THEN1 ( 2256 SIMP_TAC std_ss [asl_exists_list___ELIM, holfoot_separation_combinator_def] THEN 2257 CONSEQ_HO_REWRITE_TAC ([], [ 2258 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree, 2259 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 2260 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_trivial_cond, 2261 MP_CANON VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_bigstar_list], []) THEN 2262 ASM_SIMP_TAC (list_ss++pairSimps.gen_beta_ss) [IS_SEPARATION_COMBINATOR___FINITE_MAP, 2263 DISJ_IMP_THM, FORALL_AND_THM, GSYM LEFT_FORALL_IMP_THM, 2264 MEM_MAP, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree, 2265 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 2266 FORALL_PROD] THEN 2267 REPEAT STRIP_TAC THEN1 ( 2268 Cases_on `tagL` THEN 2269 FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 2270 ) THEN 2271 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 2272 `p_1 IN FDOM L` suffices_by (STRIP_TAC THEN 2273 FULL_SIMP_TAC std_ss [FEVERY_DEF, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 2274 ) THEN 2275 `MEM p_1 (tagL ++ dtagL)` suffices_by (STRIP_TAC THEN 2276 FULL_SIMP_TAC std_ss [SUBSET_DEF] 2277 ) THEN 2278 Q.PAT_X_ASSUM `MEM x Y` MP_TAC THEN 2279 ASM_SIMP_TAC arith_ss [MEM_ZIP, GSYM LEFT_FORALL_IMP_THM, 2280 LENGTH_APPEND, EL_IS_EL] 2281) THEN 2282STRIP_TAC THEN 2283Q.PAT_X_ASSUM `var_res_prop___PROP DISJOINT_FMAP_UNION f X s` MP_TAC THEN 2284ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 2285 var_res_prop___COND_INSERT, var_res_prop___COND_UNION] THEN 2286ASM_SIMP_TAC std_ss [IN_ABS, asl_exists_list___ELIM, 2287 GSYM RIGHT_EXISTS_AND_THM, asl_bool_EVAL, GSYM LEFT_EXISTS_AND_THM, 2288 DISJOINT_FMAP_UNION___REWRITE, 2289 asl_bigstar_list_APPEND, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 2290REPEAT STRIP_TAC THEN 2291`?ec. (e (FST s) = SOME ec) /\ ~(ec = 0)` by ( 2292 Q.PAT_X_ASSUM `(FST s, _) IN holfoot_ap_points_to e L` MP_TAC THEN 2293 SIMP_TAC std_ss [holfoot_ap_points_to_def, LET_THM, IN_ABS] THEN 2294 Cases_on `e (FST s)` THEN SIMP_TAC std_ss [] 2295) THEN 2296`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)` by ( 2297 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 2298) THEN 2299`!h. ~((FST s, h:holfoot_heap) IN var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0))` by ( 2300 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS, var_res_exp_const_def] 2301) THEN 2302ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, 2303 asl_bool_EVAL, asl_exists_list___ELIM, GSYM RIGHT_EXISTS_AND_THM, 2304 GSYM LEFT_EXISTS_AND_THM] THEN 2305Tactical.REVERSE (Cases_on `?v tL. data = node v tL`) THEN1 ( 2306 Cases_on `data` THEN FULL_SIMP_TAC std_ss [tree_11, tree_distinct] 2307) THEN 2308FULL_SIMP_TAC std_ss [tree_11] THEN 2309HO_MATCH_MP_TAC (prove (``(!lL s2. ((?s1. X s1 s2 lL) = (?s1 s1'. Y s1 s1' s2 lL))) ==> 2310 ((?s1 s2 lL. X s1 s2 lL) = (?s1 lL s1' s2'. Y s1 s1' s2' lL))``, METIS_TAC[])) THEN 2311SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2312REPEAT STRIP_TAC THEN 2313 2314ASM_SIMP_TAC std_ss [asl_bigstar_list_REWRITE] THEN 2315Q.ABBREV_TAC `treeP = asl_bigstar_list holfoot_separation_combinator 2316 (MAP (\lt. holfoot_ap_data_tree tagL (var_res_exp_const (FST lt)) (dtagL,SND lt)) (ZIP (lL,tL)))` THEN 2317Q.ABBREV_TAC `LL = ZIP (tagL ++ dtagL, lL ++ v)` THEN 2318Q.ABBREV_TAC `eqP = (asl_bigstar_list holfoot_separation_combinator 2319 (MAP (\x. var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) (var_res_exp_const (SND x))) LL))` THEN 2320`(ZIP (tagL:holfoot_tag list ++ dtagL, 2321 ((MAP var_res_exp_const (lL ++ v)):holfoot_a_expression list))) = 2322 MAP (\x. (FST x, var_res_exp_const (SND x))) LL` by ( 2323 Q.UNABBREV_TAC `LL` THEN 2324 ASM_SIMP_TAC list_ss [ZIP_MAP] 2325) THEN 2326ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 2327Q.ABBREV_TAC `L' = LIST_TO_FMAP ((MAP (\x. (FST x,var_res_exp_const (SND x))) LL): (holfoot_tag # holfoot_a_expression) list)` THEN 2328`EVERY (\x. FST x IN FDOM L) LL` by ( 2329 Q.UNABBREV_TAC `LL` THEN 2330 FULL_SIMP_TAC arith_ss [EVERY_MEM, MEM_ZIP, 2331 GSYM LEFT_FORALL_IMP_THM, FEVERY_DEF, SUBSET_DEF, 2332 LENGTH_APPEND, EL_IS_EL] 2333) THEN 2334`~(NULL LL)` by ( 2335 Q.UNABBREV_TAC `LL` THEN 2336 Cases_on `tagL` THEN FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 2337) THEN 2338Tactical.REVERSE (Cases_on `ALL_DISTINCT (tagL ++ dtagL)`) THEN1 ( 2339 `treeP = asl_false` suffices_by (STRIP_TAC THEN 2340 ASM_SIMP_TAC std_ss [asl_false___asl_star_THM, NOT_IN_asl_false] 2341 ) THEN 2342 Q.UNABBREV_TAC `treeP` THEN 2343 MATCH_MP_TAC asl_bigstar_list_false THEN 2344 SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [MEM_MAP, GSYM LEFT_FORALL_IMP_THM] THEN 2345 `?y. MEM y (ZIP (lL, tL))` by ( 2346 Cases_on `tagL` THEN FULL_SIMP_TAC std_ss [LENGTH_EQ_NUM, NULL_DEF, LENGTH] THEN 2347 SIMP_TAC list_ss [EXISTS_OR_THM]) THEN 2348 Q.EXISTS_TAC `y` THEN ASM_REWRITE_TAC[holfoot_ap_data_tree_def] THEN 2349 MATCH_MP_TAC (GSYM holfoot_ap_data_tree_seg___TREE_PROPS) THEN 2350 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___WELL_FORMED_DATA_def] 2351) THEN 2352`ALL_DISTINCT (MAP FST LL)` by ( 2353 Q.UNABBREV_TAC `LL` THEN 2354 ASM_SIMP_TAC list_ss [MAP_ZIP] 2355) THEN 2356Q.PAT_X_ASSUM `Abbrev (LL = _)` (K ALL_TAC) THEN 2357`VAR_RES_IS_STACK_IMPRECISE treeP /\ 2358 VAR_RES_IS_STACK_IMPRECISE eqP /\ 2359 VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_points_to e L')` by ( 2360 MAP_EVERY Q.UNABBREV_TAC [`treeP`, `eqP`, `L'`] THEN 2361 REWRITE_TAC [holfoot_separation_combinator_def] THEN 2362 CONSEQ_HO_REWRITE_TAC ([], [MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list, 2363 VAR_RES_IS_STACK_IMPRECISE___points_to, FEVERY_LIST_TO_FMAP], []) THEN 2364 ASM_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, 2365 MAP_EQ_NIL, MEM_MAP, GSYM LEFT_FORALL_IMP_THM, EVERY_MEM, 2366 MEM_ZIP, LENGTH_APPEND, LENGTH_MAP, EL_MAP, 2367 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree, 2368 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 2369 GSYM NULL_EQ] THEN 2370 CONJ_TAC THEN1 ( 2371 Cases_on `tagL` THEN FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 2372 ) THEN 2373 REPEAT STRIP_TAC THEN 2374 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal THEN 2375 FULL_SIMP_TAC std_ss [EVERY_MEM, 2376 FEVERY_DEF, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 2377 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 2378) THEN 2379ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 2380 holfoot_separation_combinator_def, IN_ABS, GSYM LEFT_EXISTS_AND_THM, 2381 GSYM RIGHT_EXISTS_AND_THM, DISJOINT_FMAP_UNION___REWRITE] THEN 2382 2383HO_MATCH_MP_TAC (prove (``(!s1. ((?s2. X s1 s2) = (?s2 s3. Y s1 s2 s3))) ==> 2384 ((?s1 s2. X s1 s2) = (?s1 s2 s3. Y s1 s2 s3))``, METIS_TAC[])) THEN 2385REPEAT STRIP_TAC THEN 2386Tactical.REVERSE (Cases_on `s1'' = s1`) THEN1 ( 2387 POP_ASSUM MP_TAC THEN 2388 MATCH_MP_TAC (prove (``((A ==> C) /\ (B ==> C)) ==> (~C ==> (A = B))``, 2389 METIS_TAC [])) THEN 2390 Q.PAT_X_ASSUM `(FST s, s1) IN X` MP_TAC THEN 2391 ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, 2392 IN_ABS, LET_THM, GSYM fmap_EQ_THM, GSYM LEFT_FORALL_IMP_THM, 2393 FDOM_FUNION, IN_UNION, IN_SING] THEN 2394 SIMP_TAC (std_ss++CONJ_ss) [ 2395 IN_SING, IN_UNION, DISJ_IMP_THM, FORALL_AND_THM, IN_SING, 2396 FUNION_DEF, DISJOINT_INSERT, DISJOINT_UNION_BOTH] 2397) THEN 2398Q.ABBREV_TAC `lL_v_cond = EVERY (\x. (L ' (FST x)) (FST s) = SOME (SND x)) LL` THEN 2399`!h. (FST s, h:holfoot_heap) IN eqP = (h = FEMPTY) /\ lL_v_cond` by ( 2400 Q.PAT_X_ASSUM `Abbrev (L' = _)` (K ALL_TAC) THEN 2401 Q.UNABBREV_TAC `eqP` THEN Q.UNABBREV_TAC `lL_v_cond` THEN 2402 Induct_on `LL` THEN1 SIMP_TAC list_ss [] THEN 2403 Cases_on `NULL LL` THEN1 ( 2404 FULL_SIMP_TAC std_ss [NULL_EQ] THEN 2405 SIMP_TAC (list_ss++pairSimps.gen_beta_ss++CONJ_ss) [asl_bigstar_list_REWRITE, 2406 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 2407 var_res_prop_equal_unequal_EXPAND, IN_ABS, asl_emp_DISJOINT_FMAP_UNION, 2408 IN_SING, var_res_exp_const_def, IS_SOME_EXISTS, 2409 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] 2410 ) THEN 2411 REPEAT STRIP_TAC THEN 2412 FULL_SIMP_TAC list_ss [FEVERY_DEF, asl_bigstar_list_REWRITE] THEN 2413 Q.MATCH_ABBREV_TAC `(FST s, h') IN asl_star holfoot_separation_combinator 2414 P1 P2 = XXX` THEN Q.UNABBREV_TAC `XXX` THEN 2415 `VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 2416 MAP_EVERY Q.UNABBREV_TAC [`P1`, `P2`] THEN 2417 SIMP_TAC std_ss [holfoot_separation_combinator_def] THEN 2418 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 2419 MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list], []) THEN 2420 FULL_SIMP_TAC list_ss [MEM_MAP, GSYM LEFT_FORALL_IMP_THM, NULL_EQ, 2421 IS_SEPARATION_COMBINATOR___FINITE_MAP, 2422 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 2423 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, EVERY_MEM, FEVERY_DEF, 2424 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 2425 ) THEN 2426 ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, holfoot_separation_combinator_def, 2427 IN_ABS, DISJOINT_FMAP_UNION___FEMPTY] THEN 2428 Q.UNABBREV_TAC `P1` THEN 2429 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 2430 var_res_exp_const_def, asl_emp_DISJOINT_FMAP_UNION, IN_SING, IS_SOME_EXISTS, 2431 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] 2432) THEN 2433ASM_SIMP_TAC std_ss [FUNION_FEMPTY_2, FUNION_FEMPTY_1, FDOM_FEMPTY, 2434 DISJOINT_EMPTY, GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 2435CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 2436SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [FDOM_FUNION, DISJOINT_UNION_BOTH, 2437 DISJOINT_SYM, FUNION_ASSOC] THEN 2438REPEAT STRIP_TAC THEN 2439BINOP_TAC THEN1 METIS_TAC[FUNION_COMM] THEN 2440SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2441REPEAT STRIP_TAC THEN 2442 2443MAP_EVERY Q.UNABBREV_TAC [`L'`, `lL_v_cond`] THEN 2444Q.PAT_X_ASSUM `(FST s, s1) IN X` MP_TAC THEN 2445ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM, 2446 GSYM o_f_LIST_TO_FMAP, FEVERY_LIST_TO_FMAP_EQ, 2447 FEVERY_o_f, var_res_exp_const_def] THEN 2448SIMP_TAC std_ss [EVERY_MEM, FEVERY_DEF] THEN 2449REPEAT STRIP_TAC THEN 2450CONSEQ_CONV_TAC (K FORALL_EQ___CONSEQ_CONV) THEN 2451SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2452REPEAT STRIP_TAC THEN 2453Q.PAT_X_ASSUM `!x. x IN FDOM L ==> X x` (MP_TAC o Q.SPEC `FST (x:(holfoot_tag # num))`) THEN 2454FULL_SIMP_TAC std_ss [EVERY_MEM, IS_SOME_EXISTS, 2455 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 2456 GSYM LEFT_FORALL_IMP_THM] THEN 2457SIMP_TAC (std_ss++CONJ_ss) [] THEN 2458METIS_TAC[]); 2459 2460 2461 2462 2463val VAR_RES_FRAME_SPLIT___points_to___data_tree = store_thm ( 2464"VAR_RES_FRAME_SPLIT___points_to___data_tree", 2465``!e tagL dtagL data L wpb wpb' rpb sfb_context sfb_split sfb_imp sfb_restP sr. 2466 2467(LIST_TO_SET (tagL++dtagL) SUBSET FDOM L) /\ ~(NULL tagL) /\ 2468VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 2469(FEVERY (\x. 2470 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 2471 (SND x))) L) 2472==> 2473 ((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 2474 sfb_context 2475 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 2476 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data)) sfb_imp) sfb_restP) = 2477 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 2478 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 2479 sfb_split 2480 (BAG_INSERT (asl_exists_list dtagL (\v. asl_exists_list tagL (\lL. asl_exists_list tagL (\tL. 2481 (asl_trivial_cond (data = node v tL) 2482 (asl_bigstar_list holfoot_separation_combinator 2483 ((MAP (\x. 2484 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 2485 (var_res_exp_const (SND x)))) (ZIP (tagL++dtagL, lL++v))++ 2486 MAP (\lt. holfoot_ap_data_tree tagL 2487 (var_res_exp_const (FST lt)) (dtagL,SND lt)) (ZIP (lL,tL))))))))) sfb_imp) sfb_restP))``, 2488 2489REPEAT STRIP_TAC THEN 2490MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 2491ASM_SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___points_to___data_tree___REWRITE]); 2492 2493 2494 2495val VAR_RES_FRAME_SPLIT___points_to___data_tree___NODE = store_thm ( 2496"VAR_RES_FRAME_SPLIT___points_to___data_tree___NODE", 2497``!v tL e tagL dtagL L wpb wpb' rpb sfb_context sfb_split sfb_imp sfb_restP sr. 2498 2499(LIST_TO_SET (tagL++dtagL) SUBSET FDOM L) /\ ~(NULL tagL) /\ 2500VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 2501(FEVERY (\x. 2502 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 2503 (SND x))) L) 2504==> 2505 ((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 2506 sfb_context 2507 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 2508 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, node v tL)) sfb_imp) sfb_restP) = 2509 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 2510 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 2511 sfb_split 2512 (BAG_INSERT ( 2513 asl_exists_list tagL (\lL. 2514 asl_trivial_cond ((LENGTH v = LENGTH dtagL) /\ (LENGTH tL = LENGTH tagL)) ( 2515 (asl_bigstar_list holfoot_separation_combinator 2516 ((MAP (\x. 2517 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 2518 (var_res_exp_const (SND x)))) (ZIP (tagL++dtagL, lL++v))++ 2519 MAP (\lt. holfoot_ap_data_tree tagL 2520 (var_res_exp_const (FST lt)) (dtagL,SND lt)) (ZIP (lL,tL))))))) 2521 sfb_imp) sfb_restP))``, 2522 2523REPEAT STRIP_TAC THEN 2524ASM_SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___points_to___data_tree, 2525 tree_11] THEN 2526AP_THM_TAC THEN AP_TERM_TAC THEN 2527AP_THM_TAC THEN AP_TERM_TAC THEN 2528SIMP_TAC std_ss [asl_exists_list_def, 2529 IN_ABS, GSYM RIGHT_EXISTS_AND_THM, asl_bool_EVAL, 2530 EXTENSION] THEN 2531METIS_TAC[]); 2532 2533 2534 2535val holfoot_ap_data_tree___var_res_prop_implies_eq___split___NODE = 2536store_thm ("holfoot_ap_data_tree___var_res_prop_implies_eq___split___NODE", 2537``!tagL e1 dtagL v tL sfb1 sfb2 wpb rpb. 2538 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) ==> 2539 2540 (var_res_prop_implies_eq DISJOINT_FMAP_UNION (wpb, rpb) sfb1 2541 (BAG_INSERT (holfoot_ap_data_tree tagL e1 (dtagL, node v tL)) sfb2) 2542 2543 (BAG_INSERT (asl_exists_list tagL (\lL. 2544 asl_trivial_cond ((NULL tagL ==> ALL_DISTINCT dtagL) /\ 2545 (LENGTH v = LENGTH dtagL) /\ (LENGTH tL = LENGTH tagL)) 2546 (asl_bigstar_list holfoot_separation_combinator 2547 (holfoot_ap_points_to e1 (LIST_TO_FMAP (ZIP (tagL ++ dtagL, MAP var_res_exp_const (lL ++ v)))):: 2548 MAP (\lt. holfoot_ap_data_tree tagL 2549 (var_res_exp_const (FST lt)) (dtagL,(SND lt))) (ZIP (lL,tL)))))) 2550 sfb2))``, 2551 2552REPEAT STRIP_TAC THEN 2553ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, 2554 IS_LEAF_REWRITE, tree_distinct, asl_trivial_cond_TF, asl_bool_REWRITES, 2555 tree_11] THEN 2556SIMP_TAC std_ss [var_res_prop_implies_eq_def] THEN 2557AP_TERM_TAC THEN AP_TERM_TAC THEN 2558AP_THM_TAC THEN AP_TERM_TAC THEN 2559SIMP_TAC std_ss [asl_exists_list_def, 2560 IN_ABS, GSYM RIGHT_EXISTS_AND_THM, asl_bool_EVAL, 2561 EXTENSION] THEN 2562METIS_TAC[]); 2563 2564 2565 2566val VAR_RES_FRAME_SPLIT___points_to___tree___REWRITE = prove ( 2567``!v tL e tagL L wpb rpb sfb_context sfb_split sfb_imp. 2568 2569(LIST_TO_SET tagL SUBSET FDOM L) /\ ~(NULL tagL) /\ 2570VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 2571(FEVERY (\x. 2572 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 2573 (SND x))) L) 2574==> 2575 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 2576 sfb_context 2577 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 2578 (BAG_INSERT (holfoot_ap_tree tagL e) sfb_imp) 2579 2580 2581 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 2582 sfb_split 2583 (BAG_INSERT (asl_exists_list tagL (\lL. 2584 (asl_bigstar_list holfoot_separation_combinator 2585 ((MAP (\x. 2586 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 2587 (var_res_exp_const (SND x))) (ZIP (tagL, lL)))++ 2588 (MAP (\l. holfoot_ap_tree tagL (var_res_exp_const l)) lL))))) sfb_imp)``, 2589 2590REPEAT STRIP_TAC THEN 2591SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 2592 VAR_RES_FRAME_SPLIT___REWRITE_OK_def, 2593 var_res_prop___COND_UNION, 2594 var_res_prop___COND_INSERT, 2595 BAG_UNION_INSERT] THEN 2596REPEAT STRIP_TAC THEN 2597 2598MATCH_MP_TAC (prove (``((A /\ A') /\ (A /\ A' ==> (B = B'))) ==> ((A ==> B) = (A' ==> B'))``, 2599 SIMP_TAC (std_ss++CONJ_ss) [])) THEN 2600CONJ_TAC THEN1 ( 2601 SIMP_TAC std_ss [asl_exists_list___ELIM, holfoot_separation_combinator_def] THEN 2602 CONSEQ_HO_REWRITE_TAC ([], [ 2603 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree, 2604 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 2605 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_trivial_cond, 2606 MP_CANON VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_bigstar_list], []) THEN 2607 ASM_SIMP_TAC (list_ss++pairSimps.gen_beta_ss) [IS_SEPARATION_COMBINATOR___FINITE_MAP, 2608 DISJ_IMP_THM, FORALL_AND_THM, GSYM LEFT_FORALL_IMP_THM, 2609 MEM_MAP, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree, FORALL_PROD, 2610 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] THEN 2611 REPEAT STRIP_TAC THEN1 ( 2612 Cases_on `tagL` THEN 2613 FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 2614 ) THEN 2615 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 2616 `p_1 IN FDOM L` suffices_by (STRIP_TAC THEN 2617 FULL_SIMP_TAC std_ss [FEVERY_DEF, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 2618 ) THEN 2619 `MEM p_1 tagL` suffices_by (STRIP_TAC THEN 2620 FULL_SIMP_TAC std_ss [SUBSET_DEF] 2621 ) THEN 2622 Q.PAT_X_ASSUM `MEM x Y` MP_TAC THEN 2623 ASM_SIMP_TAC arith_ss [MEM_ZIP, GSYM LEFT_FORALL_IMP_THM, 2624 LENGTH_APPEND, EL_IS_EL] 2625) THEN 2626STRIP_TAC THEN 2627Q.PAT_X_ASSUM `var_res_prop___PROP DISJOINT_FMAP_UNION f X s` MP_TAC THEN 2628ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 2629 var_res_prop___COND_INSERT, var_res_prop___COND_UNION] THEN 2630ASM_SIMP_TAC std_ss [IN_ABS, asl_exists_list___ELIM, 2631 GSYM RIGHT_EXISTS_AND_THM, asl_bool_EVAL, GSYM LEFT_EXISTS_AND_THM, 2632 DISJOINT_FMAP_UNION___REWRITE, 2633 asl_bigstar_list_APPEND, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 2634REPEAT STRIP_TAC THEN 2635`?ec. (e (FST s) = SOME ec) /\ ~(ec = 0)` by ( 2636 Q.PAT_X_ASSUM `(FST s, _) IN holfoot_ap_points_to e L` MP_TAC THEN 2637 SIMP_TAC std_ss [holfoot_ap_points_to_def, LET_THM, IN_ABS] THEN 2638 Cases_on `e (FST s)` THEN SIMP_TAC std_ss [] 2639) THEN 2640`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)` by ( 2641 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 2642) THEN 2643`!h. ~((FST s, h:holfoot_heap) IN var_res_prop_equal DISJOINT_FMAP_UNION e (var_res_exp_const 0))` by ( 2644 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS, var_res_exp_const_def] 2645) THEN 2646ASM_SIMP_TAC std_ss [holfoot_ap_tree___REWRITE, 2647 asl_bool_EVAL, asl_exists_list___ELIM, GSYM RIGHT_EXISTS_AND_THM, 2648 GSYM LEFT_EXISTS_AND_THM] THEN 2649HO_MATCH_MP_TAC (prove (``(!lL s2. ((?s1. X s1 s2 lL) = (?s1 s1'. Y s1 s1' s2 lL))) ==> 2650 ((?s1 s2 lL. X s1 s2 lL) = (?s1 lL s1' s2'. Y s1 s1' s2' lL))``, METIS_TAC[])) THEN 2651SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2652REPEAT STRIP_TAC THEN 2653 2654ASM_SIMP_TAC std_ss [asl_bigstar_list_REWRITE] THEN 2655Q.ABBREV_TAC `treeP = asl_bigstar_list holfoot_separation_combinator 2656 (MAP (\l. holfoot_ap_tree tagL (var_res_exp_const l)) lL)` THEN 2657Q.ABBREV_TAC `LL = ZIP (tagL, lL)` THEN 2658Q.ABBREV_TAC `eqP = (asl_bigstar_list holfoot_separation_combinator 2659 (MAP (\x. var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) (var_res_exp_const (SND x))) LL))` THEN 2660`(ZIP (tagL:holfoot_tag list, 2661 ((MAP var_res_exp_const lL)):holfoot_a_expression list)) = 2662 MAP (\x. (FST x, var_res_exp_const (SND x))) LL` by ( 2663 Q.UNABBREV_TAC `LL` THEN 2664 ASM_SIMP_TAC list_ss [ZIP_MAP] 2665) THEN 2666ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 2667Q.ABBREV_TAC `L' = LIST_TO_FMAP ((MAP (\x. (FST x,var_res_exp_const (SND x))) LL): (holfoot_tag # holfoot_a_expression) list)` THEN 2668`EVERY (\x. FST x IN FDOM L) LL` by ( 2669 Q.UNABBREV_TAC `LL` THEN 2670 FULL_SIMP_TAC arith_ss [EVERY_MEM, MEM_ZIP, 2671 GSYM LEFT_FORALL_IMP_THM, FEVERY_DEF, SUBSET_DEF, 2672 LENGTH_APPEND, EL_IS_EL] 2673) THEN 2674`~(NULL LL)` by ( 2675 Q.UNABBREV_TAC `LL` THEN 2676 Cases_on `tagL` THEN FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 2677) THEN 2678Tactical.REVERSE (Cases_on `ALL_DISTINCT tagL`) THEN1 ( 2679 `treeP = asl_false` suffices_by (STRIP_TAC THEN 2680 ASM_SIMP_TAC std_ss [asl_false___asl_star_THM, NOT_IN_asl_false] 2681 ) THEN 2682 Q.UNABBREV_TAC `treeP` THEN 2683 MATCH_MP_TAC asl_bigstar_list_false THEN 2684 SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [MEM_MAP, GSYM LEFT_FORALL_IMP_THM] THEN 2685 `?l. MEM l lL` by ( 2686 Cases_on `tagL` THEN FULL_SIMP_TAC std_ss [LENGTH_EQ_NUM, NULL_DEF, LENGTH] THEN 2687 SIMP_TAC list_ss [EXISTS_OR_THM]) THEN 2688 Q.EXISTS_TAC `l` THEN ASM_REWRITE_TAC[] THEN 2689 MATCH_MP_TAC (GSYM holfoot_ap_tree___TREE_PROPS) THEN 2690 ASM_REWRITE_TAC[] 2691) THEN 2692`ALL_DISTINCT (MAP FST LL)` by ( 2693 Q.UNABBREV_TAC `LL` THEN 2694 ASM_SIMP_TAC list_ss [MAP_ZIP] 2695) THEN 2696Q.PAT_X_ASSUM `Abbrev (LL = _)` (K ALL_TAC) THEN 2697`VAR_RES_IS_STACK_IMPRECISE treeP /\ 2698 VAR_RES_IS_STACK_IMPRECISE eqP /\ 2699 VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_points_to e L')` by ( 2700 MAP_EVERY Q.UNABBREV_TAC [`treeP`, `eqP`, `L'`] THEN 2701 REWRITE_TAC [holfoot_separation_combinator_def] THEN 2702 CONSEQ_HO_REWRITE_TAC ([], [MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list, 2703 VAR_RES_IS_STACK_IMPRECISE___points_to, FEVERY_LIST_TO_FMAP], []) THEN 2704 ASM_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, 2705 MAP_EQ_NIL, MEM_MAP, GSYM LEFT_FORALL_IMP_THM, EVERY_MEM, 2706 MEM_ZIP, LENGTH_APPEND, LENGTH_MAP, EL_MAP, 2707 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_tree, 2708 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 2709 GSYM NULL_EQ] THEN 2710 CONJ_TAC THEN1 ( 2711 Cases_on `tagL` THEN FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM] 2712 ) THEN 2713 REPEAT STRIP_TAC THEN 2714 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal THEN 2715 FULL_SIMP_TAC std_ss [EVERY_MEM, 2716 FEVERY_DEF, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 2717 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 2718) THEN 2719ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 2720 holfoot_separation_combinator_def, IN_ABS, GSYM LEFT_EXISTS_AND_THM, 2721 GSYM RIGHT_EXISTS_AND_THM, DISJOINT_FMAP_UNION___REWRITE] THEN 2722 2723HO_MATCH_MP_TAC (prove (``(!s1. ((?s2. X s1 s2) = (?s2 s3. Y s1 s2 s3))) ==> 2724 ((?s1 s2. X s1 s2) = (?s1 s2 s3. Y s1 s2 s3))``, METIS_TAC[])) THEN 2725REPEAT STRIP_TAC THEN 2726Tactical.REVERSE (Cases_on `s1'' = s1`) THEN1 ( 2727 POP_ASSUM MP_TAC THEN 2728 MATCH_MP_TAC (prove (``((A ==> C) /\ (B ==> C)) ==> (~C ==> (A = B))``, 2729 METIS_TAC [])) THEN 2730 Q.PAT_X_ASSUM `(FST s, s1) IN X` MP_TAC THEN 2731 ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, 2732 IN_ABS, LET_THM, GSYM fmap_EQ_THM, GSYM LEFT_FORALL_IMP_THM, 2733 FDOM_FUNION, IN_UNION, IN_SING] THEN 2734 SIMP_TAC (std_ss++CONJ_ss) [ 2735 IN_SING, IN_UNION, DISJ_IMP_THM, FORALL_AND_THM, IN_SING, 2736 FUNION_DEF, DISJOINT_INSERT, DISJOINT_UNION_BOTH] 2737) THEN 2738Q.ABBREV_TAC `lL_v_cond = EVERY (\x. (L ' (FST x)) (FST s) = SOME (SND x)) LL` THEN 2739`!h. (FST s, h:holfoot_heap) IN eqP = (h = FEMPTY) /\ lL_v_cond` by ( 2740 Q.PAT_X_ASSUM `Abbrev (L' = _)` (K ALL_TAC) THEN 2741 Q.UNABBREV_TAC `eqP` THEN Q.UNABBREV_TAC `lL_v_cond` THEN 2742 Induct_on `LL` THEN1 SIMP_TAC list_ss [] THEN 2743 Cases_on `NULL LL` THEN1 ( 2744 FULL_SIMP_TAC std_ss [NULL_EQ] THEN 2745 SIMP_TAC (list_ss++pairSimps.gen_beta_ss++CONJ_ss) [asl_bigstar_list_REWRITE, 2746 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 2747 var_res_prop_equal_unequal_EXPAND, IN_ABS, asl_emp_DISJOINT_FMAP_UNION, 2748 IN_SING, var_res_exp_const_def, IS_SOME_EXISTS, 2749 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] 2750 ) THEN 2751 REPEAT STRIP_TAC THEN 2752 FULL_SIMP_TAC list_ss [FEVERY_DEF, asl_bigstar_list_REWRITE] THEN 2753 Q.MATCH_ABBREV_TAC `(FST s, h') IN asl_star holfoot_separation_combinator 2754 P1 P2 = XXX` THEN Q.UNABBREV_TAC `XXX` THEN 2755 `VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 2756 MAP_EVERY Q.UNABBREV_TAC [`P1`, `P2`] THEN 2757 SIMP_TAC std_ss [holfoot_separation_combinator_def] THEN 2758 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 2759 MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list], []) THEN 2760 FULL_SIMP_TAC list_ss [MEM_MAP, GSYM LEFT_FORALL_IMP_THM, NULL_EQ, 2761 IS_SEPARATION_COMBINATOR___FINITE_MAP, 2762 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 2763 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, EVERY_MEM, FEVERY_DEF, 2764 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 2765 ) THEN 2766 ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, holfoot_separation_combinator_def, 2767 IN_ABS, DISJOINT_FMAP_UNION___FEMPTY] THEN 2768 Q.UNABBREV_TAC `P1` THEN 2769 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 2770 var_res_exp_const_def, asl_emp_DISJOINT_FMAP_UNION, IN_SING, IS_SOME_EXISTS, 2771 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] 2772) THEN 2773ASM_SIMP_TAC std_ss [FUNION_FEMPTY_2, FUNION_FEMPTY_1, FDOM_FEMPTY, 2774 DISJOINT_EMPTY, GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 2775CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 2776SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [FDOM_FUNION, DISJOINT_UNION_BOTH, 2777 DISJOINT_SYM, FUNION_ASSOC] THEN 2778REPEAT STRIP_TAC THEN 2779BINOP_TAC THEN1 METIS_TAC[FUNION_COMM] THEN 2780SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2781REPEAT STRIP_TAC THEN 2782 2783MAP_EVERY Q.UNABBREV_TAC [`L'`, `lL_v_cond`] THEN 2784Q.PAT_X_ASSUM `(FST s, s1) IN X` MP_TAC THEN 2785ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM, 2786 GSYM o_f_LIST_TO_FMAP, FEVERY_LIST_TO_FMAP_EQ, 2787 FEVERY_o_f, var_res_exp_const_def] THEN 2788SIMP_TAC std_ss [EVERY_MEM, FEVERY_DEF] THEN 2789REPEAT STRIP_TAC THEN 2790CONSEQ_CONV_TAC (K FORALL_EQ___CONSEQ_CONV) THEN 2791SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2792REPEAT STRIP_TAC THEN 2793Q.PAT_X_ASSUM `!x. x IN FDOM L ==> X x` (MP_TAC o Q.SPEC `FST (x:(holfoot_tag # num))`) THEN 2794FULL_SIMP_TAC std_ss [EVERY_MEM, IS_SOME_EXISTS, 2795 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 2796 GSYM LEFT_FORALL_IMP_THM] THEN 2797SIMP_TAC (std_ss++CONJ_ss) [] THEN 2798METIS_TAC[]); 2799 2800 2801 2802val VAR_RES_FRAME_SPLIT___points_to___tree = store_thm ( 2803"VAR_RES_FRAME_SPLIT___points_to___tree", 2804``!e tagL L wpb wpb' rpb sfb_context sfb_split sfb_imp sfb_restP sr. 2805 2806(LIST_TO_SET tagL SUBSET FDOM L) /\ ~(NULL tagL) /\ 2807VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 2808(FEVERY (\x. 2809 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 2810 (SND x))) L) 2811==> 2812 ((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 2813 sfb_context 2814 (BAG_INSERT (holfoot_ap_points_to e L) sfb_split) 2815 (BAG_INSERT (holfoot_ap_tree tagL e) sfb_imp) sfb_restP) = 2816 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 2817 (BAG_INSERT (holfoot_ap_points_to e L) sfb_context) 2818 sfb_split 2819 (BAG_INSERT (asl_exists_list tagL (\lL. 2820 (asl_bigstar_list holfoot_separation_combinator 2821 ((MAP (\x. 2822 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 2823 (var_res_exp_const (SND x))) (ZIP (tagL, lL)))++ 2824 (MAP (\l. holfoot_ap_tree tagL (var_res_exp_const l)) lL))))) sfb_imp) sfb_restP))``, 2825 2826REPEAT STRIP_TAC THEN 2827MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 2828ASM_SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___points_to___tree___REWRITE]); 2829 2830 2831 2832 2833 2834val holfoot_ap_data_tree___REWRITE_EXP = 2835store_thm ("holfoot_ap_data_tree___REWRITE_EXP", 2836``!tagL dtagL data e e' s. 2837((e (FST s) = (e' (FST s))) /\ 2838(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)) /\ 2839(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e'))) ==> 2840 2841(s IN (holfoot_ap_data_tree tagL e (dtagL, data)) = 2842 s IN (holfoot_ap_data_tree tagL e' (dtagL, data)))``, 2843 2844 2845SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, asl_bool_EVAL, 2846 asl_exists_list___ELIM, var_res_prop_equal_unequal_EXPAND, IN_ABS, 2847 asl_emp_DISJOINT_FMAP_UNION, GSYM RIGHT_EXISTS_AND_THM, IN_SING] THEN 2848REPEAT STRIP_TAC THEN 2849BINOP_TAC THEN1 REWRITE_TAC[] THEN 2850REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 2851REPEAT STRIP_TAC THEN 2852Cases_on `NULL tagL ==> ALL_DISTINCT dtagL` THEN ASM_REWRITE_TAC[] THEN 2853 2854SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2855REPEAT STRIP_TAC THEN 2856 2857Cases_on `tagL` THEN1 ( 2858 FULL_SIMP_TAC list_ss [LENGTH_EQ_NUM, 2859 asl_bigstar_list_REWRITE, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 2860 asl_star___PROPERTIES] THEN 2861 ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, LET_THM, IN_ABS] 2862) THEN 2863FULL_SIMP_TAC list_ss [ 2864 asl_bigstar_list_REWRITE, IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 2865 asl_star___PROPERTIES] THEN 2866Q.MATCH_ABBREV_TAC `s IN asl_star holfoot_separation_combinator P1 P2 = 2867 s IN asl_star holfoot_separation_combinator P1' P2` THEN 2868`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P1' /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 2869 MAP_EVERY Q.UNABBREV_TAC [`P1`, `P1'`, `P2`] THEN 2870 REWRITE_TAC [holfoot_separation_combinator_def] THEN 2871 CONSEQ_REWRITE_TAC ([], 2872 [VAR_RES_IS_STACK_IMPRECISE___points_to, FEVERY_LIST_TO_FMAP, 2873 MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list], 2874 []) THEN 2875 ASM_SIMP_TAC (std_ss++CONJ_ss) [IS_SEPARATION_COMBINATOR___FINITE_MAP, MEM_MAP, 2876 GSYM LEFT_FORALL_IMP_THM, VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree, 2877 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 2878 ASM_SIMP_TAC arith_ss [GSYM MAP_APPEND, ZIP_MAP, LENGTH, EVERY_MAP, 2879 LENGTH_APPEND, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 2880 MAP_EQ_NIL] THEN 2881 FULL_SIMP_TAC list_ss [EVERY_MEM, LENGTH_EQ_NUM] 2882) THEN 2883ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 2884 holfoot_separation_combinator_def, IN_ABS] THEN 2885REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 2886SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 2887REPEAT STRIP_TAC THEN 2888MAP_EVERY Q.UNABBREV_TAC [`P1`, `P1'`] THEN 2889ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM]); 2890 2891 2892 2893 2894val holfoot_ap_data_tree___SAME_START = store_thm ("holfoot_ap_data_tree___SAME_START", 2895``!data data' e e' tagL dtagL st h1 h2 h. 2896(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 2897 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e') /\ 2898 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h1 h /\ 2899 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h2 h /\ 2900 (st, h1) IN holfoot_ap_data_tree tagL e (dtagL, data) /\ 2901 (st, h2) IN holfoot_ap_data_tree tagL e' (dtagL, data') /\ 2902 (e st = e' st)) ==> ((h1 = h2) /\ (data = data'))``, 2903 2904HO_MATCH_MP_TAC tree_INDUCT THEN 2905CONJ_TAC THEN1 ( 2906 REPEAT GEN_TAC THEN STRIP_TAC THEN 2907 REPEAT (Q.PAT_X_ASSUM `X IN Y` MP_TAC) THEN 2908 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___leaf, 2909 asl_bool_EVAL, var_res_prop_equal_unequal_EXPAND, 2910 IN_ABS, var_res_exp_const_def] THEN 2911 STRIP_TAC THEN 2912 `e' st = SOME 0` by ( 2913 Cases_on `e' st` THEN FULL_SIMP_TAC std_ss [] 2914 ) THEN 2915 `(st,h2) IN holfoot_ap_data_tree tagL e' (dtagL,data') = 2916 (st,h2) IN holfoot_ap_data_tree tagL (var_res_exp_const 0) (dtagL,data')` by ( 2917 MATCH_MP_TAC holfoot_ap_data_tree___REWRITE_EXP THEN 2918 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 2919 SIMP_TAC std_ss [var_res_exp_const_def] 2920 ) THEN 2921 FULL_SIMP_TAC std_ss [holfoot_ap_data_tree___null, 2922 var_res_bool_proposition_REWRITE, IS_LEAF_REWRITE, 2923 asl_emp_DISJOINT_FMAP_UNION, IN_ABS, IN_SING] 2924) THEN 2925REPEAT (GEN_TAC ORELSE DISCH_TAC) THEN 2926FULL_SIMP_TAC std_ss [] THEN 2927`ALL_DISTINCT (tagL ++ dtagL)` by ( 2928 CCONTR_TAC THEN 2929 `holfoot_ap_data_tree tagL e' (dtagL,data') = asl_false` suffices_by (STRIP_TAC THEN 2930 FULL_SIMP_TAC std_ss [asl_bool_EVAL] 2931 ) THEN 2932 MATCH_MP_TAC holfoot_ap_data_tree___TREE_PROPS THEN 2933 ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___WELL_FORMED_DATA_def] 2934) THEN 2935Q.PAT_X_ASSUM `(st,h1) IN Y` MP_TAC THEN 2936ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, 2937 asl_bool_EVAL, IS_LEAF_def, tree_11, asl_exists_list___ELIM, 2938 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM] THEN 2939GEN_TAC THEN STRIP_TAC THEN 2940Q.ABBREV_TAC `P1 = \a lL e. (holfoot_ap_points_to e 2941 (LIST_TO_FMAP (ZIP (tagL ++ dtagL,MAP var_res_exp_const (lL ++ a)))))` THEN 2942Q.ABBREV_TAC `PL = \lL l. MAP (\lt. holfoot_ap_data_tree tagL 2943 (var_res_exp_const (FST lt)) (dtagL,SND lt)) (ZIP (lL,l))` THEN 2944 2945`(!lL l. MAP (\lt. holfoot_ap_data_tree tagL 2946 (var_res_exp_const (FST lt)) (dtagL,SND lt)) (ZIP (lL,l)) = PL lL l) /\ 2947(!a lL e. (holfoot_ap_points_to e 2948 (LIST_TO_FMAP (ZIP (tagL ++ dtagL,MAP var_res_exp_const (lL ++ a))))) = P1 a lL e)` by ( 2949 Q.UNABBREV_TAC `P1` THEN Q.UNABBREV_TAC `PL` THEN 2950 SIMP_TAC std_ss [] 2951) THEN 2952`!a lL e l. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 2953 (LENGTH a = LENGTH dtagL) /\ (LENGTH lL = LENGTH tagL) ==> 2954 EVERY VAR_RES_IS_STACK_IMPRECISE ((P1 a lL e)::(PL lL l))` by ( 2955 MAP_EVERY Q.UNABBREV_TAC [`P1`, `PL`] THEN 2956 SIMP_TAC list_ss [EVERY_MEM, DISJ_IMP_THM, FORALL_AND_THM, 2957 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 2958 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree, 2959 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 2960 REPEAT STRIP_TAC THEN 2961 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___points_to THEN 2962 ASM_REWRITE_TAC[] THEN 2963 MATCH_MP_TAC FEVERY_LIST_TO_FMAP THEN 2964 ASM_SIMP_TAC arith_ss [GSYM MAP_APPEND, ZIP_MAP, 2965 LENGTH_APPEND] THEN 2966 SIMP_TAC std_ss [EVERY_MEM, MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 2967 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 2968) THEN 2969Q.PAT_X_ASSUM `(st, h1) IN X` MP_TAC THEN 2970ASM_SIMP_TAC std_ss [asl_bigstar_list___VAR_RES_IS_STACK_IMPRECISE, 2971 holfoot_separation_combinator_def, IS_SEPARATION_COMBINATOR___FINITE_MAP, 2972 IN_ABS] THEN 2973STRIP_TAC THEN 2974`?ec. (e st = SOME ec) /\ ~(ec = 0)` by ( 2975 Q.UNABBREV_TAC `P1` THEN 2976 FULL_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] THEN 2977 Cases_on `e st` THEN FULL_SIMP_TAC std_ss [] THEN 2978 METIS_TAC[] 2979) THEN 2980`e' st = SOME ec` by PROVE_TAC[] THEN 2981Q.PAT_X_ASSUM `(st,h2) IN X` MP_TAC THEN 2982ASM_SIMP_TAC std_ss [holfoot_ap_data_tree___REWRITE, 2983 asl_bool_EVAL, asl_exists_list___ELIM, 2984 GSYM RIGHT_EXISTS_AND_THM, DISJ_IMP_THM, 2985 GSYM LEFT_FORALL_IMP_THM] THEN 2986CONJ_TAC THEN1 ( 2987 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS, 2988 var_res_exp_const_def] 2989) THEN 2990REPEAT GEN_TAC THEN STRIP_TAC THEN 2991Q.PAT_X_ASSUM `(st,h2) IN X` MP_TAC THEN 2992ASM_SIMP_TAC std_ss [asl_bigstar_list___VAR_RES_IS_STACK_IMPRECISE, 2993 holfoot_separation_combinator_def, IS_SEPARATION_COMBINATOR___FINITE_MAP, 2994 IN_ABS, tree_11] THEN 2995STRIP_TAC THEN 2996`(v = n) /\ (lL' = lL) /\ (es1' = es1)` by ( 2997 Q.PAT_X_ASSUM `(st, es1') IN X` MP_TAC THEN 2998 Q.PAT_X_ASSUM `(st, es1) IN X` MP_TAC THEN 2999 Q.UNABBREV_TAC `P1` THEN 3000 Q.ABBREV_TAC `tagL' = tagL++dtagL` THEN 3001 Q.ABBREV_TAC `lL'' = lL' ++ v` THEN 3002 Q.ABBREV_TAC `lL''' = lL ++ n` THEN 3003 `(LENGTH lL'' = LENGTH tagL') /\ (LENGTH lL''' = LENGTH tagL')` by ( 3004 MAP_EVERY Q.UNABBREV_TAC [`lL''`, `lL'''`, `tagL'`] THEN 3005 ASM_SIMP_TAC list_ss [] 3006 ) THEN 3007 ASM_SIMP_TAC arith_ss [IN_ABS, LET_THM, holfoot_ap_points_to_def, 3008 GSYM fmap_EQ_THM, IN_SING, FEVERY_LIST_TO_FMAP_EQ, MAP_ZIP, 3009 LENGTH_APPEND, LENGTH_MAP] THEN 3010 ASM_SIMP_TAC arith_ss [ZIP_MAP, EVERY_MAP, var_res_exp_const_def, 3011 LENGTH_MAP, LENGTH_APPEND] THEN 3012 STRIP_TAC THEN STRIP_TAC THEN 3013 `es1' ' ec = es1 ' ec` by ( 3014 `ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es1 h /\ 3015 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es1' h` by ( 3016 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP, 3017 ASL_IS_SUBSTATE___TRANS] 3018 ) THEN 3019 POP_ASSUM MP_TAC THEN POP_ASSUM MP_TAC THEN 3020 ASM_SIMP_TAC std_ss [ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION, IN_SING] 3021 ) THEN 3022 FULL_SIMP_TAC std_ss [] THEN 3023 `lL'' = lL'''` suffices_by (STRIP_TAC THEN 3024 POP_ASSUM MP_TAC THEN 3025 MAP_EVERY Q.UNABBREV_TAC [`lL''`, `lL'''`] THEN 3026 FULL_SIMP_TAC list_ss [APPEND_11_LENGTH] 3027 ) THEN 3028 REPEAT (Q.PAT_X_ASSUM `EVERY X (ZIP Y)` MP_TAC) THEN 3029 Q.PAT_X_ASSUM `LENGTH lL'' = X` MP_TAC THEN 3030 Q.PAT_X_ASSUM `LENGTH lL''' = X` MP_TAC THEN 3031 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 3032 Q.SPEC_TAC (`tagL'`, `tagL'`) THEN 3033 Q.SPEC_TAC (`lL''`, `lL''`) THEN 3034 Q.SPEC_TAC (`lL'''`, `lL'''`) THEN 3035 Induct_on `tagL'` THEN ( 3036 ASM_SIMP_TAC list_ss [LENGTH_EQ_NUM, 3037 GSYM LEFT_FORALL_IMP_THM, GSYM RIGHT_FORALL_IMP_THM] 3038 ) 3039) THEN 3040`(es2' = es2) /\ (tL = tL')` suffices_by (STRIP_TAC THEN 3041 FULL_SIMP_TAC std_ss [] 3042) THEN 3043Q.PAT_X_ASSUM `(st, es2) IN X` MP_TAC THEN 3044Q.PAT_X_ASSUM `(st, es2') IN X` MP_TAC THEN 3045Q.PAT_X_ASSUM `EVERY P X` MP_TAC THEN 3046Q.UNABBREV_TAC `PL` THEN 3047ASM_SIMP_TAC std_ss [] THEN 3048`(LENGTH tL = LENGTH lL) /\ (LENGTH tL' = LENGTH lL)` by ASM_SIMP_TAC std_ss [] THEN 3049NTAC 2 (POP_ASSUM MP_TAC) THEN 3050`ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es2 h /\ 3051 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es2' h` by ( 3052 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP, 3053 ASL_IS_SUBSTATE___TRANS] 3054) THEN 3055NTAC 2 (POP_ASSUM MP_TAC) THEN 3056MAP_EVERY (fn x => Q.SPEC_TAC (x,x)) [`es2`, `es2'`, `tL`, `tL'`, `lL`] THEN 3057REPEAT (POP_ASSUM (K ALL_TAC)) THEN 3058Induct_on `lL` THEN1 ( 3059 SIMP_TAC list_ss [LENGTH_EQ_NUM, asl_bigstar_list_REWRITE, 3060 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___FINITE_MAP, 3061 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR] THEN 3062 SIMP_TAC std_ss [var_res_prop_stack_true_REWRITE, IN_ABS, 3063 asl_emp_DISJOINT_FMAP_UNION, IN_SING] 3064) THEN 3065SIMP_TAC list_ss [LENGTH_EQ_NUM, GSYM LEFT_FORALL_IMP_THM, 3066 GSYM RIGHT_FORALL_IMP_THM, asl_bigstar_list_REWRITE, 3067 asl_star___swap_var_res_prop_stack_true, 3068 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 3069 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 3070REPEAT (GEN_TAC ORELSE DISCH_TAC) THEN 3071Q.PAT_X_ASSUM `(st, es2) IN X` MP_TAC THEN 3072Q.PAT_X_ASSUM `(st, es2') IN X` MP_TAC THEN 3073Q.HO_MATCH_ABBREV_TAC ` 3074 (st, es2') IN asl_star f P1 P1L ==> 3075 (st, es2) IN asl_star f P2 P2L ==> 3076 XXX` THEN 3077Q.UNABBREV_TAC `f` THEN Q.UNABBREV_TAC `XXX` THEN 3078Q.PAT_X_ASSUM `!tL' tL. X` (MP_TAC o Q.SPECL [`l''`, `l'`]) THEN 3079ASM_SIMP_TAC std_ss [] THEN 3080FULL_SIMP_TAC std_ss [GSYM asl_bigstar_list_REWRITE] THEN 3081`VAR_RES_IS_STACK_IMPRECISE P1 /\ 3082 VAR_RES_IS_STACK_IMPRECISE P1L /\ 3083 VAR_RES_IS_STACK_IMPRECISE P2 /\ 3084 VAR_RES_IS_STACK_IMPRECISE P2L` by ( 3085 MAP_EVERY Q.UNABBREV_TAC [`P1`, `P2`, `P1L`, `P2L`] THEN 3086 CONSEQ_REWRITE_TAC ([], 3087 [VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree, 3088 MP_CANON VAR_RES_IS_STACK_IMPRECISE___asl_bigstar_list], 3089 []) THEN 3090 SIMP_TAC list_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 3091 IS_SEPARATION_COMBINATOR___FINITE_MAP, DISJ_IMP_THM, FORALL_AND_THM, 3092 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 3093 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_tree, 3094 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_stack_true] 3095) THEN 3096ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS] THEN 3097REPEAT (GEN_TAC ORELSE DISCH_TAC) THEN 3098FULL_SIMP_TAC std_ss [] THEN 3099 3100`ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es1 h /\ 3101 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es1' h /\ 3102 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es2'' h /\ 3103 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION es2''' h` by ( 3104 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP, 3105 ASL_IS_SUBSTATE___TRANS] 3106) THEN 3107 3108`(es2'' = es2''') /\ (l' = l'')` by METIS_TAC[] THEN 3109ASM_REWRITE_TAC[] THEN 3110Q.PAT_X_ASSUM `!data' e e' tagL dtagL st h1 h2 h. X` 3111 (MP_TAC o Q.SPECL [`h'''`, `(var_res_exp_const h'):holfoot_a_expression`, 3112 `(var_res_exp_const h'):holfoot_a_expression`, 3113 `tagL`, `dtagL`, `st`, `es1'`, `es1`, `h`]) THEN 3114ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 3115FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE]); 3116 3117 3118 3119 3120val VAR_RES_FRAME_SPLIT___data_tree___SAME_EXP___REMOVE___REWRITE = prove ( 3121``!wpb rpb e tagL dtagL data1 data2 sfb_context sfb_split sfb_imp. 3122VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e ==> 3123 3124(VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 3125 sfb_context 3126 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data1)) sfb_split) 3127 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data2)) sfb_imp) 3128 3129 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data1)) sfb_context) 3130 sfb_split 3131 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 3132 (data1 = data2)) sfb_imp))``, 3133 3134REPEAT STRIP_TAC THEN 3135Cases_on `data2 = data1` THEN1 ( 3136 ASM_SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___REWRITE_OK___stack_true, 3137 var_res_bool_proposition_TF, VAR_RES_FRAME_SPLIT___REWRITE_OK___FRAME] 3138) THEN 3139ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [var_res_bool_proposition_TF, 3140 VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 3141 BAG_UNION_INSERT, var_res_prop___COND_INSERT, 3142 var_res_prop___COND_UNION, 3143 var_res_prop___PROP___asl_false, asl_bool_EVAL, 3144 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree, 3145 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_false] THEN 3146REPEAT STRIP_TAC THEN 3147 3148REPEAT (Q.PAT_X_ASSUM `var_res_prop___PROP f x y s` MP_TAC) THEN 3149ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 3150 var_res_prop___COND_UNION, var_res_prop___COND_INSERT, 3151 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree] THEN 3152REPEAT STRIP_TAC THEN CCONTR_TAC THEN FULL_SIMP_TAC std_ss [] THEN 3153 3154`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)` by 3155 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 3156`ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1 (SND s) /\ 3157 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1' (SND s)` by ( 3158 METIS_TAC [ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP]) THEN 3159METIS_TAC[holfoot_ap_data_tree___SAME_START]); 3160 3161 3162 3163val VAR_RES_FRAME_SPLIT___data_tree___SAME_EXP___REMOVE = store_thm ( 3164"VAR_RES_FRAME_SPLIT___data_tree___SAME_EXP___REMOVE", 3165``!wpb rpb e tagL dtagL data1 data2 sfb_context sfb_split sfb_imp sr wpb' sfb_restP. 3166VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e ==> 3167 3168((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 3169 sfb_context 3170 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data1)) sfb_split) 3171 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data2)) sfb_imp) sfb_restP) = 3172 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 3173 (BAG_INSERT (holfoot_ap_data_tree tagL e (dtagL, data1)) sfb_context) 3174 sfb_split 3175 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 3176 (data1 = data2)) sfb_imp)) sfb_restP)``, 3177 3178REPEAT STRIP_TAC THEN 3179MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 3180MATCH_MP_TAC VAR_RES_FRAME_SPLIT___data_tree___SAME_EXP___REMOVE___REWRITE THEN 3181ASM_REWRITE_TAC[]); 3182 3183 3184 3185(*----------------- 3186 * Lists 3187 *-----------------*) 3188 3189 3190val holfoot_ap_gendl_data_list_seg_num_def = Define ` 3191 (holfoot_ap_gendl_data_list_seg_num 0 np startExp data endExp = 3192 if (EVERY (\x. NULL (SND x)) data) /\ ALL_DISTINCT (MAP FST data) then 3193 (var_res_prop_equal DISJOINT_FMAP_UNION startExp endExp) 3194 else asl_false) /\ 3195 (holfoot_ap_gendl_data_list_seg_num (SUC n) np startExp data endExp = 3196 if EVERY (\x. ~NULL (SND x)) data /\ ALL_DISTINCT (MAP FST data) then 3197 asl_and (var_res_prop_weak_unequal startExp endExp) 3198 asl_exists n':num. 3199 asl_star holfoot_separation_combinator 3200 (asl_and (np startExp (var_res_exp_const n')) 3201 (holfoot_ap_points_to startExp 3202 (LIST_TO_FMAP (ZIP (MAP FST data, 3203 (MAP (\x. var_res_exp_const (HD (SND x))) data)))))) 3204 (holfoot_ap_gendl_data_list_seg_num n np 3205 (var_res_exp_const n') (MAP (\ (t, l). (t, TL l)) data) endExp) 3206 else asl_false)`; 3207 3208val holfoot_ap_data_list_seg_num_def = Define ` 3209 holfoot_ap_data_list_seg_num n tl startExp data endExp = 3210 if MEM tl (MAP FST data) then asl_false else 3211 holfoot_ap_gendl_data_list_seg_num n 3212 (\e1 e2 state. 3213 let v1 = e1 (FST state) in 3214 let v2 = e2 (FST state) in 3215 (IS_SOME v1 /\ IS_SOME v2 /\ 3216 ((THE v1) IN FDOM (SND state)) /\ 3217 ((SND state) ' (THE v1) tl = THE v2))) startExp data endExp`; 3218 3219val holfoot_ap_data_list_seg_num_REWRITE = store_thm ("holfoot_ap_data_list_seg_num_REWRITE", 3220``(holfoot_ap_data_list_seg_num 0 tl startExp data endExp = 3221 if (EVERY (\x. NULL (SND x)) data) /\ ALL_DISTINCT (tl::(MAP FST data)) then 3222 (var_res_prop_equal DISJOINT_FMAP_UNION startExp endExp) 3223 else asl_false) /\ 3224 (holfoot_ap_data_list_seg_num (SUC n) tl startExp data endExp = 3225 if EVERY (\x. ~NULL (SND x)) data /\ ALL_DISTINCT (tl::(MAP FST data)) then 3226 asl_and (var_res_prop_weak_unequal startExp endExp) ( 3227 asl_exists n':num. asl_star holfoot_separation_combinator 3228 (holfoot_ap_points_to startExp 3229 (LIST_TO_FMAP (ZIP (tl::MAP FST data, 3230 MAP (var_res_exp_const) (n'::(MAP (\x. HD (SND x)) data)))))) 3231 (holfoot_ap_data_list_seg_num n tl 3232 (var_res_exp_const n') (MAP (\ (t, l). (t, TL l)) data) endExp) 3233 ) else asl_false)``, 3234 3235SIMP_TAC (std_ss++boolSimps.CONJ_ss) [holfoot_ap_data_list_seg_num_def, holfoot_ap_gendl_data_list_seg_num_def] THEN 3236Cases_on `ALL_DISTINCT (tl::(MAP FST data))` THEN FULL_SIMP_TAC std_ss [ALL_DISTINCT] THEN 3237Cases_on `EVERY (\x. ~NULL (SND x)) data` THEN ASM_REWRITE_TAC[] THEN 3238ASM_SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [FUN_EQ_THM, asl_bool_EVAL, IN_ABS, asl_star_def, GSYM RIGHT_EXISTS_AND_THM, 3239 MAP_MAP_o, o_DEF, ETA_THM] THEN 3240REPEAT STRIP_TAC THEN 3241REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 3242SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 3243REPEAT STRIP_TAC THEN 3244SIMP_TAC (list_ss++EQUIV_EXTRACT_ss) [holfoot_ap_points_to_def, IN_ABS, LET_THM, 3245 LIST_TO_FMAP_THM, FEVERY_FUPDATE, MAP_MAP_o, o_DEF, 3246 var_res_exp_const_EVAL] THEN 3247Q.ABBREV_TAC `dL:holfoot_tag |-> holfoot_a_expression = (LIST_TO_FMAP (ZIP (MAP FST data, MAP (\x. var_res_exp_const (HD (SND x))) data)))` THEN 3248`DRESTRICT dL (COMPL {tl}) = dL` by ( 3249 MATCH_MP_TAC NOT_FDOM_DRESTRICT THEN 3250 Q.UNABBREV_TAC `dL` THEN 3251 ASM_SIMP_TAC list_ss [FDOM_LIST_TO_FMAP, MAP_ZIP] 3252) THEN 3253ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [IN_SING]); 3254 3255 3256 3257val holfoot_ap_list_seg_num_def = Define ` 3258 holfoot_ap_list_seg_num n tl startExp endExp = 3259 holfoot_ap_data_list_seg_num n tl startExp [] endExp`; 3260 3261 3262val holfoot_ap_gendl_data_list_seg_num___DATA_PROPS = 3263store_thm ("holfoot_ap_gendl_data_list_seg_num___DATA_PROPS", 3264``!n data np startExp endExp. 3265 ~((EVERY (\x. LENGTH (SND x) = n) data) /\ (ALL_DISTINCT (MAP FST data))) ==> 3266 (holfoot_ap_gendl_data_list_seg_num n np startExp data endExp = 3267 asl_false)``, 3268 3269Induct_on `n` THENL [ 3270 SIMP_TAC std_ss [holfoot_ap_gendl_data_list_seg_num_def, LENGTH_NIL, NULL_EQ, 3271 DISJ_IMP_THM], 3272 3273 SIMP_TAC std_ss [holfoot_ap_gendl_data_list_seg_num_def, COND_RAND, COND_RATOR, 3274 DISJ_IMP_THM] THEN 3275 REPEAT STRIP_TAC THEN 3276 SIMP_TAC std_ss [EXTENSION, asl_bool_EVAL] THEN 3277 GEN_TAC THEN DISJ2_TAC THEN GEN_TAC THEN 3278 MATCH_MP_TAC (prove (``(Y = asl_false) ==> x NOTIN Y``, SIMP_TAC std_ss [asl_bool_EVAL])) THEN 3279 MATCH_MP_TAC (prove (``(P2 = asl_false) ==> (asl_star holfoot_separation_combinator P1 P2 = asl_false)``, 3280 SIMP_TAC std_ss [asl_false___asl_star_THM])) THEN 3281 Q.PAT_X_ASSUM `!data tl. X` MATCH_MP_TAC THEN 3282 Induct_on `data` THEN1 SIMP_TAC list_ss [] THEN 3283 FULL_SIMP_TAC (list_ss++QUANT_INST_ss[list_qp, pair_default_qp]) [o_DEF] THEN 3284 REPEAT STRIP_TAC THEN 3285 FULL_SIMP_TAC list_ss [o_DEF] 3286]); 3287 3288 3289 3290val holfoot_ap_data_list_seg_num___DATA_PROPS = 3291store_thm ("holfoot_ap_data_list_seg_num___DATA_PROPS", 3292``!n data tl startExp endExp. 3293 ~((EVERY (\x. LENGTH (SND x) = n) data) /\ (ALL_DISTINCT (tl::(MAP FST data)))) ==> 3294 (holfoot_ap_data_list_seg_num n tl startExp data endExp = 3295 asl_false)``, 3296 3297SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_def, 3298 ALL_DISTINCT, COND_RAND, COND_RATOR] THEN 3299METIS_TAC[holfoot_ap_gendl_data_list_seg_num___DATA_PROPS]); 3300 3301 3302val holfoot_ap_gendl_data_list_seg_num___EXP_DEFINED = 3303store_thm ("holfoot_ap_gendl_data_list_seg_num___EXP_DEFINED", 3304``!n data pn startExp endExp s. 3305 3306 (s IN holfoot_ap_gendl_data_list_seg_num n pn startExp data endExp ==> 3307 IS_SOME (startExp (FST s)) /\ IS_SOME (endExp (FST s)))``, 3308 3309Cases_on `n` THEN ( 3310 SIMP_TAC std_ss [holfoot_ap_gendl_data_list_seg_num_def, 3311 COND_RAND, COND_RATOR, asl_bool_EVAL, 3312 var_res_prop_equal_unequal_EXPAND, IN_ABS] 3313)); 3314 3315 3316val holfoot_ap_data_list_seg_num___EXP_DEFINED = 3317store_thm ("holfoot_ap_data_list_seg_num___EXP_DEFINED", 3318``!n data tl startExp endExp s. 3319 (s IN holfoot_ap_data_list_seg_num n tl startExp data endExp ==> 3320 IS_SOME (startExp (FST s)) /\ IS_SOME (endExp (FST s)))``, 3321 3322SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_def, 3323 COND_RAND, COND_RATOR, NOT_IN_asl_false] THEN 3324METIS_TAC[holfoot_ap_gendl_data_list_seg_num___EXP_DEFINED]); 3325 3326 3327 3328val holfoot_ap_gendl_data_list_seg_num___ELIM_DATA = 3329store_thm ("holfoot_ap_gendl_data_list_seg_num___ELIM_DATA", 3330``!data data' n pn startExp endExp s. 3331 ((!x. MEM x data' ==> MEM x data) /\ ALL_DISTINCT (MAP FST data') /\ 3332 (s IN holfoot_ap_gendl_data_list_seg_num n pn startExp data endExp)) ==> 3333 s IN holfoot_ap_gendl_data_list_seg_num n pn startExp data' endExp``, 3334 3335Induct_on `n` THENL [ 3336 SIMP_TAC std_ss [holfoot_ap_gendl_data_list_seg_num_def, 3337 asl_bool_EVAL, IN_ABS, EVERY_MEM, COND_RATOR, COND_RAND, 3338 ALL_DISTINCT, MEM_MAP] THEN 3339 METIS_TAC[], 3340 3341 3342 SIMP_TAC std_ss [holfoot_ap_gendl_data_list_seg_num_def, COND_RAND, COND_RATOR, 3343 asl_bool_EVAL] THEN 3344 REPEAT GEN_TAC THEN STRIP_TAC THEN 3345 FULL_SIMP_TAC std_ss [EVERY_MEM, ALL_DISTINCT, MEM_MAP] THEN 3346 Q.EXISTS_TAC `n'` THEN 3347 FULL_SIMP_TAC std_ss [asl_star_def, IN_ABS, asl_bool_EVAL] THEN 3348 Q.EXISTS_TAC `p` THEN 3349 Q.EXISTS_TAC `q` THEN 3350 ASM_SIMP_TAC std_ss [] THEN 3351 Tactical.REVERSE CONJ_TAC THENL [ 3352 Q.PAT_X_ASSUM `!data data'. X` MATCH_MP_TAC THEN 3353 Q.EXISTS_TAC `(MAP (\(t,l). (t,TL l)) data)` THEN 3354 ASM_SIMP_TAC std_ss [MAP_MAP_o, o_DEF, MEM_MAP, EXISTS_PROD, 3355 FORALL_PROD, 3356 PAIR_BETA_THM, prove (``(\ (x1,x2). x1) = FST``, SIMP_TAC std_ss [FUN_EQ_THM, FORALL_PROD])] THEN 3357 METIS_TAC[], 3358 3359 3360 MATCH_MP_TAC holfoot_ap_points_to___SUBMAP THEN 3361 Q.EXISTS_TAC `LIST_TO_FMAP (ZIP 3362 (MAP FST data, 3363 MAP (\x. var_res_exp_const (HD (SND x))) data))` THEN 3364 ASM_SIMP_TAC list_ss [MAP_MAP_o, LIST_TO_FMAP_THM, 3365 o_DEF, ZIP_MAP, MAP_ZIP_EQ] THEN 3366 SIMP_TAC std_ss [SUBMAP_DEF, FDOM_FUPDATE_LIST, IN_INSERT, 3367 FDOM_LIST_TO_FMAP, MEM_MAP, MAP_MAP_o, 3368 o_DEF, GSYM RIGHT_EXISTS_AND_THM, 3369 FDOM_FUPDATE] THEN 3370 GEN_TAC THEN 3371 REPEAT STRIP_TAC THEN1 PROVE_TAC[] THEN 3372 3373 MATCH_MP_TAC (prove (``(?z. (X = z) /\ (Y = z)) ==> (X = Y)``, PROVE_TAC[])) THEN 3374 CONSEQ_REWRITE_TAC ([LIST_TO_FMAP___ALL_DISTINCT], [], []) THEN 3375 ASM_SIMP_TAC std_ss [MEM_MAP, MAP_MAP_o, o_DEF, ETA_THM] THEN 3376 PROVE_TAC[] 3377 ] 3378]); 3379 3380 3381 3382val holfoot_ap_data_list_seg_num___ELIM_DATA = 3383store_thm ("holfoot_ap_data_list_seg_num___ELIM_DATA", 3384``!data data' n tl startExp endExp s. 3385 ((!x. MEM x data' ==> MEM x data) /\ ALL_DISTINCT (MAP FST data') /\ 3386 (s IN holfoot_ap_data_list_seg_num n tl startExp data endExp)) ==> 3387 s IN holfoot_ap_data_list_seg_num n tl startExp data' endExp``, 3388 3389SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_def] THEN 3390REPEAT STRIP_TAC THEN 3391Cases_on `MEM tl (MAP FST data)` THEN1 FULL_SIMP_TAC std_ss [NOT_IN_asl_false] THEN 3392`~(MEM tl (MAP FST data'))` by METIS_TAC[MEM_MAP] THEN 3393FULL_SIMP_TAC std_ss [] THEN 3394METIS_TAC[holfoot_ap_gendl_data_list_seg_num___ELIM_DATA]); 3395 3396 3397 3398val holfoot_ap_data_list_seg_num___ELIM_DATA___COMPLETE = 3399store_thm ("holfoot_ap_data_list_seg_num___ELIM_DATA___COMPLETE", 3400 3401``!data n tl startExp endExp s. 3402 s IN holfoot_ap_data_list_seg_num n tl startExp data endExp ==> 3403 s IN holfoot_ap_list_seg_num n tl startExp endExp``, 3404 3405SIMP_TAC std_ss [holfoot_ap_list_seg_num_def] THEN 3406REPEAT STRIP_TAC THEN 3407MATCH_MP_TAC holfoot_ap_data_list_seg_num___ELIM_DATA THEN 3408Q.EXISTS_TAC `data` THEN 3409ASM_SIMP_TAC list_ss []); 3410 3411 3412 3413 3414val holfoot_ap_data_list_seg_def = Define ` 3415 holfoot_ap_data_list_seg tl startExp data endExp = 3416 asl_exists n. holfoot_ap_data_list_seg_num n tl startExp data endExp` 3417 3418 3419val holfoot_ap_data_list_seg_REWRITE = store_thm ("holfoot_ap_data_list_seg_REWRITE", 3420``holfoot_ap_data_list_seg tl startExp data endExp = 3421 asl_or 3422 (asl_and (var_res_prop_equal DISJOINT_FMAP_UNION startExp endExp) 3423 (\s. EVERY (\x. NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data))) 3424 (asl_and (var_res_prop_weak_unequal startExp endExp) 3425 (asl_and (\s. (EVERY (\x. ~(NULL (SND x))) data) /\ 3426 ALL_DISTINCT (tl::MAP FST data)) 3427 asl_exists n'. 3428 asl_star holfoot_separation_combinator 3429 (holfoot_ap_points_to startExp 3430 (LIST_TO_FMAP (ZIP 3431 (tl::MAP FST data, 3432 MAP var_res_exp_const 3433 (n'::MAP (\x. HD (SND x)) data))))) 3434 (holfoot_ap_data_list_seg tl (var_res_exp_const n') 3435 (MAP (\ (t,l). (t,TL l)) data) endExp)))``, 3436 3437SIMP_TAC std_ss [EXTENSION, IN_ABS, asl_bool_EVAL, 3438 holfoot_ap_data_list_seg_def, 3439 GSYM asl_exists___asl_star_THM] THEN 3440REPEAT STRIP_TAC THEN EQ_TAC THEN REPEAT STRIP_TAC THENL [ 3441 Cases_on `n` THEN 3442 FULL_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3443 asl_bool_EVAL, IN_ABS, COND_RAND, COND_RATOR] THEN 3444 PROVE_TAC[], 3445 3446 Q.EXISTS_TAC `0` THEN 3447 ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3448 asl_bool_EVAL, asl_bool_REWRITES], 3449 3450 Q.EXISTS_TAC `SUC n` THEN 3451 ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3452 asl_bool_EVAL, asl_bool_REWRITES] THEN 3453 Q.EXISTS_TAC `n'` THEN 3454 ASM_REWRITE_TAC[] 3455]); 3456 3457 3458 3459val holfoot_ap_list_seg_def = Define ` 3460 holfoot_ap_list_seg tl startExp endExp = 3461 holfoot_ap_data_list_seg tl startExp [] endExp` 3462 3463 3464val holfoot_ap_list_seg_REWRITE = save_thm ("holfoot_ap_list_seg_REWRITE", 3465 let 3466 val thm0 = CONV_RULE (ONCE_REWRITE_CONV [holfoot_ap_data_list_seg_REWRITE]) holfoot_ap_list_seg_def; 3467 val thm1 = SIMP_RULE list_ss [asl_bool_REWRITES, LIST_TO_FMAP_def] thm0; 3468 val thm2 = CONV_RULE (ONCE_REWRITE_CONV [GSYM holfoot_ap_list_seg_def]) thm1; 3469 in 3470 thm2 3471 end); 3472 3473val holfoot_ap_data_list_def = Define ` 3474 holfoot_ap_data_list tl startExp data = 3475 holfoot_ap_data_list_seg tl startExp data (var_res_exp_const 0)` 3476 3477val holfoot_ap_list_def = Define ` 3478 holfoot_ap_list tl startExp = 3479 holfoot_ap_list_seg tl startExp (var_res_exp_const 0)` 3480 3481 3482 3483val holfoot_ap_data_list_seg___DATA_PROPS = 3484store_thm ("holfoot_ap_data_list_seg___DATA_PROPS", 3485``!data tl startExp endExp. 3486 3487 ~((?n. EVERY (\x. LENGTH (SND x) = n) data) /\ ALL_DISTINCT (tl::MAP FST data)) ==> 3488 (holfoot_ap_data_list_seg tl startExp data endExp = 3489 asl_false)``, 3490 3491SIMP_TAC std_ss [holfoot_ap_data_list_seg_def, EXTENSION, asl_bool_EVAL] THEN 3492METIS_TAC[asl_bool_EVAL, holfoot_ap_data_list_seg_num___DATA_PROPS]); 3493 3494 3495 3496val holfoot_ap_data_list_seg___NOT_EMPTY_DATA_DEF = 3497store_thm ("holfoot_ap_data_list_seg___NOT_EMPTY_DATA_DEF", 3498`` 3499holfoot_ap_data_list_seg tl startExp ((t, tvL)::data) endExp = 3500holfoot_ap_data_list_seg_num (LENGTH tvL) tl startExp ((t, tvL)::data) endExp``, 3501 3502SIMP_TAC std_ss [holfoot_ap_data_list_seg_def, 3503 EXTENSION, asl_bool_EVAL] THEN 3504REPEAT STRIP_TAC THEN (Tactical.REVERSE EQ_TAC) THEN1 METIS_TAC[] THEN 3505REPEAT STRIP_TAC THEN 3506Cases_on `LENGTH tvL = n` THEN ASM_REWRITE_TAC[] THEN 3507FULL_SIMP_TAC list_ss [holfoot_ap_data_list_seg_num___DATA_PROPS] THEN 3508FULL_SIMP_TAC std_ss [NOT_IN_asl_false]); 3509 3510 3511 3512val holfoot_ap_data_list_seg___NOT_EMPTY_DATA___0 = 3513store_thm ("holfoot_ap_data_list_seg___NOT_EMPTY_DATA___0", 3514``holfoot_ap_data_list_seg tl startExp ((t, [])::data) endExp = 3515 asl_trivial_cond (EVERY (\x. NULL (SND x)) data /\ 3516 ALL_DISTINCT (tl::t::MAP FST data)) 3517 (var_res_prop_equal DISJOINT_FMAP_UNION startExp endExp)``, 3518 3519SIMP_TAC list_ss [holfoot_ap_data_list_seg___NOT_EMPTY_DATA_DEF, 3520 asl_trivial_cond_def, 3521 holfoot_ap_data_list_seg_num_REWRITE]); 3522 3523 3524val holfoot_ap_data_list_seg___SAME_START_END = 3525store_thm ("holfoot_ap_data_list_seg___SAME_START_END", 3526``holfoot_ap_data_list_seg tl e data e = 3527 asl_trivial_cond (EVERY (\x. NULL (SND x)) data /\ 3528 ALL_DISTINCT (tl::MAP FST data)) 3529 (var_res_prop_equal DISJOINT_FMAP_UNION e e)``, 3530 3531ONCE_REWRITE_TAC [holfoot_ap_data_list_seg_REWRITE] THEN 3532SIMP_TAC std_ss [var_res_prop_equal_unequal_REWRITES, 3533 asl_bool_REWRITES] THEN 3534Q.MATCH_ABBREV_TAC `asl_and p (\s. c) = asl_trivial_cond c p` THEN 3535Cases_on `c` THEN 3536SIMP_TAC std_ss [asl_trivial_cond_def, asl_bool_REWRITES]); 3537 3538 3539 3540val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num = 3541store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num", 3542 3543``!vs n tl startExp data endExp. 3544 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp /\ 3545 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs endExp) ==> 3546 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_data_list_seg_num n tl startExp data endExp)``, 3547 3548 3549Induct_on `n` THENL [ 3550 SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE] THEN 3551 SIMP_TAC std_ss [COND_RAND, COND_RATOR, 3552 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 3553 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_false], 3554 3555 SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3556 COND_RATOR, COND_RAND, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_false, 3557 holfoot_separation_combinator_def] THEN 3558 CONSEQ_HO_REWRITE_TAC ([],[VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 3559 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_and, 3560 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 3561 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star, 3562 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 3563 FEVERY_STRENGTHEN_THM],[]) THEN 3564 3565 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 3566 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_weak_unequal] THEN 3567 REPEAT STRIP_TAC THEN 3568 MATCH_MP_TAC FEVERY_LIST_TO_FMAP THEN 3569 SIMP_TAC list_ss [ZIP_MAP, MAP_MAP_o, o_DEF, MAP_ZIP_EQ] THEN 3570 SIMP_TAC std_ss[EVERY_MAP, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] THEN 3571 SIMP_TAC std_ss [EVERY_MEM] 3572]); 3573 3574 3575val VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num = 3576save_thm ("VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num", 3577 3578SIMP_RULE std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 3579 GSYM VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF] 3580 (SPEC ``UNIV:holfoot_var set`` VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num) 3581); 3582 3583 3584 3585 3586val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg = 3587store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg", 3588 3589``!vs tl startExp data endExp. 3590 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp /\ 3591 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs endExp) ==> 3592 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_data_list_seg tl startExp data endExp)``, 3593 3594 3595SIMP_TAC std_ss [holfoot_ap_data_list_seg_def] THEN 3596REPEAT STRIP_TAC THEN 3597HO_MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct THEN 3598ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num]); 3599 3600 3601 3602val VAR_RES_IS_STACK_IMPRECISE___data_list_seg = 3603save_thm ("VAR_RES_IS_STACK_IMPRECISE___data_list_seg", 3604 3605SIMP_RULE std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 3606 GSYM VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF] 3607 (SPEC ``UNIV:holfoot_var set`` VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg) 3608 3609); 3610 3611 3612val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list = 3613store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list", 3614 3615``!vs tl startExp data. 3616 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs startExp) ==> 3617 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_data_list tl startExp data)``, 3618 3619SIMP_TAC std_ss [holfoot_ap_data_list_def, 3620 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 3621 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg]); 3622 3623 3624val VAR_RES_IS_STACK_IMPRECISE___data_list = 3625save_thm ("VAR_RES_IS_STACK_IMPRECISE___data_list", 3626 3627SIMP_RULE std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 3628 GSYM VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF] 3629 (SPEC ``UNIV:holfoot_var set`` VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list) 3630 3631); 3632 3633 3634 3635 3636val holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE = 3637store_thm ("holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE", 3638``(!tl data startExp endExp. 3639((holfoot_ap_data_list_seg_num 0 tl startExp data endExp) = \s. 3640 EVERY (\x. NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data) /\ 3641 s IN var_res_prop_equal DISJOINT_FMAP_UNION startExp endExp)) /\ 3642 3643(!n tl data startExp endExp. 3644(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 3645(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp))) ==> 3646 3647(holfoot_ap_data_list_seg_num (SUC n) tl startExp data endExp = \s. 3648 (EVERY (\x. ~NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data) /\ 3649 s IN var_res_prop_weak_unequal startExp endExp /\ 3650 ?n' s1 s2. (DISJOINT_FMAP_UNION (SOME s1) (SOME s2) = SOME (SND s)) /\ 3651 (FST s,s1) IN holfoot_ap_points_to startExp 3652 (LIST_TO_FMAP (ZIP (tl::MAP FST data, 3653 MAP var_res_exp_const (n'::MAP (\x. HD (SND x)) data)))) /\ 3654 (FST s,s2) IN 3655 (holfoot_ap_data_list_seg_num n tl (var_res_exp_const n') 3656 (MAP (\ (t,l). (t,TL l)) data) endExp))))``, 3657 3658SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_list_seg_num_REWRITE, 3659 asl_bool_EVAL, EXTENSION, IN_ABS, COND_RAND, COND_RATOR] THEN 3660REPEAT STRIP_TAC THEN 3661CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 3662GEN_TAC THEN 3663 3664Q.MATCH_ABBREV_TAC `s IN asl_star holfoot_separation_combinator P1 P2 = X` THEN 3665`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` suffices_by (STRIP_TAC THEN 3666 ASM_SIMP_TAC std_ss [holfoot_separation_combinator_def, 3667 asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS] 3668) THEN 3669UNABBREV_ALL_TAC THEN 3670CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___points_to, 3671 VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num, 3672 FEVERY_LIST_TO_FMAP], []) THEN 3673ASM_SIMP_TAC list_ss [ 3674 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 3675 ZIP_MAP, MAP_MAP_o, o_DEF, EVERY_MAP]); 3676 3677 3678 3679val var_res_prop_varlist_update___holfoot_ap_data_list_seg_num = 3680store_thm ("var_res_prop_varlist_update___holfoot_ap_data_list_seg_num", 3681``!vcL tl startExp data endExp n. 3682 IS_SOME 3683 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 3684 IS_SOME 3685 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp) ==> 3686 3687 (var_res_prop_varlist_update vcL 3688 (holfoot_ap_data_list_seg_num n tl startExp data endExp) = 3689 holfoot_ap_data_list_seg_num n tl (var_res_exp_varlist_update vcL startExp) 3690 data (var_res_exp_varlist_update vcL endExp))``, 3691 3692Induct_on `n` THEN1 ( 3693 SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE] THEN 3694 REPEAT STRIP_TAC THEN 3695 Q.ABBREV_TAC `c = EVERY (\x. NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data)` THEN 3696 Cases_on `c` THEN 3697 ASM_SIMP_TAC std_ss [var_res_prop_varlist_update___BOOL, 3698 var_res_prop_varlist_update___equal_unequal] 3699) THEN 3700 3701SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE] THEN 3702REPEAT STRIP_TAC THEN 3703Cases_on `EVERY (\x. ~NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data)` THEN 3704ASM_SIMP_TAC std_ss [var_res_prop_varlist_update___BOOL] THEN 3705 3706SIMP_TAC std_ss [var_res_prop_varlist_update___equal_unequal] THEN 3707AP_TERM_TAC THEN AP_TERM_TAC THEN 3708ONCE_REWRITE_TAC[FUN_EQ_THM] THEN 3709BETA_TAC THEN GEN_TAC THEN 3710Q.MATCH_ABBREV_TAC `var_res_prop_varlist_update vcL 3711 (asl_star holfoot_separation_combinator P1 P2) = X` THEN 3712Q.UNABBREV_TAC `X` THEN 3713 3714`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 3715 Q.UNABBREV_TAC `P1` THEN Q.UNABBREV_TAC `P2` THEN 3716 CONSEQ_REWRITE_TAC ([], [ 3717 VAR_RES_IS_STACK_IMPRECISE___points_to, 3718 VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num, 3719 FEVERY_LIST_TO_FMAP], []) THEN 3720 ASM_SIMP_TAC list_ss [MAP_MAP_o, o_DEF, ZIP_MAP, 3721 EVERY_MAP, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_const] 3722) THEN 3723Q.UNABBREV_TAC `P1` THEN Q.UNABBREV_TAC `P2` THEN 3724ASM_SIMP_TAC std_ss [var_res_prop_varlist_update___asl_star, 3725 holfoot_separation_combinator_def, 3726 var_res_prop_varlist_update___holfoot_ap_points_to, 3727 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_const] THEN 3728SIMP_TAC list_ss [o_f_LIST_TO_FMAP, ZIP_MAP, 3729 MAP_MAP_o, o_DEF, var_res_exp_varlist_update___const_EVAL]); 3730 3731 3732 3733 3734val var_res_prop_varlist_update___holfoot_ap_data_list_seg = 3735store_thm ("var_res_prop_varlist_update___holfoot_ap_data_list_seg", 3736``!vcL tl startExp data endExp. 3737 IS_SOME 3738 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 3739 IS_SOME 3740 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp) ==> 3741 3742 (var_res_prop_varlist_update vcL 3743 (holfoot_ap_data_list_seg tl startExp data endExp) = 3744 holfoot_ap_data_list_seg tl (var_res_exp_varlist_update vcL startExp) 3745 data (var_res_exp_varlist_update vcL endExp))``, 3746 3747SIMP_TAC std_ss [ 3748 holfoot_ap_data_list_seg_def, 3749 var_res_prop_varlist_update___BOOL, 3750 var_res_prop_varlist_update___holfoot_ap_data_list_seg_num]); 3751 3752 3753val var_res_prop_varlist_update___holfoot_ap_data_list = 3754store_thm ("var_res_prop_varlist_update___holfoot_ap_data_list", 3755``!vcL tl startExp data. 3756 IS_SOME 3757 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) ==> 3758 3759 (var_res_prop_varlist_update vcL 3760 (holfoot_ap_data_list tl startExp data) = 3761 holfoot_ap_data_list tl (var_res_exp_varlist_update vcL startExp) 3762 data)``, 3763 3764SIMP_TAC std_ss [ 3765 holfoot_ap_data_list_def, 3766 var_res_prop_varlist_update___holfoot_ap_data_list_seg, 3767 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_const, 3768 var_res_exp_varlist_update___const_EVAL]); 3769 3770 3771 3772 3773val holfoot_ap_data_list_seg_num___null = store_thm ("holfoot_ap_data_list_seg_num___null", 3774``!tl n data endExp. holfoot_ap_data_list_seg_num n tl (var_res_exp_const 0) data endExp = 3775 asl_trivial_cond ((n = 0) /\ EVERY (\x. NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data)) 3776 (var_res_prop_equal DISJOINT_FMAP_UNION endExp (var_res_exp_const 0))``, 3777 3778 3779Cases_on `n` THENL [ 3780 SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3781 COND_RAND, COND_RATOR, COND_EXPAND_IMP, 3782 asl_trivial_cond_def] THEN 3783 PROVE_TAC[var_res_prop_equal_symmetric], 3784 3785 SIMP_TAC arith_ss [holfoot_ap_data_list_seg_num_REWRITE, 3786 holfoot_ap_points_to___null, 3787 asl_false___asl_star_THM, asl_bool_REWRITES, 3788 asl_exists_ELIM, asl_trivial_cond_def] 3789]); 3790 3791 3792val holfoot_ap_data_list_seg___null = store_thm ("holfoot_ap_data_list_seg___null", 3793``!tl data endExp. holfoot_ap_data_list_seg tl (var_res_exp_const 0) data endExp = 3794 asl_trivial_cond 3795 (EVERY (\x. NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data)) 3796 (var_res_prop_equal DISJOINT_FMAP_UNION endExp (var_res_exp_const 0))``, 3797 3798SIMP_TAC std_ss [holfoot_ap_data_list_seg_def, 3799 holfoot_ap_data_list_seg_num___null, asl_exists_def, 3800 asl_trivial_cond_def, COND_RAND, COND_RATOR, EXTENSION, 3801 IN_ABS, asl_bool_EVAL] THEN 3802METIS_TAC[]); 3803 3804 3805 3806val holfoot_ap_data_list_seg_num_SUC___implies_in_heap = store_thm ("holfoot_ap_data_list_seg_num_SUC___implies_in_heap", 3807``!n B e1 e2 tl data sfb. 3808 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) ==> 3809 holfoot_implies_in_heap B 3810 (BAG_INSERT (holfoot_ap_data_list_seg_num (SUC n) tl e1 data e2) sfb) e1``, 3811 3812REPEAT STRIP_TAC THEN 3813ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3814 COND_RAND, COND_RATOR, 3815 holfoot_implies_in_heap_def, 3816 holfoot_implies_in_heap_pred___asl_false] THEN 3817REPEAT STRIP_TAC THEN 3818MATCH_MP_TAC holfoot_implies_in_heap_pred___asl_and THEN 3819DISJ2_TAC THEN 3820ASM_SIMP_TAC std_ss [holfoot_implies_in_heap_pred___asl_exists, 3821 holfoot_implies_in_heap_pred___asl_star] THEN 3822ASM_SIMP_TAC std_ss [ 3823 GSYM holfoot_implies_in_heap_def, 3824 holfoot_ap_points_to___implies_in_heap]); 3825 3826 3827val holfoot_ap_data_list_seg_num___implies_in_heap = store_thm ("holfoot_ap_data_list_seg_num___implies_in_heap", 3828``!e1 e2 B n tl data sfb. 3829 (var_res_implies_unequal DISJOINT_FMAP_UNION B e1 e2 /\ 3830 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 3831 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)) ==> 3832 3833 holfoot_implies_in_heap B 3834 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data e2) sfb) e1``, 3835 3836 3837Tactical.REVERSE (Cases_on `n`) THEN1 ( 3838 PROVE_TAC[holfoot_ap_data_list_seg_num_SUC___implies_in_heap] 3839) THEN 3840 3841SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3842 COND_RAND, COND_RATOR, 3843 holfoot_implies_in_heap_def, 3844 holfoot_implies_in_heap_pred___asl_false, 3845 SUB_BAG_EXISTS] THEN 3846REPEAT STRIP_TAC THEN 3847 3848FULL_SIMP_TAC std_ss [var_res_implies_unequal_def, 3849 BAG_INSERT_NOT_EMPTY, holfoot_separation_combinator_def, 3850 holfoot_implies_in_heap_pred_def] THEN 3851FULL_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 3852REPEAT GEN_TAC THEN STRIP_TAC THEN 3853Q.PAT_X_ASSUM `!s. X` (MP_TAC o Q.SPEC `(st, h1)`) THEN 3854ASM_REWRITE_TAC [] THEN 3855Q.PAT_X_ASSUM `(st2, h2) IN X` MP_TAC THEN 3856ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, 3857 var_res_bigstar_REWRITE_EXT, 3858 IN_ABS, IS_SEPARATION_COMBINATOR___FINITE_MAP, 3859 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 3860 asl_star_def, VAR_RES_COMBINATOR_REWRITE, 3861 IS_SOME_EXISTS, GSYM LEFT_EXISTS_AND_THM, 3862 GSYM RIGHT_EXISTS_AND_THM, EXISTS_PROD, 3863 asl_emp_DISJOINT_FMAP_UNION, IN_SING, 3864 DISJOINT_FMAP_UNION___FEMPTY] THEN 3865SIMP_TAC (std_ss++CONJ_ss) [GSYM LEFT_FORALL_IMP_THM] THEN 3866REPEAT GEN_TAC THEN STRIP_TAC THEN 3867`(e1 st = e1 p_1) /\ (e2 st = e2 p_1)` suffices_by (STRIP_TAC THEN 3868 ASM_SIMP_TAC std_ss [] 3869) THEN 3870CONSEQ_REWRITE_TAC ([],[ 3871 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_RIGHT], []) THEN 3872ASM_SIMP_TAC std_ss [] THEN 3873METIS_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO, 3874 VAR_RES_STACK_IS_SUBSTATE___TRANS]); 3875 3876 3877 3878val holfoot_ap_data_list_seg___implies_in_heap = store_thm ("holfoot_ap_data_list_seg___implies_in_heap", 3879``!e1 e2 B tl data sfb. 3880 (~(B = {||}) /\ 3881 (var_res_implies_unequal DISJOINT_FMAP_UNION B e1 e2) /\ 3882 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 3883 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)) ==> 3884 3885 (holfoot_implies_in_heap B 3886 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb) e1)``, 3887 3888SIMP_TAC std_ss [holfoot_implies_in_heap_def, 3889 holfoot_ap_data_list_seg_def, 3890 holfoot_implies_in_heap_pred___asl_exists, 3891 var_res_implies_unequal___asl_exists, 3892 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 3893SIMP_TAC std_ss [GSYM holfoot_implies_in_heap_def, 3894 holfoot_ap_data_list_seg_num___implies_in_heap]); 3895 3896 3897 3898val holfoot_ap_data_list___implies_in_heap_or_null = store_thm ("holfoot_ap_data_list___implies_in_heap_or_null", 3899``!B e1 tl data sfb. 3900 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) ==> 3901 (holfoot_implies_in_heap_or_null B 3902 (BAG_INSERT (holfoot_ap_data_list tl e1 data) sfb) e1)``, 3903 3904REPEAT STRIP_TAC THEN 3905SIMP_TAC std_ss [holfoot_ap_data_list_def, 3906 holfoot_implies_in_heap_or_null_def, 3907 holfoot_ap_data_list_seg_def, 3908 holfoot_implies_in_heap_pred___asl_exists] THEN 3909Cases_on `n` THENL [ 3910 SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_REWRITE, 3911 COND_RAND, COND_RATOR, holfoot_implies_in_heap_pred___asl_false] THEN 3912 ASM_SIMP_TAC std_ss [GSYM holfoot_implies_in_heap_or_null_def, 3913 holfoot_implies_in_heap_or_null___equal_null], 3914 3915 3916 SIMP_TAC std_ss [GSYM holfoot_implies_in_heap_or_null_def] THEN 3917 MATCH_MP_TAC holfoot_implies_in_heap___implies___or_null THEN 3918 ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num_SUC___implies_in_heap] 3919]); 3920 3921 3922 3923val holfoot_ap_data_list_seg___implies_in_heap___COMPUTE = store_thm ("holfoot_ap_data_list_seg___implies_in_heap___COMPUTE", 3924``!e1 e2 B tl data. 3925 var_res_implies_unequal DISJOINT_FMAP_UNION B e1 e2 ==> 3926 ~(B = {||}) /\ 3927 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 3928 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) ==> 3929 3930 (holfoot_implies_in_heap B 3931 {| holfoot_ap_data_list_seg tl e1 data e2 |} e1)``, 3932SIMP_TAC std_ss [holfoot_ap_data_list_seg___implies_in_heap]); 3933 3934 3935val holfoot_ap_data_list___implies_in_heap_or_null___COMPUTE = store_thm ("holfoot_ap_data_list___implies_in_heap_or_null___COMPUTE", 3936``!B e1 tl data. 3937 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) ==> 3938 (holfoot_implies_in_heap_or_null B 3939 {|holfoot_ap_data_list_seg tl e1 data (var_res_exp_const 0)|} e1)``, 3940SIMP_TAC std_ss [holfoot_ap_data_list___implies_in_heap_or_null, 3941 GSYM holfoot_ap_data_list_def]); 3942 3943 3944 3945 3946 3947val holfoot_ap_data_list_seg___var_res_prop_implies_eq___split = 3948store_thm ("holfoot_ap_data_list_seg___var_res_prop_implies_eq___split", 3949``!tl e1 e2 data sfb1 sfb2 wpb rpb. 3950 (var_res_implies_unequal DISJOINT_FMAP_UNION (BAG_UNION 3951 sfb1 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb2)) e1 e2) ==> 3952 3953 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1) /\ 3954 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2) ==> 3955 3956 (var_res_prop_implies_eq DISJOINT_FMAP_UNION (wpb, rpb) sfb1 3957 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb2) 3958 (BAG_INSERT (asl_exists c. 3959 asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 3960 (holfoot_ap_points_to e1 (LIST_TO_FMAP 3961 (ZIP (tl::MAP FST data, 3962 MAP var_res_exp_const (c::MAP (\x. HD (SND x)) data))))) 3963 (holfoot_ap_data_list_seg tl (var_res_exp_const c) (MAP (\(t,l). (t,TL l)) data) e2)) 3964 (BAG_INSERT (var_res_prop_unequal DISJOINT_FMAP_UNION e1 e2) 3965 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 3966 (EVERY (\x. ~NULL (SND x)) data /\ ALL_DISTINCT (tl::MAP FST data))) sfb2))))``, 3967 3968REPEAT STRIP_TAC THEN 3969`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 3970 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)` by ( 3971 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 3972) THEN 3973SIMP_TAC std_ss [var_res_prop_implies_eq_def] THEN 3974`var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 3975 (sfb1 + BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb2) = 3976 var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 3977 (BAG_UNION 3978 (sfb1 + BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb2) 3979 {|(var_res_prop_unequal DISJOINT_FMAP_UNION e1 e2)|})` by ( 3980 REWRITE_TAC [GSYM var_res_prop_implies_REWRITE] THEN 3981 MATCH_MP_TAC (MP_CANON var_res_implies_unequal___prop_implies) THEN 3982 ASM_REWRITE_TAC[] 3983) THEN 3984ASM_REWRITE_TAC[BAG_UNION_INSERT, BAG_UNION_EMPTY] THEN 3985POP_ASSUM (K ALL_TAC) THEN 3986Q.PAT_X_ASSUM `var_res_implies_unequal X Y e1 e2` (K ALL_TAC) THEN 3987 3988ASM_SIMP_TAC std_ss [ 3989 IS_SEPARATION_COMBINATOR___FINITE_MAP, 3990 var_res_prop___EQ] THEN 3991MATCH_MP_TAC (prove (``(A /\ (A ==> B)) ==> (A /\ B)``, PROVE_TAC[])) THEN 3992CONJ_TAC THEN1 ( 3993 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [var_res_prop___COND_UNION, var_res_prop___COND_INSERT, 3994 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 3995 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg, 3996 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_unequal] THEN 3997 CONSEQ_HO_REWRITE_TAC ([], [ 3998 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 3999 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star, 4000 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 4001 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg, 4002 FEVERY_LIST_TO_FMAP], []) THEN 4003 ASM_SIMP_TAC list_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_const, 4004 ZIP_MAP, MAP_MAP_o, o_DEF, 4005 EVERY_MAP, VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 4006) THEN 4007REPEAT STRIP_TAC THEN 4008 4009 4010FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 4011 var_res_prop___COND_UNION, var_res_prop___PROP_UNION, 4012 var_res_prop___PROP_INSERT, IN_ABS, 4013 GSYM RIGHT_EXISTS_AND_THM] THEN 4014 4015ASM_SIMP_TAC std_ss [var_res_bool_proposition_REWRITE, 4016 IN_ABS, asl_emp_DISJOINT_FMAP_UNION, asl_bool_EVAL, 4017 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 4018 var_res_prop_equal_unequal_EXPAND, 4019 IN_SING, DISJOINT_FMAP_UNION___FEMPTY] THEN 4020 4021ONCE_REWRITE_TAC[EXTENSION] THEN 4022SIMP_TAC std_ss [IN_ABS] THEN 4023REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 4024SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 4025 4026REPEAT GEN_TAC THEN 4027Q.PAT_X_ASSUM `VAR_RES_IS_STACK_IMPRECISE___USED_VARS XXX ($asl_exists XX)` 4028 (K ALL_TAC) THEN 4029Tactical.REVERSE ( 4030 Cases_on `?c1 c2. (e1 (FST x) = SOME c1) /\ (e2 (FST x) = SOME c2) /\ ~(c1 = c2)`) THEN1 ( 4031 Cases_on `e1 (FST x)` THEN Cases_on `e2 (FST x)` THEN 4032 FULL_SIMP_TAC std_ss [] 4033) THEN 4034DISCH_TAC THEN POP_ASSUM (K ALL_TAC) THEN 4035 4036CONV_TAC (LHS_CONV (ONCE_REWRITE_CONV [holfoot_ap_data_list_seg_REWRITE])) THEN 4037FULL_SIMP_TAC std_ss [] THEN 4038ASM_SIMP_TAC std_ss [asl_bool_EVAL, IN_ABS, 4039 var_res_prop_equal_unequal_EXPAND] THEN 4040SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_separation_combinator_def]); 4041 4042 4043 4044 4045 4046val holfoot_ap_data_list_seg_num___REWRITE_START_EXP = 4047store_thm ("holfoot_ap_data_list_seg_num___REWRITE_START_EXP", 4048`` 4049!n tl data startExp endExp startExp' s. 4050((startExp (FST s) = (startExp' (FST s))) /\ 4051(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp)) /\ 4052(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp')) /\ 4053(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp))) ==> 4054 4055(s IN (holfoot_ap_data_list_seg_num n tl startExp data endExp) = 4056 s IN (holfoot_ap_data_list_seg_num n tl startExp' data endExp))``, 4057 4058Cases_on `n` THEN ( 4059 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4060 var_res_prop_equal_unequal_EXPAND, IN_ABS, 4061 holfoot_ap_points_to_def, LET_THM] 4062)); 4063 4064 4065 4066 4067val holfoot_ap_data_list_seg_num___REWRITE_END_EXP = 4068store_thm ("holfoot_ap_data_list_seg_num___REWRITE_END_EXP", 4069`` 4070!n tl data startExp endExp endExp' s. 4071((endExp (FST s) = (endExp' (FST s))) /\ 4072(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp)) /\ 4073(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp)) /\ 4074(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp'))) ==> 4075 4076(s IN (holfoot_ap_data_list_seg_num n tl startExp data endExp) = 4077 s IN (holfoot_ap_data_list_seg_num n tl startExp data endExp'))``, 4078 4079 4080Induct_on `n` THEN ( 4081 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4082 var_res_prop_equal_unequal_EXPAND, IN_ABS] 4083) THEN 4084REPEAT STRIP_TAC THEN 4085REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 4086SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 4087REPEAT STRIP_TAC THEN 4088Q.PAT_X_ASSUM `!tl data. X` MATCH_MP_TAC THEN 4089ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL]); 4090 4091 4092 4093val holfoot_ap_data_list_seg_num___START_EXP_IN_FDOM = 4094store_thm ("holfoot_ap_data_list_seg_num___START_EXP_IN_FDOM", 4095``!n tl data startExp endExp s. 4096(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 4097(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp)) /\ 4098(s IN (holfoot_ap_data_list_seg_num (SUC n) tl startExp data endExp))) ==> 4099((IS_SOME (startExp (FST s)) /\ (THE (startExp (FST s)) IN FDOM (SND s))))``, 4100 4101SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4102 IN_ABS, holfoot_ap_points_to_def, LET_THM] THEN 4103REPEAT GEN_TAC THEN STRIP_TAC THEN 4104FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, 4105 FDOM_FUNION, IN_UNION, IN_SING]); 4106 4107 4108val holfoot_ap_data_list_seg_num___END_EXP_NOT_IN_FDOM = 4109store_thm ("holfoot_ap_data_list_seg_num___END_EXP_NOT_IN_FDOM", 4110``!n tl data startExp endExp s. 4111(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 4112(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp)) /\ 4113(s IN (holfoot_ap_data_list_seg_num n tl startExp data endExp))) ==> 4114s IN holfoot_not_in_heap endExp``, 4115 4116Induct_on `n` THEN1 ( 4117 SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4118 var_res_prop_equal_unequal_EXPAND, IN_ABS, LET_THM, 4119 asl_emp_DISJOINT_FMAP_UNION, IN_SING, FDOM_FEMPTY, NOT_IN_EMPTY, 4120 holfoot_not_in_heap_def, GSYM IS_SOME_EXISTS] 4121) THEN 4122SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, IN_ABS] THEN 4123REPEAT GEN_TAC THEN STRIP_TAC THEN 4124Q.ABBREV_TAC `data' = MAP (\ (t,l). (t,TL l)) data` THEN 4125Q.PAT_X_ASSUM `!tl data startExp. X` (MP_TAC o Q.SPECL [`tl`, `data'`, `var_res_exp_const n'`, `endExp`, `(FST (s:holfoot_state), s2)`]) THEN 4126ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4127 4128FULL_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS] THEN 4129Q.PAT_X_ASSUM `IS_SOME (endExp (FST s))` ASSUME_TAC THEN 4130Q.PAT_X_ASSUM `IS_SOME (startExp (FST s))` ASSUME_TAC THEN 4131FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, 4132 holfoot_not_in_heap_def, IS_SOME_EXISTS, 4133 FDOM_FUNION, IN_UNION, holfoot_ap_points_to_def, LET_THM, 4134 IN_SING, IN_ABS, var_res_prop_equal_unequal_EXPAND, GSYM LEFT_FORALL_IMP_THM] THEN 4135FULL_SIMP_TAC std_ss []); 4136 4137 4138 4139val holfoot_ap_data_list_seg_num___NULL_NOT_IN_FDOM = 4140store_thm ("holfoot_ap_data_list_seg_num___NULL_NOT_IN_FDOM", 4141``!n tl data startExp endExp s. 4142(s IN (holfoot_ap_data_list_seg_num n tl startExp data endExp)) ==> 4143~(0 IN FDOM (SND s))``, 4144 4145Induct_on `n` THEN1 ( 4146 SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4147 var_res_prop_equal_unequal_EXPAND, IN_ABS, LET_THM, 4148 asl_emp_DISJOINT_FMAP_UNION, IN_SING, FDOM_FEMPTY, NOT_IN_EMPTY, 4149 holfoot_not_in_heap_def, GSYM IS_SOME_EXISTS] 4150) THEN 4151SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num_REWRITE, IN_ABS, 4152 COND_RAND, COND_RATOR, asl_bool_EVAL, asl_star_def, 4153 holfoot_separation_combinator___REWRITE, 4154 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 4155 GSYM LEFT_FORALL_IMP_THM, FDOM_FUNION, IN_UNION] THEN 4156REPEAT GEN_TAC THEN STRIP_TAC THEN 4157Tactical.REVERSE CONJ_TAC THEN1 METIS_TAC[] THEN 4158FULL_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM, 4159 IN_SING]); 4160 4161 4162 4163val holfoot_ap_data_list_seg_num___SPLIT = store_thm ("holfoot_ap_data_list_seg_num___SPLIT", 4164``!n m e1 e2 tl data. 4165(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 4166 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)) ==> 4167 4168(holfoot_ap_data_list_seg_num (n+m) tl e1 data e2 = 4169 asl_and (holfoot_not_in_heap e2) 4170 asl_exists c. 4171 asl_star holfoot_separation_combinator 4172 (holfoot_ap_data_list_seg_num n tl e1 4173 (MAP (\x. (FST x, TAKE n (SND x))) data) (var_res_exp_const c)) 4174 (holfoot_ap_data_list_seg_num m tl (var_res_exp_const c) 4175 (MAP (\x. (FST x, DROP n (SND x))) data) e2))``, 4176 4177Induct_on `n` THEN1 ( 4178 SIMP_TAC (list_ss++boolSimps.ETA_ss) [holfoot_ap_data_list_seg_num_REWRITE, EVERY_MAP, 4179 MAP_MAP_o, o_DEF] THEN 4180 REPEAT GEN_TAC THEN 4181 Tactical.REVERSE (Cases_on `ALL_DISTINCT (tl::MAP FST data)`) THEN1 ( 4182 ASM_SIMP_TAC std_ss [GSYM ALL_DISTINCT, asl_false___asl_star_THM] THEN 4183 SIMP_TAC std_ss [asl_exists_ELIM, asl_bool_REWRITES] THEN 4184 METIS_TAC[holfoot_ap_data_list_seg_num___DATA_PROPS] 4185 ) THEN 4186 `MAP (\x. x) data = data` by ( 4187 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 4188 Induct_on `data` THEN ASM_SIMP_TAC list_ss [] 4189 ) THEN 4190 FULL_SIMP_TAC list_ss [] THEN POP_ASSUM (K ALL_TAC) THEN 4191 REPEAT STRIP_TAC THEN 4192 ASM_SIMP_TAC std_ss [EXTENSION, asl_bool_EVAL] THEN 4193 ASM_SIMP_TAC std_ss [ 4194 asl_star___VAR_RES_IS_STACK_IMPRECISE, 4195 holfoot_separation_combinator_def, IN_ABS, 4196 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 4197 VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num, 4198 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4199 GEN_TAC THEN 4200 SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 4201 asl_emp_DISJOINT_FMAP_UNION, DISJOINT_FMAP_UNION___FEMPTY, IN_SING, 4202 var_res_exp_const_def, COND_RAND, COND_RATOR, asl_bool_EVAL] THEN 4203 SIMP_TAC std_ss [GSYM var_res_exp_const_def] THEN 4204 Tactical.REVERSE (Cases_on `?c1. e1 (FST x) = SOME c1`) THEN1 ( 4205 Cases_on `e1 (FST x)` THEN FULL_SIMP_TAC std_ss [] THEN 4206 METIS_TAC [holfoot_ap_data_list_seg_num___EXP_DEFINED, optionTheory.option_CLAUSES] 4207 ) THEN 4208 Tactical.REVERSE (Cases_on `?c2. e2 (FST x) = SOME c2`) THEN1 ( 4209 Cases_on `e2 (FST x)` THEN FULL_SIMP_TAC std_ss [] THEN 4210 METIS_TAC [holfoot_ap_data_list_seg_num___EXP_DEFINED, optionTheory.option_CLAUSES] 4211 ) THEN 4212 FULL_SIMP_TAC std_ss [] THEN 4213 MATCH_MP_TAC (prove (``((A = B2) /\ (A ==> B1)) ==> (A = (B1 /\ B2))``, METIS_TAC[])) THEN 4214 CONJ_TAC THENL [ 4215 MATCH_MP_TAC holfoot_ap_data_list_seg_num___REWRITE_START_EXP THEN 4216 FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4217 SIMP_TAC std_ss [var_res_exp_const_def], 4218 4219 4220 4221 REPEAT STRIP_TAC THEN 4222 MATCH_MP_TAC holfoot_ap_data_list_seg_num___END_EXP_NOT_IN_FDOM THEN 4223 Q.EXISTS_TAC `m` THEN Q.EXISTS_TAC `tl` THEN 4224 Q.EXISTS_TAC `data` THEN Q.EXISTS_TAC `e1` THEN 4225 ASM_SIMP_TAC std_ss [] 4226 ] 4227) THEN 4228 4229REPEAT STRIP_TAC THEN 4230Tactical.REVERSE (Cases_on `ALL_DISTINCT (tl::MAP FST data)`) THEN1 ( 4231 ASM_SIMP_TAC (std_ss++boolSimps.ETA_ss) [ADD_CLAUSES, holfoot_ap_data_list_seg_num_REWRITE, 4232 MAP_MAP_o, o_DEF, asl_false___asl_star_THM, 4233 asl_exists_ELIM, asl_bool_REWRITES] 4234) THEN 4235Q.ABBREV_TAC `data1 = (MAP (\x. (FST x,TAKE (SUC n) (SND x))) data)` THEN 4236Q.ABBREV_TAC `data2 = (MAP (\x. (FST x,DROP (SUC n) (SND x))) data)` THEN 4237`ALL_DISTINCT (tl::MAP FST data1) /\ ALL_DISTINCT (tl::MAP FST data2)` by ( 4238 Q.UNABBREV_TAC `data1` THEN Q.UNABBREV_TAC `data2` THEN 4239 ASM_SIMP_TAC (std_ss++boolSimps.ETA_ss) [MAP_MAP_o, o_DEF] 4240) THEN 4241`EVERY (\x. LENGTH (SND x) = SUC n + m) data = 4242 (EVERY (\x. LENGTH (SND x) = SUC n) data1 /\ 4243 EVERY (\x. LENGTH (SND x) = m) data2)` by ( 4244 Q.UNABBREV_TAC `data1` THEN Q.UNABBREV_TAC `data2` THEN 4245 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 4246 Induct_on `data` THEN ( 4247 ASM_SIMP_TAC (list_ss++EQUIV_EXTRACT_ss) [] 4248 ) THEN 4249 REPEAT STRIP_TAC THEN 4250 EQ_TAC THEN STRIP_TAC THEN1 ( 4251 ASM_SIMP_TAC list_ss [] 4252 ) THEN 4253 `SND h = TAKE (SUC n) (SND h) ++ DROP (SUC n) (SND h)` by 4254 REWRITE_TAC[TAKE_DROP] THEN 4255 ONCE_ASM_REWRITE_TAC[] THEN (POP_ASSUM (K ALL_TAC)) THEN 4256 REWRITE_TAC[LENGTH_APPEND] THEN 4257 ASM_SIMP_TAC list_ss [] 4258) THEN 4259 4260Tactical.REVERSE (Cases_on `EVERY (\x. LENGTH (SND x) = SUC n + m) data`) THEN1 ( 4261 `(holfoot_ap_data_list_seg_num (SUC n + m) tl e1 data e2 = asl_false) /\ 4262 ((!c. (holfoot_ap_data_list_seg_num (SUC n) tl e1 data1 4263 (var_res_exp_const c)) = asl_false) \/ 4264 (!c. holfoot_ap_data_list_seg_num m tl (var_res_exp_const c) data2 e2 = 4265 asl_false))` by 4266 METIS_TAC[holfoot_ap_data_list_seg_num___DATA_PROPS] THEN 4267 ASM_SIMP_TAC std_ss [asl_false___asl_star_THM, asl_exists_ELIM, asl_bool_REWRITES] 4268) THEN 4269FULL_SIMP_TAC std_ss [ADD_CLAUSES, numTheory.NOT_SUC] THEN 4270 4271`EVERY (\x. ~(NULL (SND x))) data /\ 4272 EVERY (\x. ~(NULL (SND x))) data1` by ( 4273 FULL_SIMP_TAC std_ss [EVERY_MEM] THEN 4274 REPEAT STRIP_TAC THEN 4275 RES_TAC THEN 4276 Cases_on `SND x` THEN FULL_SIMP_TAC list_ss [] 4277) THEN 4278ASM_SIMP_TAC std_ss [asl_bool_EVAL, EXTENSION, holfoot_separation_combinator_def, 4279 asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS, 4280 VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num, 4281 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4282ASM_SIMP_TAC std_ss [ADD_CLAUSES, holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4283 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 4284 holfoot_separation_combinator_def, asl_bool_EVAL, IN_ABS] THEN 4285 4286GEN_TAC THEN 4287Tactical.REVERSE (Cases_on `x IN holfoot_not_in_heap e2`) THEN1 ( 4288 FULL_SIMP_TAC std_ss [holfoot_not_in_heap_def, IN_ABS] THEN 4289 Cases_on `e2 (FST x)` THEN FULL_SIMP_TAC std_ss [] THEN 4290 CCONTR_TAC THEN 4291 FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, holfoot_ap_points_to_def, IN_ABS, 4292 LET_THM] THEN 4293 FULL_SIMP_TAC std_ss [FDOM_FUNION, IN_UNION, IN_SING, 4294 var_res_prop_equal_unequal_EXPAND, IN_ABS, IS_SOME_EXISTS] THEN 4295 METIS_TAC[optionTheory.option_CLAUSES] 4296) THEN 4297ASM_SIMP_TAC std_ss [ 4298 asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS, 4299 VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num, 4300 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4301SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [IN_ABS, GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 4302 DISJOINT_FMAP_UNION___REWRITE, FDOM_FUNION, DISJOINT_UNION_BOTH, 4303 asl_bool_EVAL, holfoot_separation_combinator_def, 4304 MAP_MAP_o, o_DEF] THEN 4305 4306SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [DISJOINT_SYM] THEN 4307REPEAT STRIP_TAC THEN 4308 4309Q.PAT_X_ASSUM `!m' e1' e2'. X` (K ALL_TAC) THEN 4310 4311CONV_TAC (LHS_CONV (RESORT_EXISTS_CONV (fn [x1,x2,x3,x4,x5] => [x3,x5,x1,x2,x4]))) THEN 4312REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 4313SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [DISJOINT_SYM, FUNION_ASSOC] THEN 4314REPEAT STRIP_TAC THEN 4315 4316 4317Q.ABBREV_TAC `L = LIST_TO_FMAP (ZIP (tl::MAP FST data, 4318 MAP (var_res_exp_const:num -> holfoot_a_expression) (n'::MAP (\x. HD (SND x)) data)))` THEN 4319`(LIST_TO_FMAP (ZIP (tl::MAP FST data1, 4320 MAP var_res_exp_const (n'::MAP (\x. HD (SND x)) data1)))) = L` by ( 4321 Q.UNABBREV_TAC `L` THEN 4322 Q.UNABBREV_TAC `data1` THEN 4323 SIMP_TAC (std_ss++boolSimps.ETA_ss) [MAP_MAP_o, o_DEF] THEN 4324 `MAP (\x. HD (TAKE (SUC n) (SND x))) data = 4325 MAP (\x. HD (SND x)) data` 4326 suffices_by (STRIP_TAC THEN ASM_REWRITE_TAC[]) THEN 4327 4328 Q.PAT_X_ASSUM `EVERY X data` MP_TAC THEN 4329 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 4330 Induct_on `data` THEN 4331 ASM_SIMP_TAC list_ss [] THEN 4332 GEN_TAC THEN Cases_on `SND h` THEN 4333 SIMP_TAC list_ss [] 4334) THEN 4335ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 4336 4337Q.ABBREV_TAC `data1' = MAP (\ (t,l). (t,TL l)) data1` THEN 4338`(MAP (\x. (FST x,TAKE n (TL (SND x)))) data = data1') /\ 4339 (MAP (\x. (FST x,DROP n (TL (SND x)))) data = data2)` by ( 4340 Q.PAT_X_ASSUM `EVERY X data` MP_TAC THEN 4341 Q.UNABBREV_TAC `data1'` THEN Q.UNABBREV_TAC `data1` THEN 4342 Q.UNABBREV_TAC `data2` THEN 4343 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 4344 4345 Induct_on `data` THEN ASM_SIMP_TAC list_ss [] THEN 4346 GEN_TAC THEN Cases_on `SND h` THEN 4347 SIMP_TAC list_ss [] 4348) THEN 4349ASM_REWRITE_TAC[] THEN NTAC 2 (POP_ASSUM (K ALL_TAC)) THEN 4350 4351SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 4352REPEAT STRIP_TAC THEN 4353 4354SIMP_TAC std_ss [holfoot_not_in_heap_def, var_res_prop_equal_unequal_EXPAND, IN_ABS, 4355 var_res_exp_const_def, FDOM_FUNION, IN_UNION] THEN 4356Tactical.REVERSE (Cases_on `?c1 c2. (e1 (FST x) = SOME c1) /\ (e2 (FST x) = SOME c2)`) THEN1 ( 4357 Cases_on `e1 (FST x)` THEN SIMP_TAC std_ss [] THEN 4358 IMP_RES_TAC holfoot_ap_data_list_seg_num___EXP_DEFINED THEN 4359 Cases_on `e2 (FST x)` THEN FULL_SIMP_TAC std_ss [] 4360) THEN 4361FULL_SIMP_TAC std_ss [] THEN 4362 4363`FDOM s1 = {c1}` by ( 4364 FULL_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] 4365) THEN 4366FULL_SIMP_TAC std_ss [holfoot_not_in_heap_def, IN_ABS, 4367 FDOM_FUNION, IN_UNION, IN_SING] THEN 4368 4369Q.PAT_X_ASSUM `(FST x, es2) IN X` MP_TAC THEN 4370Cases_on `m` THENL [ 4371 ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4372 IN_ABS, var_res_prop_equal_unequal_EXPAND, var_res_exp_const_def], 4373 4374 STRIP_TAC THEN 4375 `c IN FDOM es2` by ( 4376 MP_TAC (Q.SPECL [`n''`, `tl`, `data2`, `var_res_exp_const c`, `e2`, `(FST (x:holfoot_state), es2)`] 4377 holfoot_ap_data_list_seg_num___START_EXP_IN_FDOM) THEN 4378 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4379 SIMP_TAC std_ss [var_res_exp_const_def] 4380 ) THEN 4381 Q.PAT_X_ASSUM `DISJOINT (FDOM es2) {c1}` MP_TAC THEN 4382 ASM_SIMP_TAC std_ss [DISJOINT_DEF, EXTENSION, IN_INTER, NOT_IN_EMPTY, 4383 IN_SING] THEN 4384 METIS_TAC[] 4385]); 4386 4387 4388 4389 4390 4391 4392val holfoot_ap_data_list_seg_num___SAME_START_END = store_thm ("holfoot_ap_data_list_seg_num___SAME_START_END", 4393``!n n' e1 e2 e1' e2' tl data data' st h1 h2 h. 4394(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 4395 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 4396 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1') /\ 4397 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2') /\ 4398 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h1 h /\ 4399 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h2 h /\ 4400 (st, h1) IN holfoot_ap_data_list_seg_num n tl e1 data e2 /\ 4401 (st, h2) IN holfoot_ap_data_list_seg_num n' tl e1' data' e2' /\ 4402 (e1 st = e1' st) /\ 4403 (e2 st = e2' st)) ==> (n = n')``, 4404 4405Induct_on `n` THEN1 ( 4406 Cases_on `n'` THEN ( 4407 SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4408 IN_ABS, var_res_prop_equal_unequal_EXPAND] 4409 ) 4410) THEN 4411Cases_on `n'` THEN ( 4412 SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4413 IN_ABS, var_res_prop_equal_unequal_EXPAND] 4414) THEN 4415REPEAT STRIP_TAC THEN 4416`n' = n'''` by ( 4417 `ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1 h /\ 4418 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1' h` by 4419 METIS_TAC[ASL_IS_SUBSTATE_INTRO, ASL_IS_SUBSTATE___TRANS, 4420 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 4421 NTAC 2 (POP_ASSUM MP_TAC) THEN 4422 FULL_SIMP_TAC list_ss [holfoot_ap_points_to_def, LET_THM, IN_ABS, 4423 LIST_TO_FMAP_THM, FEVERY_DEF, FDOM_FUPDATE, IN_INSERT, 4424 DISJ_IMP_THM, FORALL_AND_THM, FAPPLY_FUPDATE_THM, 4425 var_res_exp_const_def] THEN 4426 ASM_SIMP_TAC std_ss [ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION, IN_SING] 4427) THEN 4428`ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s2 h /\ 4429 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s2' h` by ( 4430 METIS_TAC[ASL_IS_SUBSTATE_INTRO, ASL_IS_SUBSTATE___TRANS, 4431 IS_SEPARATION_COMBINATOR___FINITE_MAP] 4432) THEN 4433Q.PAT_X_ASSUM `!n' e1 e2 e1' e2'. X` 4434 (MP_TAC o Q.SPECL [`n''`, 4435 `var_res_exp_const n'`, `e2`, 4436 `var_res_exp_const n'''`, `e2'`, `tl`, 4437 `(MAP (\ (t,l). (t,TL l)) data)`, 4438 `(MAP (\ (t,l). (t,TL l)) data')`, 4439 `st`, `s2`, `s2'`, `h`]) THEN 4440FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL]); 4441 4442 4443 4444 4445 4446val holfoot_ap_data_list_seg_num___SAME_LENGTH_START = store_thm ("holfoot_ap_data_list_seg_num___SAME_LENGTH_START", 4447``!n e1 e2 e1' e2' tl data data' st h1 h2 h. 4448(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 4449 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 4450 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1') /\ 4451 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2') /\ 4452 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h1 h /\ 4453 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h2 h /\ 4454 (st,h1) IN holfoot_ap_data_list_seg_num n tl e1 data e2 /\ 4455 (st,h2) IN holfoot_ap_data_list_seg_num n tl e1' data' e2' /\ 4456 (e1 st = e1' st)) ==> 4457 4458((e2 st = e2' st) /\ (h1 = h2) /\ 4459 (!x x'. (MEM x data /\ MEM x' data' /\ (FST x = FST x')) ==> 4460 (SND x = SND x')))``, 4461 4462 4463Induct_on `n` THEN1 ( 4464 SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4465 IN_ABS, var_res_prop_equal_unequal_EXPAND, asl_emp_DISJOINT_FMAP_UNION, IN_SING] THEN 4466 REPEAT GEN_TAC THEN STRIP_TAC THEN 4467 Cases_on `e2 st` THEN FULL_SIMP_TAC std_ss [] THEN 4468 Cases_on `e2' st` THEN FULL_SIMP_TAC std_ss [] THEN 4469 FULL_SIMP_TAC std_ss [EVERY_MEM, NULL_EQ] 4470) THEN 4471 4472SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4473 IN_ABS, var_res_prop_equal_unequal_EXPAND, asl_emp_DISJOINT_FMAP_UNION, IN_SING] THEN 4474REPEAT GEN_TAC THEN STRIP_TAC THEN 4475Q.PAT_X_ASSUM `!e1 e2 e1' e2'. X` (MP_TAC o 4476 Q.SPECL [`var_res_exp_const n'`, `e2`, `var_res_exp_const n'`, 4477 `e2'`, `tl`, `MAP (\ (t,l). (t,TL l)) data`, 4478 `MAP (\ (t,l). (t,TL l)) data'`, `st`, `s2`, `s2'`, `h`]) THEN 4479`?c1 c2 c2'. (e1 st = SOME c1) /\ (e1' st = SOME c1) /\ (e2 st = SOME c2) /\ (e2' st = SOME c2')` by 4480 METIS_TAC[IS_SOME_EXISTS] THEN 4481FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 4482 4483 4484`ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1 h /\ 4485 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1' h /\ 4486 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s2 h /\ 4487 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s2' h` by 4488 METIS_TAC[ASL_IS_SUBSTATE_INTRO, ASL_IS_SUBSTATE___TRANS, 4489 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 4490`(s1 = s1')` by ( 4491 REPEAT (Q.PAT_X_ASSUM `ASL_IS_SUBSTATE DISJOINT_FMAP_UNION X h` MP_TAC) THEN 4492 FULL_SIMP_TAC std_ss [holfoot_ap_points_to_def, 4493 LET_THM, IN_ABS, GSYM fmap_EQ_THM, IN_SING, 4494 ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION] 4495) THEN 4496`n'' = n'` by ( 4497 FULL_SIMP_TAC list_ss [holfoot_ap_points_to_def, LET_THM, IN_ABS, 4498 LIST_TO_FMAP_THM, FEVERY_DEF, FDOM_FUPDATE, IN_INSERT, 4499 DISJ_IMP_THM, FORALL_AND_THM, FAPPLY_FUPDATE_THM, 4500 var_res_exp_const_def] 4501) THEN 4502FULL_SIMP_TAC std_ss [] THEN 4503SIMP_TAC (std_ss++pairSimps.gen_beta_ss) [MEM_MAP, 4504 GSYM LEFT_FORALL_IMP_THM, GSYM LEFT_EXISTS_AND_THM, 4505 GSYM RIGHT_EXISTS_AND_THM] THEN 4506STRIP_TAC THEN 4507FULL_SIMP_TAC std_ss [] THEN 4508REPEAT STRIP_TAC THEN 4509`?d_h1 d_tl1 d_h2 d_tl2. 4510 ((SND x) = d_h1 :: d_tl1) /\ 4511 ((SND x') = d_h2 :: d_tl2)` by ( 4512 4513 Cases_on `SND x` THEN 4514 Cases_on `SND x'` THEN 4515 FULL_SIMP_TAC list_ss [EVERY_MEM] THEN 4516 METIS_TAC[EVERY_MEM, NULL] 4517) THEN 4518 4519`TL (d_h1::d_tl1) = TL (d_h2::d_tl2)` by METIS_TAC[] THEN 4520FULL_SIMP_TAC list_ss [] THEN 4521 4522FULL_SIMP_TAC list_ss [holfoot_ap_points_to_def, IN_ABS, 4523 LET_THM, FEVERY_DEF, FDOM_LIST_TO_FMAP, 4524 ZIP_MAP, MAP_MAP_o, o_DEF, DISJ_IMP_THM, FORALL_AND_THM, 4525 LIST_TO_FMAP_THM, FAPPLY_FUPDATE_THM, MEM_ZIP_EQ, MEM_MAP, 4526 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 4527 GSYM LEFT_FORALL_IMP_THM, IN_INSERT] THEN 4528 4529Q.PAT_X_ASSUM `!x''. MEM x'' data' ==> XXX x''` 4530 (MP_TAC o Q.SPEC `x'`) THEN 4531Q.PAT_X_ASSUM `!x''. MEM x'' data ==> XXX x''` 4532 (MP_TAC o Q.SPEC `x`) THEN 4533 4534`~(FST x' = tl)` by METIS_TAC[] THEN 4535ASM_SIMP_TAC (std_ss++CONJ_ss) [IS_SOME_EXISTS, 4536 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 4537 MAP_ZIP_EQ] THEN 4538 4539Q.ABBREV_TAC `L = (MAP (\x''. (FST x'',(var_res_exp_const (HD (SND x''))):holfoot_a_expression)) data)` THEN 4540Q.ABBREV_TAC `L' = (MAP (\x''. (FST x'',(var_res_exp_const (HD (SND x''))):holfoot_a_expression)) data')` THEN 4541 4542`ALL_DISTINCT (MAP FST L) /\ 4543 ALL_DISTINCT (MAP FST L') /\ 4544 MEM (FST x', var_res_exp_const d_h1) L /\ 4545 MEM (FST x', var_res_exp_const d_h2) L'` by ( 4546 UNABBREV_ALL_TAC THEN 4547 ASM_SIMP_TAC (std_ss++boolSimps.ETA_ss) [MAP_MAP_o, o_DEF, 4548 MEM_MAP, var_res_exp_eq_THM] THEN 4549 REPEAT STRIP_TAC THENL [ 4550 Q.EXISTS_TAC `x` THEN ASM_SIMP_TAC list_ss [], 4551 Q.EXISTS_TAC `x'` THEN ASM_SIMP_TAC list_ss [] 4552 ] 4553) THEN 4554`(LIST_TO_FMAP L ' (FST x') = (var_res_exp_const d_h1)) /\ 4555 (LIST_TO_FMAP L' ' (FST x') = (var_res_exp_const d_h2))` by ( 4556 METIS_TAC [LIST_TO_FMAP___ALL_DISTINCT] 4557) THEN 4558ASM_SIMP_TAC std_ss [var_res_exp_const_def]); 4559 4560 4561 4562val VAR_RES_FRAME_SPLIT___points_to___data_list_seg_num___REWRITE = store_thm ( 4563"VAR_RES_FRAME_SPLIT___points_to___data_list_seg_num___REWRITE", 4564``!e3 e1 e2 tl data L wpb rpb sfb_context sfb_split sfb_imp n. 4565 4566((tl IN FDOM L) /\ (L ' tl = e3) /\ (LIST_TO_SET (MAP FST data) SUBSET FDOM L) /\ 4567VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 4568VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 4569(FEVERY (\x. 4570 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 4571 (SND x))) L)) 4572==> 4573 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 4574 sfb_context 4575 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split) 4576 (BAG_INSERT (holfoot_ap_data_list_seg_num (SUC n) tl e1 data e2) sfb_imp) 4577 4578 4579 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_context) 4580 sfb_split 4581 (BAG_UNION (LIST_TO_BAG (MAP (\x. 4582 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 4583 (var_res_exp_const (HD (SND x)))) data)) 4584 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 4585 ((EVERY (\x. ~(NULL (SND x))) data) /\ 4586 ALL_DISTINCT (tl::MAP FST data))) 4587 (BAG_INSERT (var_res_prop_unequal DISJOINT_FMAP_UNION e1 e2) ( 4588 BAG_INSERT (holfoot_ap_data_list_seg_num n tl e3 (MAP (\x. (FST x, TL (SND x))) data) e2) sfb_imp) 4589 )))``, 4590 4591REPEAT STRIP_TAC THEN 4592SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 4593 VAR_RES_FRAME_SPLIT___REWRITE_OK_def, 4594 var_res_prop___COND_UNION, 4595 var_res_prop___COND_INSERT, 4596 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 4597 BAG_UNION_INSERT] THEN 4598REPEAT STRIP_TAC THEN 4599 4600`(!x. MEM x data ==> 4601 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 4602 (SET_OF_BAG (wpb + rpb)) (L ' (FST x))) /\ 4603 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 4604 (SET_OF_BAG (wpb + rpb)) e3` by ( 4605 4606 FULL_SIMP_TAC std_ss [SUBSET_DEF, 4607 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, FEVERY_DEF] THEN 4608 METIS_TAC[] 4609) THEN 4610 4611MATCH_MP_TAC (prove (``((A /\ B) /\ (A /\ B ==> (P = Q))) ==> 4612((A ==> P) = (B ==> Q))``, SIMP_TAC std_ss [])) THEN 4613CONJ_TAC THEN1 ( 4614 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, 4615 FINITE_LIST_TO_BAG, containerTheory.IN_LIST_TO_BAG] THEN 4616 SIMP_TAC std_ss [MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 4617 FORALL_PROD] THEN 4618 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num, 4619 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 4620 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 4621 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_unequal], 4622 []) THEN 4623 ASM_SIMP_TAC list_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] THEN 4624 REPEAT STRIP_TAC THEN 4625 RES_TAC THEN 4626 FULL_SIMP_TAC std_ss [] 4627) THEN 4628REPEAT STRIP_TAC THEN 4629 4630Q.ABBREV_TAC `sfb_const = sfb_imp + (sfb_rest + sfb_context)` THEN 4631ASM_SIMP_TAC std_ss [GSYM ASSOC_BAG_UNION, BAG_UNION_EMPTY, 4632 BAG_UNION_INSERT] THEN 4633 4634`var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) sfb_const` by ( 4635 Q.UNABBREV_TAC `sfb_const` THEN 4636 ASM_SIMP_TAC std_ss [var_res_prop___COND_UNION] 4637) THEN 4638 4639`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 4640 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)` by ( 4641 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 4642) THEN 4643ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 4644 var_res_prop___PROP_UNION, 4645 var_res_prop___COND_INSERT, 4646 var_res_prop___COND_UNION, IN_ABS, 4647 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 4648 holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 4649 COND_RATOR, COND_RAND, asl_bool_EVAL, 4650 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition] THEN 4651 4652SIMP_TAC std_ss [var_res_bool_proposition_REWRITE, 4653 var_res_prop_weak_unequal_def, 4654 var_res_prop_unequal_def, var_res_prop_weak_binexpression_def, 4655 asl_emp_DISJOINT_FMAP_UNION, var_res_prop_binexpression_def, 4656 IN_SING, IN_ABS, LET_THM, var_res_stack_proposition_def, 4657 DISJOINT_FMAP_UNION___FEMPTY] THEN 4658SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 4659Tactical.REVERSE (Cases_on `?c1 c2. (e1 (FST s) = SOME c1) /\ (e2 (FST s) = SOME c2)`) THEN1 ( 4660 SIMP_TAC std_ss [IS_SOME_EXISTS] THEN 4661 REPEAT STRIP_TAC THEN 4662 FULL_SIMP_TAC std_ss [] 4663) THEN 4664FULL_SIMP_TAC std_ss [] THEN 4665REPEAT STRIP_TAC THEN 4666 4667Q.ABBREV_TAC `eq_props:holfoot_a_proposition = var_res_prop___PROP DISJOINT_FMAP_UNION (wpb,rpb) 4668 (LIST_TO_BAG (MAP (\x. 4669 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 4670 (var_res_exp_const (HD (SND x)))) data))` THEN 4671 4672`eq_props = \s. 4673 ((SND s = FEMPTY) /\ 4674 (!v. v <: wpb ==> var_res_sl___has_write_permission v (FST s)) /\ 4675 (!v. v <: rpb ==> var_res_sl___has_read_permission v (FST s)) /\ 4676 EVERY (\x. (L ' (FST x) (FST s) = SOME (HD (SND x)))) data)` by ( 4677 4678 Q.PAT_X_ASSUM `FEVERY XXX L` MP_TAC THEN 4679 Q.PAT_X_ASSUM `XXX SUBSET FDOM L` MP_TAC THEN 4680 Q.UNABBREV_TAC `eq_props` THEN 4681 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 4682 REPEAT STRIP_TAC THEN 4683 SIMP_TAC (list_ss++EQUIV_EXTRACT_ss) [ 4684 var_res_prop___PROP___REWRITE, 4685 IS_SEPARATION_COMBINATOR___FINITE_MAP, IN_ABS, 4686 containerTheory.LIST_TO_BAG_def, EXTENSION] THEN 4687 Induct_on `data` THEN1 ( 4688 SIMP_TAC list_ss [ 4689 IS_SEPARATION_COMBINATOR___FINITE_MAP, IN_ABS, 4690 containerTheory.LIST_TO_BAG_def, 4691 var_res_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___FINITE_MAP, 4692 asl_emp_DISJOINT_FMAP_UNION, IN_SING, 4693 var_res_prop_stack_true_REWRITE] 4694 ) THEN 4695 ASM_SIMP_TAC list_ss [ 4696 IS_SEPARATION_COMBINATOR___FINITE_MAP, IN_ABS, 4697 containerTheory.LIST_TO_BAG_def, 4698 var_res_bigstar_REWRITE_EXT, INSERT_SUBSET] THEN 4699 REPEAT STRIP_TAC THEN 4700 Cases_on `h` THEN 4701 FULL_SIMP_TAC std_ss [] THEN 4702 Q.MATCH_ABBREV_TAC `x IN asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) P1 P2 = X` THEN 4703 `(VAR_RES_IS_STACK_IMPRECISE P1) /\ (VAR_RES_IS_STACK_IMPRECISE P2)` by ( 4704 Q.UNABBREV_TAC `P1` THEN 4705 Q.UNABBREV_TAC `P2` THEN 4706 CONSEQ_REWRITE_TAC ([], [ 4707 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 4708 VAR_RES_IS_STACK_IMPRECISE___var_res_bigstar], []) THEN 4709 FULL_SIMP_TAC std_ss [FEVERY_DEF, IS_SEPARATION_COMBINATOR___FINITE_MAP, 4710 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 4711 FEVERY_DEF, BAG_EVERY, IN_LIST_TO_BAG, MEM_MAP, 4712 DISJ_IMP_THM, FORALL_AND_THM, GSYM LEFT_FORALL_IMP_THM, 4713 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, FEVERY_DEF, 4714 SUBSET_DEF, IN_INSERT] THEN 4715 REPEAT STRIP_TAC THEN 4716 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal THEN 4717 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 4718 ) THEN 4719 ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 4720 IS_SEPARATION_COMBINATOR___FINITE_MAP, IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 4721 IN_ABS, DISJOINT_FMAP_UNION___FEMPTY] THEN 4722 Q.UNABBREV_TAC `P1` THEN 4723 Q.UNABBREV_TAC `X` THEN 4724 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 4725 asl_emp_DISJOINT_FMAP_UNION, IN_SING, var_res_exp_const_def, IS_SOME_EXISTS, 4726 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, DISJOINT_FMAP_UNION___FEMPTY] 4727) THEN 4728ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN Q.UNABBREV_TAC `eq_props` THEN 4729 4730ASM_SIMP_TAC (std_ss++CONJ_ss++EQUIV_EXTRACT_ss) [var_res_prop_equal_unequal_EXPAND, 4731 asl_bool_EVAL, IN_ABS, var_res_bool_proposition_REWRITE, 4732 asl_emp_DISJOINT_FMAP_UNION, IN_SING, 4733 DISJOINT_FMAP_UNION___FEMPTY, GSYM RIGHT_EXISTS_AND_THM, 4734 GSYM LEFT_EXISTS_AND_THM, var_res_exp_const_def, IS_SOME_EXISTS] THEN 4735 4736REPEAT STRIP_TAC THEN 4737 4738SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE] THEN 4739HO_MATCH_MP_TAC (prove (`` 4740((!s1 s2 s3. ((?n. X s1 n s2 s3) = Y s3 s2 s1))) ==> 4741((?s2 n' es1 es2. X s2 n' es1 es2) = (?s1' s1'' s2''. Y s1' s1'' s2''))``, 4742 METIS_TAC[])) THEN 4743 4744SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [FDOM_FUNION, 4745 DISJOINT_UNION_BOTH, DISJOINT_SYM] THEN 4746REPEAT STRIP_TAC THEN 4747`(!v. v <: wpb ==> var_res_sl___has_write_permission v (FST s)) /\ 4748 (!v. v <: rpb ==> var_res_sl___has_read_permission v (FST s))` by ( 4749 FULL_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 4750 IS_SEPARATION_COMBINATOR___FINITE_MAP] 4751) THEN 4752`FUNION (FUNION s1''' s1'') s2''' = FUNION s1'' (FUNION s1''' s2''')` by ( 4753 METIS_TAC[FUNION_ASSOC, FUNION_COMM] 4754) THEN 4755ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 4756 4757REPEAT STRIP_TAC THEN 4758Q.PAT_X_ASSUM `var_res_prop___PROP f (wpb,rpb) XX s` MP_TAC THEN 4759 4760ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 4761 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 4762 DISJOINT_FMAP_UNION___REWRITE] THEN 4763REPEAT STRIP_TAC THEN 4764Tactical.REVERSE (Cases_on `FDOM s1''' = {c1}`) THEN1 ( 4765 ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] 4766) THEN 4767`s1 = s1'''` by ( 4768 Q.PAT_X_ASSUM `X = SOME c1` ASSUME_TAC THEN 4769 REWRITE_TAC[GSYM fmap_EQ_THM] THEN 4770 FULL_SIMP_TAC std_ss [holfoot_ap_points_to_def, 4771 IN_ABS, LET_THM, IN_ABS, IN_SING] THEN 4772 `s1''' ' c1 = FUNION s1'' (FUNION s1''' s2''') ' c1` by ( 4773 FULL_SIMP_TAC std_ss [FUNION_DEF, IN_SING, DISJOINT_DEF, 4774 EXTENSION, IN_SING, IN_INTER, NOT_IN_EMPTY] 4775 ) THEN 4776 ASM_REWRITE_TAC[] THEN 4777 ASM_SIMP_TAC std_ss [FUNION_DEF, IN_SING] 4778) THEN 4779FULL_SIMP_TAC std_ss [] THEN 4780 4781ASM_SIMP_TAC list_ss [holfoot_ap_points_to_def, 4782 LET_THM, IN_ABS, ZIP_MAP, MAP_MAP_o, o_DEF, 4783 LIST_TO_FMAP_THM, FEVERY_DEF] THEN 4784ASM_SIMP_TAC (std_ss++CONJ_ss) [FDOM_FUPDATE, IN_INSERT, 4785 FDOM_LIST_TO_FMAP, 4786 MAP_MAP_o, o_DEF, IS_SOME_EXISTS, 4787 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 4788SIMP_TAC std_ss [DISJ_IMP_THM, FORALL_AND_THM, 4789 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, MEM_ZIP_EQ, 4790 FAPPLY_FUPDATE_THM, var_res_exp_const_def] THEN 4791`c1 <> 0` by ( 4792 Q.PAT_X_ASSUM `X = SOME c1` ASSUME_TAC THEN 4793 FULL_SIMP_TAC std_ss [holfoot_ap_points_to_def, 4794 IN_ABS, LET_THM] 4795) THEN 4796`!x''. MEM x'' data ==> ((if FST x'' = tl then 4797 K (SOME (s1''' ' c1 tl)) 4798 else 4799 LIST_TO_FMAP 4800 (MAP (\x. (FST x,K (SOME (HD (SND x))))) 4801 data) ' (FST x'')) (FST s) = 4802 SOME (HD (SND x'')))` by ( 4803 ASM_SIMP_TAC (std_ss++CONJ_ss) [FORALL_PROD, holfoot_ap_points_to_def, 4804 IN_ABS, LET_THM, FEVERY_DEF, IS_SOME_EXISTS, 4805 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 4806 REPEAT STRIP_TAC THEN 4807 FULL_SIMP_TAC std_ss [ALL_DISTINCT, MEM_MAP, MAP_ZIP_EQ] THEN 4808 `~(p_1 = tl)` by METIS_TAC[pairTheory.FST] THEN 4809 `LIST_TO_FMAP (MAP (\x. (FST x,(K (SOME (HD (SND x)))):holfoot_a_expression)) data) ' p_1 = (K (SOME (HD p_2)))` by ( 4810 MATCH_MP_TAC LIST_TO_FMAP___ALL_DISTINCT THEN 4811 SIMP_TAC std_ss [MAP_MAP_o, o_DEF, 4812 MEM_MAP, EXISTS_PROD] THEN 4813 METIS_TAC[] 4814 ) THEN 4815 ASM_SIMP_TAC std_ss [] 4816) THEN 4817ASM_SIMP_TAC std_ss [] THEN POP_ASSUM (K ALL_TAC) THEN 4818SIMP_TAC std_ss [GSYM EVERY_MEM] THEN 4819 4820`(EVERY (\x'. HD (SND x') = s1''' ' c1 (FST x')) data = 4821 EVERY (\x. L ' (FST x) (FST s) = SOME (HD (SND x))) data) /\ 4822 (e3 (FST s) = SOME (s1''' ' c1 tl))` by ( 4823 Tactical.REVERSE ( 4824 sg `(e3 (FST s) = SOME (s1''' ' c1 tl)) /\ 4825 EVERY (\x'. L ' (FST x') (FST s) = SOME (s1''' ' c1 (FST x'))) data`) THEN1 ( 4826 FULL_SIMP_TAC std_ss [EVERY_MEM, FORALL_PROD] THEN 4827 METIS_TAC[SOME_11] 4828 ) THEN 4829 Q.PAT_X_ASSUM `(FST s, s1''') IN XXXX` MP_TAC THEN 4830 ASM_SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_points_to_def, IN_ABS, 4831 LET_THM, FEVERY_DEF, IS_SOME_EXISTS, 4832 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 4833 EVERY_MEM] THEN 4834 REPEAT STRIP_TAC THENL [ 4835 METIS_TAC[], 4836 4837 `FST x' IN FDOM L` suffices_by ASM_SIMP_TAC std_ss [] THEN 4838 FULL_SIMP_TAC std_ss [SUBSET_DEF, MEM_MAP, GSYM LEFT_FORALL_IMP_THM] 4839 ] 4840) THEN 4841ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 4842REPEAT STRIP_TAC THEN 4843 4844Q.ABBREV_TAC `data' = (MAP (\ (t,l). (t,TL l)) data)` THEN 4845`MAP (\x. (FST x,TL (SND x))) data = data'` by ( 4846 Q.UNABBREV_TAC `data'` THEN 4847 AP_THM_TAC THEN AP_TERM_TAC THEN 4848 SIMP_TAC std_ss [FUN_EQ_THM, FORALL_PROD] 4849) THEN 4850ASM_SIMP_TAC std_ss [] THEN 4851 4852MATCH_MP_TAC holfoot_ap_data_list_seg_num___REWRITE_START_EXP THEN 4853ASM_SIMP_TAC std_ss [] THEN 4854 4855FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 4856 GSYM var_res_exp_const_def, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 4857 FEVERY_DEF] THEN 4858METIS_TAC[]); 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870val VAR_RES_FRAME_SPLIT___points_to___data_list_seg_num = store_thm ("VAR_RES_FRAME_SPLIT___points_to___data_list_seg_num", 4871``!e3 e1 e2 tl data L wpb rpb wpb' sfb_context sfb_split sfb_imp sfb_restP sr n. 4872 4873((tl IN FDOM L) /\ (L ' tl = e3) /\ (LIST_TO_SET (MAP FST data) SUBSET FDOM L) /\ 4874VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 4875VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 4876(FEVERY (\x. 4877 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 4878 (SND x))) L)) 4879==> 4880 4881((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 4882 sfb_context 4883 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split) 4884 (BAG_INSERT (holfoot_ap_data_list_seg_num (SUC n) tl e1 data e2) sfb_imp) sfb_restP) = 4885(VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 4886 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_context) 4887 sfb_split 4888 (BAG_UNION (LIST_TO_BAG (MAP (\x. 4889 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 4890 (var_res_exp_const (HD (SND x)))) data)) 4891 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 4892 ((EVERY (\x. ~(NULL (SND x))) data) /\ 4893 ALL_DISTINCT (tl::MAP FST data))) 4894 (BAG_INSERT (var_res_prop_unequal DISJOINT_FMAP_UNION e1 e2) ( 4895 BAG_INSERT (holfoot_ap_data_list_seg_num n tl e3 (MAP (\x. (FST x, TL (SND x))) data) e2) sfb_imp) 4896 ))) sfb_restP))``, 4897 4898 4899REPEAT STRIP_TAC THEN 4900MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 4901MATCH_MP_TAC VAR_RES_FRAME_SPLIT___points_to___data_list_seg_num___REWRITE THEN 4902ASM_REWRITE_TAC[]); 4903 4904 4905 4906 4907 4908 4909val VAR_RES_FRAME_SPLIT___points_to___data_list_seg___REWRITE = store_thm ( 4910"VAR_RES_FRAME_SPLIT___points_to___data_list_seg___REWRITE", 4911``!e3 e1 e2 tl data L wpb rpb sfb_context sfb_split sfb_imp. 4912 4913((tl IN FDOM L) /\ (L ' tl = e3) /\ (LIST_TO_SET (MAP FST data) SUBSET FDOM L) /\ 4914(var_res_implies_unequal DISJOINT_FMAP_UNION 4915 (sfb_context + (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split)) e1 e2) /\ 4916VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 4917VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 4918(FEVERY (\x. 4919 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 4920 (SND x))) L)) 4921==> 4922 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 4923 sfb_context 4924 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split) 4925 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb_imp) 4926 4927 4928 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_context) 4929 sfb_split 4930 (BAG_UNION (LIST_TO_BAG (MAP (\x. 4931 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 4932 (var_res_exp_const (HD (SND x)))) data)) 4933 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 4934 ((EVERY (\x. ~(NULL (SND x))) data) /\ 4935 ALL_DISTINCT (tl::MAP FST data))) ( 4936 BAG_INSERT (holfoot_ap_data_list_seg tl e3 (MAP (\x. (FST x, TL (SND x))) data) e2) sfb_imp) 4937 ))``, 4938 4939 4940REPEAT STRIP_TAC THEN 4941`(!x. MEM x data ==> 4942 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 4943 (SET_OF_BAG (wpb + rpb)) (L ' (FST x))) /\ 4944 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 4945 (SET_OF_BAG (wpb + rpb)) e3` by ( 4946 4947 FULL_SIMP_TAC std_ss [SUBSET_DEF, 4948 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, FEVERY_DEF] THEN 4949 METIS_TAC[] 4950) THEN 4951 4952MP_TAC (Q.SPECL [`e3`, `e1`, `e2`, `tl`, `data`, `L`, `wpb`, `rpb`, `sfb_context`, 4953 `sfb_split`, `sfb_imp`] VAR_RES_FRAME_SPLIT___points_to___data_list_seg_num___REWRITE) THEN 4954ASM_SIMP_TAC std_ss [BAG_UNION_INSERT, 4955 prove ( 4956 ``BAG_INSERT sf (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data e2) B) = 4957 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data e2) (BAG_INSERT sf B))``, 4958 PROVE_TAC[bagTheory.BAG_INSERT_commutes]), 4959 prove ( 4960 ``BAG_INSERT sf (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) B) = 4961 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) (BAG_INSERT sf B))``, 4962 PROVE_TAC[bagTheory.BAG_INSERT_commutes])] THEN 4963STRIP_TAC THEN 4964POP_ASSUM (fn thm => 4965 MP_TAC (HO_PART_MATCH 4966 (el 3 o strip_conj o fst o dest_imp o snd o strip_forall) 4967 VAR_RES_FRAME_SPLIT___REWRITE_OK___exists_imp 4968 (concl thm)) THEN 4969 ASM_REWRITE_TAC[thm]) THEN 4970ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num] THEN 4971 4972 4973 4974ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_def, 4975 prove ( 4976 ``BAG_INSERT sf (BAG_INSERT (var_res_prop_unequal f e1 e2) B) = 4977 (BAG_INSERT (var_res_prop_unequal f e1 e2) (BAG_INSERT sf B))``, 4978 PROVE_TAC[bagTheory.BAG_INSERT_commutes])] THEN 4979 4980Q.ABBREV_TAC `sfb_imp' = (BAG_INSERT 4981 (asl_exists n. 4982 holfoot_ap_data_list_seg_num n tl e3 4983 (MAP (\x. (FST x,TL (SND x))) data) e2) 4984 (BAG_INSERT 4985 (var_res_bool_proposition DISJOINT_FMAP_UNION 4986 (EVERY (\x. ~NULL (SND x)) data /\ 4987 ALL_DISTINCT (tl::MAP FST data))) 4988 (LIST_TO_BAG (MAP 4989 (\x. var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 4990 (var_res_exp_const (HD (SND x)))) data) + sfb_imp)))` THEN 4991 4992 4993`var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) sfb_imp' = 4994 var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) sfb_imp` by ( 4995 Q.UNABBREV_TAC `sfb_imp'` THEN 4996 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [var_res_prop___COND_INSERT, 4997 var_res_prop___COND_UNION, 4998 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 4999 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num, 5000 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition] THEN 5001 REPEAT STRIP_TAC THEN 5002 SIMP_TAC std_ss [var_res_prop___COND___REWRITE, 5003 FINITE_LIST_TO_BAG, IN_LIST_TO_BAG, MEM_MAP, 5004 GSYM LEFT_FORALL_IMP_THM, IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 5005 REPEAT STRIP_TAC THEN1 ( 5006 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE] 5007 ) THEN 5008 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 5009 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 5010) THEN 5011 5012ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [VAR_RES_FRAME_SPLIT___REWRITE_OK_def, 5013 var_res_prop___COND_INSERT, 5014 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num, 5015 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 5016 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_unequal, 5017 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 5018 BAG_UNION_INSERT, BAG_UNION_EMPTY] THEN 5019REPEAT STRIP_TAC THEN 5020 5021Q.PAT_X_ASSUM `!sfb_rest s. X` (MP_TAC o Q.SPECL [`sfb_rest`, `s`]) THEN 5022ASM_SIMP_TAC std_ss [] THEN 5023 5024`?c1 c2. (e1 (FST s) = SOME c1) /\ (e2 (FST s) = SOME c2) /\ ~(c1 = c2)` by ( 5025 `s IN var_res_prop_weak_unequal e1 e2` suffices_by (STRIP_TAC THEN 5026 FULL_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS, 5027 IS_SOME_EXISTS] THEN 5028 Q.PAT_X_ASSUM `~(THE X = THE Y)` MP_TAC THEN 5029 ASM_SIMP_TAC std_ss [] 5030 ) THEN 5031 MATCH_MP_TAC var_res_implies_unequal___var_res_prop___PROP THEN 5032 Q.EXISTS_TAC `DISJOINT_FMAP_UNION` THEN 5033 Q.EXISTS_TAC `wpb` THEN Q.EXISTS_TAC `rpb` THEN 5034 Q.EXISTS_TAC `sfb_context + BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split` THEN 5035 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 5036 IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_UNION_EMPTY, BAG_UNION_INSERT, IN_DEF] THEN 5037 METIS_TAC[COMM_BAG_UNION] 5038) THEN 5039 5040 5041Q.ABBREV_TAC `sfb1 = sfb_imp + (sfb_rest + sfb_context)` THEN 5042Q.ABBREV_TAC `sfb2 = BAG_INSERT (holfoot_ap_points_to e1 L) 5043 (sfb_imp' + (sfb_rest + sfb_context))` THEN 5044 5045MATCH_MP_TAC (prove (``((A = A') /\ (B = B')) ==> ((A = B) ==> (A' = B'))``, 5046 SIMP_TAC std_ss [])) THEN 5047 5048CONJ_TAC THENL [ 5049 ASM_SIMP_TAC std_ss [var_res_prop___PROP___asl_exists, 5050 IS_SEPARATION_COMBINATOR___FINITE_MAP, asl_bool_EVAL] THEN 5051 EQ_TAC THEN STRIP_TAC THEN1 ( 5052 Q.EXISTS_TAC `SUC n` THEN ASM_REWRITE_TAC[] 5053 ) THEN 5054 Tactical.REVERSE (Cases_on `n`) THEN1 ( 5055 Q.EXISTS_TAC `n'` THEN ASM_REWRITE_TAC[] 5056 ) THEN 5057 `var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) sfb1` by ( 5058 Q.UNABBREV_TAC `sfb1` THEN 5059 ASM_REWRITE_TAC [var_res_prop___COND_UNION] 5060 ) THEN 5061 Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 5062 MATCH_MP_TAC (prove (``~A ==> (A ==> B)``, SIMP_TAC std_ss [])) THEN 5063 ASM_SIMP_TAC std_ss [ 5064 holfoot_ap_data_list_seg_num_REWRITE, COND_RAND, COND_RATOR, 5065 var_res_prop___PROP___asl_false, asl_bool_EVAL] THEN 5066 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 5067 var_res_prop___COND_INSERT, IN_ABS, 5068 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal] THEN 5069 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS], 5070 5071 5072 `var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) sfb2` by ( 5073 Q.UNABBREV_TAC `sfb2` THEN 5074 ASM_SIMP_TAC std_ss [var_res_prop___COND_UNION, 5075 var_res_prop___COND_INSERT, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to] 5076 ) THEN 5077 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 5078 var_res_prop___COND_INSERT, VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_unequal, 5079 IN_ABS] THEN 5080 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, 5081 IN_ABS, asl_emp_DISJOINT_FMAP_UNION, IN_SING, DISJOINT_FMAP_UNION___FEMPTY] THEN 5082 SIMP_TAC std_ss [IN_DEF] 5083]) 5084 5085 5086 5087 5088val VAR_RES_FRAME_SPLIT___points_to___data_list_seg = store_thm ("VAR_RES_FRAME_SPLIT___points_to___data_list_seg", 5089``!e1 e2 tl data L wpb rpb wpb' sfb_context sfb_split sfb_imp sfb_restP sr. 5090 5091var_res_implies_unequal DISJOINT_FMAP_UNION 5092 (sfb_context + (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split)) e1 e2 ==> 5093((tl IN FDOM L) /\ (LIST_TO_SET (MAP FST data) SUBSET FDOM L) /\ 5094VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5095VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5096(FEVERY (\x. 5097 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) 5098 (SND x))) L)) 5099==> 5100 5101((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5102 sfb_context 5103 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_split) 5104 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data e2) sfb_imp) sfb_restP) = 5105(VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5106 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb_context) 5107 sfb_split 5108 (BAG_UNION (LIST_TO_BAG (MAP (\x. 5109 var_res_prop_equal DISJOINT_FMAP_UNION (L ' (FST x)) 5110 (var_res_exp_const (HD (SND x)))) data)) 5111 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5112 ((EVERY (\x. ~(NULL (SND x))) data) /\ 5113 ALL_DISTINCT (tl::MAP FST data))) ( 5114 BAG_INSERT (holfoot_ap_data_list_seg tl (L ' tl) (MAP (\x. (FST x, TL (SND x))) data) e2) sfb_imp) 5115 )) sfb_restP))``, 5116 5117 5118REPEAT STRIP_TAC THEN 5119MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 5120MATCH_MP_TAC VAR_RES_FRAME_SPLIT___points_to___data_list_seg___REWRITE THEN 5121ASM_REWRITE_TAC[]); 5122 5123 5124 5125 5126val VAR_RES_FRAME_SPLIT___data_list_seg_num___SAME_LENGTH___REMOVE___REWRITE = store_thm ( 5127"VAR_RES_FRAME_SPLIT___data_list_seg_num___SAME_LENGTH___REMOVE___REWRITE", 5128``!wpb rpb e1 e2 e3 tl data1 data2 sfb_context sfb_split sfb_imp n. 5129((LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5130 ALL_DISTINCT (MAP FST data2) /\ 5131 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5132 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5133 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5134 5135(VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5136 sfb_context 5137 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5138 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data2 e3) sfb_imp) 5139 5140 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_context) 5141 sfb_split 5142 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e2 e3) 5143 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5144 (EVERY (\x. MEM x data1) data2)) sfb_imp)))``, 5145 5146REPEAT STRIP_TAC THEN 5147ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5148 var_res_prop___COND_INSERT, 5149 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num, 5150 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 5151 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 5152 BAG_UNION_INSERT] THEN 5153REPEAT STRIP_TAC THEN 5154 5155Q.ABBREV_TAC `sfb_const = sfb_imp + (sfb_rest + sfb_context)` THEN 5156ASM_SIMP_TAC std_ss [GSYM ASSOC_BAG_UNION, BAG_UNION_EMPTY, 5157 BAG_UNION_INSERT] THEN 5158`var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) sfb_const` by ( 5159 Q.UNABBREV_TAC `sfb_const` THEN 5160 ASM_SIMP_TAC std_ss [var_res_prop___COND_UNION] 5161) THEN 5162 5163Q.PAT_X_ASSUM `var_res_prop___PROP f X Y s` MP_TAC THEN 5164 5165ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 5166 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 5167 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num, 5168 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 5169 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition] THEN 5170 5171ASM_SIMP_TAC std_ss [IN_ABS, var_res_bool_proposition_REWRITE, 5172 asl_emp_DISJOINT_FMAP_UNION, IN_SING, var_res_prop_equal_unequal_EXPAND, 5173 DISJOINT_FMAP_UNION___FEMPTY] THEN 5174 5175REPEAT STRIP_TAC THEN 5176`?c1 c2. (e1 (FST s) = SOME c1) /\ (e2 (FST s) = SOME c2)` by ( 5177 IMP_RES_TAC holfoot_ap_data_list_seg_num___EXP_DEFINED THEN 5178 FULL_SIMP_TAC std_ss [IS_SOME_EXISTS] 5179) THEN 5180Tactical.REVERSE (Cases_on `?c3. (e3 (FST s) = SOME c3)`) THEN1 ( 5181 Cases_on `e3 (FST s)` THEN 5182 FULL_SIMP_TAC std_ss [] THEN 5183 CCONTR_TAC THEN FULL_SIMP_TAC std_ss [] THEN 5184 IMP_RES_TAC holfoot_ap_data_list_seg_num___EXP_DEFINED THEN 5185 FULL_SIMP_TAC std_ss [IS_SOME_EXISTS] THEN 5186 FULL_SIMP_TAC std_ss [] 5187) THEN 5188FULL_SIMP_TAC std_ss [GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 5189 5190HO_MATCH_MP_TAC (prove (``(?s1' s2'. 5191(((!s1 s2. P s1 s2 ==> (s1 = s1') /\ (s2 = s2')) /\ 5192 (!s1 s2. P' s1 s2 ==> (s1 = s1') /\ (s2 = s2'))) /\ 5193(P s1' s2' = P' s1' s2'))) ==> 5194((?s1 s2. P s1 s2) = (?s1 s2. P' s1 s2))``, METIS_TAC[])) THEN 5195Q.EXISTS_TAC `s1` THEN Q.EXISTS_TAC `s2` THEN 5196ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 5197 5198REPEAT CONJ_TAC THENL [ 5199 CONV_TAC (RENAME_VARS_CONV ["sp1", "sp2"]) THEN 5200 REPEAT GEN_TAC THEN STRIP_TAC THEN 5201 `sp1 = s1` by ( 5202 MP_TAC (Q.SPECL [`n`, `e1`, `e2`, `e1`, `e3`, `tl`, `data1`, 5203 `data2`, `FST (s:holfoot_state)`, `s1`, `sp1`, `SND (s:holfoot_state)`] 5204 holfoot_ap_data_list_seg_num___SAME_LENGTH_START) THEN 5205 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 5206 METIS_TAC[IS_SEPARATION_COMBINATOR___FINITE_MAP, ASL_IS_SUBSTATE_INTRO] 5207 ) THEN 5208 METIS_TAC[DISJOINT_FMAP_UNION___CANCELLATIVE], 5209 5210 CONV_TAC (RENAME_VARS_CONV ["sp1", "sp2"]) THEN 5211 REPEAT GEN_TAC THEN STRIP_TAC THEN 5212 `sp1 = s1` by ( 5213 MP_TAC (Q.SPECL [`n`, `e1`, `e2`, `e1`, `e2`, `tl`, `data1`, 5214 `data1`, `FST (s:holfoot_state)`, `s1`, `sp1`, `SND (s:holfoot_state)`] 5215 holfoot_ap_data_list_seg_num___SAME_LENGTH_START) THEN 5216 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 5217 METIS_TAC[IS_SEPARATION_COMBINATOR___FINITE_MAP, ASL_IS_SUBSTATE_INTRO] 5218 ) THEN 5219 METIS_TAC[DISJOINT_FMAP_UNION___CANCELLATIVE], 5220 5221 ALL_TAC 5222] THEN 5223 5224REPEAT STRIP_TAC THEN EQ_TAC THEN STRIP_TAC THENL [ 5225 MP_TAC (Q.SPECL [`n`, `e1`, `e2`, `e1`, `e3`, `tl`, `data1`, 5226 `data2`, `FST (s:holfoot_state)`, `s1`, `s1`, `s1`] 5227 holfoot_ap_data_list_seg_num___SAME_LENGTH_START) THEN 5228 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 5229 ASL_IS_SUBSTATE___REFL, SUBSET_DEF, 5230 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, EVERY_MEM] THEN 5231 REPEAT STRIP_TAC THEN 5232 `?x'. MEM x' data1 /\ (FST x' = FST x) /\ (SND x' = SND x)` by METIS_TAC[] THEN 5233 Cases_on `x'` THEN 5234 FULL_SIMP_TAC std_ss [], 5235 5236 5237 `(FST s,s1) IN holfoot_ap_data_list_seg_num n tl e1 data2 e3 = 5238 (FST s,s1) IN holfoot_ap_data_list_seg_num n tl e1 data2 e2` by ( 5239 MATCH_MP_TAC holfoot_ap_data_list_seg_num___REWRITE_END_EXP THEN 5240 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 5241 ) THEN 5242 ASM_REWRITE_TAC[] THEN 5243 MATCH_MP_TAC holfoot_ap_data_list_seg_num___ELIM_DATA THEN 5244 Q.EXISTS_TAC `data1` THEN 5245 FULL_SIMP_TAC std_ss [EVERY_MEM] 5246]); 5247 5248 5249 5250 5251 5252val VAR_RES_FRAME_SPLIT___data_list_seg___SAME_START_END___REMOVE___REWRITE = store_thm ( 5253"VAR_RES_FRAME_SPLIT___data_list_seg___SAME_START_END___REMOVE___REWRITE", 5254``!wpb rpb e1 e2 tl data1 data2 sfb_context sfb_split sfb_imp. 5255((LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5256 ALL_DISTINCT (MAP FST data2) /\ 5257 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5258 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2) ==> 5259 5260(VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5261 sfb_context 5262 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_split) 5263 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data2 e2) sfb_imp) 5264 5265 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_context) 5266 sfb_split 5267 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5268 (EVERY (\x. MEM x data1) data2)) sfb_imp))``, 5269 5270REPEAT STRIP_TAC THEN 5271MP_TAC (Q.SPECL [`wpb`, `rpb`, `e1`, `e2`, `e2`, `tl`, 5272 `data1`, `data2`, `sfb_context`, `sfb_split`, `sfb_imp`] 5273 VAR_RES_FRAME_SPLIT___data_list_seg_num___SAME_LENGTH___REMOVE___REWRITE) THEN 5274ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_list_seg_def, 5275 VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5276 var_res_prop___COND_INSERT, BAG_UNION_INSERT, 5277 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 5278 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 5279 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 5280 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num] THEN 5281REPEAT STRIP_TAC THEN 5282Q.PAT_X_ASSUM `!n sfb_rest s. X` 5283 (MP_TAC o Q.SPECL [`sfb_rest`, `s`] o 5284 (CONV_RULE (RESORT_FORALL_CONV (fn [x1,x2,x3] => [x2,x3,x1])))) THEN 5285Q.PAT_X_ASSUM `var_res_prop___PROP f X Y s` MP_TAC THEN 5286ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 5287 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 5288 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 5289 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 5290 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 5291 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num] THEN 5292SIMP_TAC std_ss [var_res_bool_proposition_REWRITE, asl_bool_EVAL, 5293 var_res_prop_equal_unequal_EXPAND, IN_ABS, IN_SING, 5294 asl_emp_DISJOINT_FMAP_UNION, DISJOINT_FMAP_UNION___FEMPTY, 5295 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM] THEN 5296 5297Q.HO_MATCH_ABBREV_TAC 5298`(?s1 s2 n. P1 s1 s2 n) ==> 5299 (!n. (?s1 s2. P1 s1 s2 n) ==> 5300 ((?s1 s2. P2 s1 s2 n) = (?s1 s2. P1' s1 s2 n))) ==> 5301 ((?s1 s2 n. P2 s1 s2 n) = (?s1 s2 n. P1'' s1 s2 n))` THEN 5302 5303`P1'' = P1'` by ( 5304 Q.UNABBREV_TAC `P1''` THEN Q.UNABBREV_TAC `P1'` THEN 5305 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [FUN_EQ_THM] THEN 5306 REPEAT STRIP_TAC THEN 5307 IMP_RES_TAC holfoot_ap_data_list_seg_num___EXP_DEFINED THEN 5308 FULL_SIMP_TAC std_ss [] 5309) THEN 5310ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 5311Q.UNABBREV_TAC `P1''` THEN 5312STRIP_TAC THEN 5313` 5314(!s1 s2 n'. P1 s1 s2 n' ==> (n = n')) /\ 5315(!s1 s2 n'. P2 s1 s2 n' ==> (n = n')) /\ 5316(!s1 s2 n'. P1' s1 s2 n' ==> (n = n'))` suffices_by (STRIP_TAC THEN 5317 METIS_TAC[] 5318) THEN 5319 5320Tactical.REVERSE ( 5321sg `!s1 s2 n' data. 5322 (DISJOINT_FMAP_UNION (SOME s1) (SOME s2) = SOME (SND s)) /\ 5323 (FST s,s1) IN holfoot_ap_data_list_seg_num n' tl e1 data e2 ==> 5324 (n' = n)`) THEN1 ( 5325 UNABBREV_ALL_TAC THEN 5326 ASM_SIMP_TAC std_ss [] THEN 5327 METIS_TAC[] 5328) THEN 5329 5330UNABBREV_ALL_TAC THEN 5331FULL_SIMP_TAC std_ss [] THEN 5332REPEAT STRIP_TAC THEN 5333MATCH_MP_TAC holfoot_ap_data_list_seg_num___SAME_START_END THEN 5334 5335EVERY (map Q.EXISTS_TAC [`e1`, `e2`, `e1`, `e2`, `tl`, `data`, 5336 `data1`, `FST (s:holfoot_state)`, `s1'`, `s1`, `SND (s:holfoot_state)`]) THEN 5337 5338FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 5339METIS_TAC [ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP]); 5340 5341 5342 5343 5344 5345val VAR_RES_FRAME_SPLIT___data_list_seg___SAME_START_END___REMOVE = store_thm ( 5346"VAR_RES_FRAME_SPLIT___data_list_seg___SAME_START_END___REMOVE", 5347``!wpb rpb wpb' sr sfb_restP e1 e2 tl data1 data2 sfb_context sfb_split sfb_imp. 5348((LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5349 ALL_DISTINCT (MAP FST data2)) /\ 5350 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5351 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 ==> 5352 5353(VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5354 sfb_context 5355 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_split) 5356 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data2 e2) sfb_imp) 5357 sfb_restP = 5358 5359VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5360 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_context) 5361 sfb_split 5362 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5363 (EVERY (\x. MEM x data1) data2)) sfb_imp) sfb_restP)``, 5364 5365 5366REPEAT STRIP_TAC THEN 5367MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 5368MATCH_MP_TAC VAR_RES_FRAME_SPLIT___data_list_seg___SAME_START_END___REMOVE___REWRITE THEN 5369ASM_REWRITE_TAC[]); 5370 5371 5372 5373 5374 5375 5376 5377val VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE = store_thm ( 5378"VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE", 5379``!wpb rpb e2 e3 tl n m e1 data1 data2 sfb_context sfb_split sfb_imp. 5380 5381(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5382(ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) ==> 5383(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5384 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5385 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5386 5387(VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5388 sfb_context 5389 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5390 (BAG_INSERT (holfoot_ap_data_list_seg_num (n+m) tl e1 data2 e3) sfb_imp) 5391 5392 sfb_context 5393 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5394 5395 (BAG_INSERT (asl_and (holfoot_not_in_heap e3) 5396 (holfoot_ap_data_list_seg_num n tl e1 data1 e2)) 5397 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5398 (EVERY (\x. MEM (FST x, TAKE n (SND x)) data1) data2)) 5399 (BAG_INSERT (holfoot_ap_data_list_seg_num m tl e2 5400 (MAP (\x. (FST x, (DROP n (SND x)))) data2) e3) sfb_imp))))``, 5401 5402REPEAT STRIP_TAC THEN 5403`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 5404 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 5405 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e3)` by ( 5406 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 5407) THEN 5408ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num___SPLIT] THEN 5409 5410Tactical.REVERSE (Cases_on `ALL_DISTINCT (tl::(MAP FST data1))`) THEN1 ( 5411 `holfoot_ap_data_list_seg_num n tl e1 data1 e2 = asl_false` by ( 5412 MATCH_MP_TAC (holfoot_ap_data_list_seg_num___DATA_PROPS) THEN 5413 ASM_SIMP_TAC std_ss [] 5414 ) THEN 5415 ASM_SIMP_TAC std_ss [asl_bool_REWRITES, VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5416 var_res_prop___COND_INSERT, BAG_UNION_INSERT, 5417 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_false, 5418 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 5419 var_res_prop___PROP___asl_false, asl_bool_EVAL] 5420) THEN 5421FULL_SIMP_TAC std_ss [] THEN 5422Q.HO_MATCH_ABBREV_TAC ` 5423VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5424 sfb_context 5425 (BAG_INSERT listP1 sfb_split) 5426 (BAG_INSERT 5427 (asl_and (holfoot_not_in_heap e3) 5428 (asl_exists c. 5429 asl_star holfoot_separation_combinator 5430 (listP1' c) 5431 (listP2' c))) sfb_imp) 5432 sfb_context 5433 (BAG_INSERT listP1 sfb_split) 5434 (BAG_INSERT (asl_and (holfoot_not_in_heap e3) listP1) 5435 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION data2_cond) (BAG_INSERT listP2 sfb_imp)))` THEN 5436 5437`(!c. VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) (listP1' c)) /\ 5438 (!c. VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) (listP2' c)) /\ 5439 VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) listP1 /\ 5440 VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) listP2` by ( 5441 UNABBREV_ALL_TAC THEN 5442 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num, 5443 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 5444) THEN 5445 5446`(!c. VAR_RES_IS_STACK_IMPRECISE (listP1' c)) /\ 5447 (!c. VAR_RES_IS_STACK_IMPRECISE (listP2' c))` by ( 5448 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS_def] 5449) THEN 5450 5451ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5452 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 5453 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 5454 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star, 5455 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_and, 5456 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_not_in_heap, 5457 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 5458 holfoot_separation_combinator_def, 5459 var_res_prop___PROP_INSERT, 5460 var_res_prop___COND_INSERT, 5461 var_res_prop___COND_UNION, 5462 BAG_UNION_INSERT] THEN 5463 5464ASM_SIMP_TAC std_ss [asl_bool_EVAL, holfoot_not_in_heap_def, 5465 IN_ABS, asl_star___VAR_RES_IS_STACK_IMPRECISE, 5466 asl_emp_DISJOINT_FMAP_UNION, IN_SING, 5467 IS_SEPARATION_COMBINATOR___FINITE_MAP, 5468 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 5469 VAR_RES_IS_STACK_IMPRECISE___USED_VARS_def, 5470 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 5471 var_res_bool_proposition_REWRITE, 5472 DISJOINT_FMAP_UNION___FEMPTY] THEN 5473REPEAT STRIP_TAC THEN 5474 5475`SET_OF_BAG (wpb + rpb) SUBSET FDOM (FST s)` by ( 5476 METIS_TAC [var_res_prop___PROP___VARS, pairTheory.FST, IN_DEF] 5477) THEN 5478 5479`?c. e3 (FST s) = SOME c` by ( 5480 SIMP_TAC std_ss [GSYM IS_SOME_EXISTS] THEN 5481 METIS_TAC [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___IS_SOME_IMPL] 5482) THEN 5483 5484`?s3. ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s3 (SND s) /\ 5485 (FST s,s3) IN listP1` by ( 5486 Q.PAT_X_ASSUM `var_res_prop___PROP f X Y s` MP_TAC THEN 5487 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 5488 var_res_prop___COND_UNION, var_res_prop___COND_INSERT] THEN 5489 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP] 5490) THEN 5491 5492ASM_SIMP_TAC std_ss [] THEN 5493 5494CONV_TAC (LHS_CONV (RESORT_EXISTS_CONV 5495 (fn [s1, s2, c'', es1, es2] => [es1, es2, s2, c'', s1])) THENC 5496 RHS_CONV (RESORT_EXISTS_CONV 5497 (fn [s1, s2, s1', s2'] => [s1, s1', s2', s2]))) THEN 5498REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 5499 5500REPEAT STRIP_TAC THEN 5501EQ_TAC THENL [ 5502 SIMP_TAC (std_ss++CONJ_ss) [DISJOINT_FMAP_UNION___REWRITE, 5503 FDOM_FUNION, DISJOINT_UNION_BOTH, IN_UNION] THEN 5504 STRIP_TAC THEN 5505 ASM_SIMP_TAC std_ss [DISJOINT_SYM, FUNION_ASSOC] THEN 5506 `(e2 (FST s) = SOME c'') /\ (s1 = s3) /\ data2_cond` by ( 5507 MP_TAC ( 5508 Q.SPECL [`n`, `e1`, `e2`, `e1`, `var_res_exp_const c''`, `tl`, `data1`, ` (MAP (\x. (FST x,TAKE n (SND x))) data2)`, 5509 `FST (s:holfoot_state)`, `s3`, `s1`, `SND (s:holfoot_state)`] 5510 holfoot_ap_data_list_seg_num___SAME_LENGTH_START) THEN 5511 Q.UNABBREV_TAC `listP1'` THEN 5512 Q.UNABBREV_TAC `data2_cond` THEN 5513 FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 5514 GSYM FUNION_ASSOC] THEN 5515 SIMP_TAC std_ss [ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION, 5516 FUNION_DEF, var_res_exp_const_def, SUBSET_UNION, 5517 EVERY_MEM, MEM_MAP, GSYM RIGHT_EXISTS_AND_THM, 5518 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM] THEN 5519 FULL_SIMP_TAC std_ss [SUBSET_DEF, MEM_MAP, 5520 GSYM LEFT_FORALL_IMP_THM] THEN 5521 METIS_TAC[pairTheory.FST, pairTheory.SND, pairTheory.PAIR] 5522 ) THEN 5523 ASM_REWRITE_TAC[] THEN 5524 5525 Q.UNABBREV_TAC `listP2` THEN Q.UNABBREV_TAC `listP2'` THEN 5526 FULL_SIMP_TAC std_ss [] THEN 5527 MATCH_MP_TAC (MP_LEQ_CANON 5528 holfoot_ap_data_list_seg_num___REWRITE_START_EXP) THEN 5529 Q.EXISTS_TAC `var_res_exp_const c''` THEN 5530 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 5531 SIMP_TAC std_ss [var_res_exp_const_def], 5532 5533 5534 5535 Q.UNABBREV_TAC `data2_cond` THEN 5536 SIMP_TAC (std_ss++CONJ_ss) [DISJOINT_FMAP_UNION___REWRITE, 5537 FDOM_FUNION, DISJOINT_UNION_BOTH, IN_UNION] THEN 5538 STRIP_TAC THEN 5539 FULL_SIMP_TAC std_ss [DISJOINT_SYM, FUNION_ASSOC] THEN 5540 `?c''. (e2 (FST s) = SOME c'')` by ( 5541 Q.UNABBREV_TAC `listP1` THEN 5542 FULL_SIMP_TAC std_ss [GSYM IS_SOME_EXISTS] THEN 5543 METIS_TAC[holfoot_ap_data_list_seg_num___EXP_DEFINED, 5544 pairTheory.FST] 5545 ) THEN 5546 Q.EXISTS_TAC `c''` THEN 5547 REPEAT STRIP_TAC THENL [ 5548 Q.UNABBREV_TAC `listP2` THEN 5549 FULL_SIMP_TAC std_ss [] THEN 5550 `(FST s,s1') IN holfoot_not_in_heap e3` by 5551 METIS_TAC[holfoot_ap_data_list_seg_num___END_EXP_NOT_IN_FDOM] THEN 5552 FULL_SIMP_TAC std_ss [holfoot_not_in_heap_def, IN_ABS] THEN 5553 FULL_SIMP_TAC std_ss [] THEN 5554 METIS_TAC[], 5555 5556 5557 Q.UNABBREV_TAC `listP1` THEN 5558 Q.UNABBREV_TAC `listP1'` THEN 5559 FULL_SIMP_TAC std_ss [EVERY_MEM, 5560 SUBSET_DEF, MEM_MAP, GSYM LEFT_FORALL_IMP_THM] THEN 5561 MATCH_MP_TAC (MP_LEQ_CANON holfoot_ap_data_list_seg_num___REWRITE_END_EXP) THEN 5562 Q.EXISTS_TAC `e2` THEN 5563 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 5564 CONJ_TAC THEN1 SIMP_TAC std_ss [var_res_exp_const_def] THEN 5565 MATCH_MP_TAC holfoot_ap_data_list_seg_num___ELIM_DATA THEN 5566 Q.EXISTS_TAC `data1` THEN 5567 ASM_SIMP_TAC (std_ss++boolSimps.ETA_ss) [MEM_MAP, 5568 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM, 5569 GSYM LEFT_FORALL_IMP_THM, MAP_MAP_o, o_DEF], 5570 5571 5572 Q.UNABBREV_TAC `listP2` THEN 5573 Q.UNABBREV_TAC `listP2'` THEN 5574 FULL_SIMP_TAC std_ss [] THEN 5575 MATCH_MP_TAC (MP_LEQ_CANON holfoot_ap_data_list_seg_num___REWRITE_START_EXP) THEN 5576 Q.EXISTS_TAC `e2` THEN 5577 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 5578 SIMP_TAC std_ss [var_res_exp_const_def] 5579 ] 5580]); 5581 5582 5583 5584val VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START = store_thm ( 5585"VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START", 5586``!sr sfb_restP wpb rpb wpb' e2 e3 tl n m e1 data1 data2 sfb_context sfb_split sfb_imp. 5587 5588(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5589(ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) ==> 5590(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5591 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5592 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5593 5594(VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5595 sfb_context 5596 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5597 (BAG_INSERT (holfoot_ap_data_list_seg_num (n+m) tl e1 data2 e3) sfb_imp) 5598 sfb_restP = 5599 5600VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5601 sfb_context 5602 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5603 5604 (BAG_INSERT (asl_and (holfoot_not_in_heap e3) 5605 (holfoot_ap_data_list_seg_num n tl e1 data1 e2)) 5606 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5607 (EVERY (\x. MEM (FST x, TAKE n (SND x)) data1) data2)) 5608 (BAG_INSERT (holfoot_ap_data_list_seg_num m tl e2 5609 (MAP (\x. (FST x, (DROP n (SND x)))) data2) e3) sfb_imp))) 5610 sfb_restP)``, 5611 5612REPEAT STRIP_TAC THEN 5613MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 5614MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE) THEN 5615ASM_REWRITE_TAC[]); 5616 5617 5618 5619val VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE___not_in_heap = store_thm ( 5620"VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE___not_in_heap", 5621``!wpb rpb e2 e3 tl n m e1 data1 data2 sfb_context sfb_split sfb_imp. 5622 5623((holfoot_implies_in_heap_or_null 5624 (BAG_UNION sfb_imp sfb_context) 5625 (BAG_UNION sfb_imp sfb_context) e3) \/ 5626(holfoot_implies_in_heap_or_null 5627 (BAG_UNION sfb_split sfb_context) 5628 (BAG_UNION sfb_split sfb_context) e3)) /\ 5629(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5630(ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) ==> 5631(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5632 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5633 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5634 5635(VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5636 sfb_context 5637 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5638 (BAG_INSERT (holfoot_ap_data_list_seg_num (n+m) tl e1 data2 e3) sfb_imp) 5639 5640 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_context) 5641 sfb_split 5642 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5643 (EVERY (\x. MEM (FST x, TAKE n (SND x)) data1) data2)) 5644 (BAG_INSERT (holfoot_ap_data_list_seg_num m tl e2 5645 (MAP (\x. (FST x, (DROP n (SND x)))) data2) e3) sfb_imp)))``, 5646 5647REPEAT GEN_TAC THEN 5648Q.ABBREV_TAC `e3_imp = ((holfoot_implies_in_heap_or_null 5649 (BAG_UNION sfb_imp sfb_context) 5650 (BAG_UNION sfb_imp sfb_context) e3) \/ 5651(holfoot_implies_in_heap_or_null 5652 (BAG_UNION sfb_split sfb_context) 5653 (BAG_UNION sfb_split sfb_context) e3))` THEN 5654REPEAT STRIP_TAC THEN 5655Q.UNABBREV_TAC `e3_imp` THEN 5656MP_TAC ( 5657Q.SPECL [`wpb`, `rpb`, `e2`, `e3`, `tl`, `n`, `m`, `e1`, `data1`, `data2`, `sfb_context`, `sfb_split`, `sfb_imp`] 5658 VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE) THEN 5659ASM_REWRITE_TAC[] THEN 5660SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___REWRITE_OK___EQ_REWRITE] THEN 5661DISCH_TAC THEN POP_ASSUM (K ALL_TAC) THEN 5662SIMP_TAC std_ss [GSYM VAR_RES_FRAME_SPLIT___REWRITE_OK___EQ_REWRITE] THEN 5663 5664Q.HO_MATCH_ABBREV_TAC `VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5665 sfb_context (BAG_INSERT listP1 sfb_split) 5666 (BAG_INSERT (asl_and (holfoot_not_in_heap e3) listP1) 5667 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5668 data2_cond) (BAG_INSERT listP2 sfb_imp))) 5669 (BAG_INSERT listP1 sfb_context) sfb_split 5670 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5671 data2_cond) (BAG_INSERT listP2 sfb_imp))` THEN 5672 5673Tactical.REVERSE (Cases_on `data2_cond = T`) THEN1 ( 5674 FULL_SIMP_TAC std_ss [var_res_bool_proposition_TF] THEN 5675 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5676 IS_SEPARATION_COMBINATOR___FINITE_MAP, 5677 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 5678 BAG_UNION_INSERT, 5679 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_and, 5680 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_not_in_heap 5681 ] THEN 5682 ASM_SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, 5683 var_res_prop___PROP___REWRITE, var_res_bigstar_REWRITE, 5684 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 5685 asl_false___asl_star_THM, asl_bool_EVAL] 5686) THEN 5687Q.UNABBREV_TAC `data2_cond` THEN 5688` 5689 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5690 sfb_context (BAG_INSERT listP1 sfb_split) 5691 (BAG_INSERT (asl_and (holfoot_not_in_heap e3) listP1) 5692 (BAG_INSERT listP2 sfb_imp)) 5693 sfb_context (BAG_INSERT listP1 sfb_split) 5694 (BAG_INSERT listP1 (BAG_INSERT listP2 sfb_imp))` suffices_by (STRIP_TAC THEN 5695 FULL_SIMP_TAC std_ss [var_res_bool_proposition_TF, 5696 VAR_RES_FRAME_SPLIT___REWRITE_OK___stack_true, 5697 prove (``BAG_INSERT X (BAG_INSERT (var_res_prop_stack_true f) b) = 5698 (BAG_INSERT (var_res_prop_stack_true f) (BAG_INSERT X b))``, PROVE_TAC[BAG_INSERT_commutes])] THEN 5699 FULL_SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___REWRITE_OK___EQ_REWRITE] THEN 5700 SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___REWRITE_OK___FRAME, 5701 GSYM VAR_RES_FRAME_SPLIT___REWRITE_OK___EQ_REWRITE] 5702) THEN 5703 5704SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5705 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 5706 var_res_prop___PROP_INSERT, BAG_UNION_INSERT] THEN 5707 5708SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [IN_ABS, GSYM RIGHT_EXISTS_AND_THM, 5709 GSYM LEFT_EXISTS_AND_THM, asl_bool_EVAL] THEN 5710REPEAT STRIP_TAC THEN 5711ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_and, 5712 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_not_in_heap] THEN 5713 5714REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 5715SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_not_in_heap_def, 5716 IN_ABS] THEN 5717 5718REPEAT STRIP_TAC THEN 5719 5720`?c. (e3 (FST s) = SOME c)` by ( 5721 Q.UNABBREV_TAC `listP2` THEN 5722 FULL_SIMP_TAC std_ss [GSYM IS_SOME_EXISTS] THEN 5723 METIS_TAC[holfoot_ap_data_list_seg_num___EXP_DEFINED, 5724 pairTheory.FST] 5725) THEN 5726ASM_SIMP_TAC std_ss [] THEN 5727Cases_on `c = 0` THEN1 ( 5728 METIS_TAC[holfoot_ap_data_list_seg_num___NULL_NOT_IN_FDOM, 5729 pairTheory.SND] 5730) THEN 5731`c IN FDOM s2` suffices_by (STRIP_TAC THEN 5732 FULL_SIMP_TAC std_ss [DISJOINT_DEF, EXTENSION, DISJOINT_FMAP_UNION___REWRITE, 5733 NOT_IN_EMPTY, IN_INTER, IN_UNION, FDOM_FUNION] THEN 5734 METIS_TAC[] 5735) THEN 5736 5737`?sfb s22. 5738 holfoot_implies_in_heap_or_null sfb sfb e3 /\ 5739 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s22 s2 /\ 5740 (FST s, s22) IN var_res_bigstar DISJOINT_FMAP_UNION sfb` by ( 5741 5742 FULL_SIMP_TAC std_ss [] THENL [ 5743 Q.ABBREV_TAC `sfb = sfb_imp + sfb_context` THEN 5744 `sfb_imp + (sfb_rest + sfb_context) = sfb + sfb_rest` by 5745 METIS_TAC[ASSOC_BAG_UNION, COMM_BAG_UNION] THEN 5746 FULL_SIMP_TAC std_ss [] THEN 5747 Q.EXISTS_TAC `sfb` THEN 5748 Q.PAT_X_ASSUM `(FST s, s2') IN X` MP_TAC THEN 5749 ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 5750 IS_SEPARATION_COMBINATOR___FINITE_MAP, 5751 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 5752 GSYM asl_bigstar_REWRITE, IN_ABS] THEN 5753 ASM_SIMP_TAC std_ss [var_res_bigstar_UNION, 5754 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 5755 REPEAT STRIP_TAC THEN 5756 `VAR_RES_IS_STACK_IMPRECISE (var_res_bigstar DISJOINT_FMAP_UNION sfb) /\ 5757 VAR_RES_IS_STACK_IMPRECISE (var_res_bigstar DISJOINT_FMAP_UNION sfb_rest)` by ( 5758 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___var_res_bigstar], []) THEN 5759 ASM_SIMP_TAC std_ss [] THEN 5760 Q.UNABBREV_TAC `sfb` THEN 5761 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, 5762 BAG_IN_BAG_UNION, DISJ_IMP_THM, FORALL_AND_THM, 5763 VAR_RES_IS_STACK_IMPRECISE___USED_VARS_def, BAG_EVERY] 5764 ) THEN 5765 FULL_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 5766 IN_ABS] THEN 5767 Q.EXISTS_TAC `es1` THEN 5768 ASM_REWRITE_TAC[holfoot_separation_combinator_def] THEN 5769 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP, 5770 ASL_IS_SUBSTATE___TRANS], 5771 5772 5773 5774 Q.PAT_X_ASSUM `X s` MP_TAC THEN 5775 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 5776 var_res_prop___COND_INSERT, 5777 var_res_prop___COND_UNION] THEN 5778 REPEAT STRIP_TAC THEN 5779 `s1'' = s1` by ( 5780 MP_TAC (Q.SPECL [`n`, `e1`, `e2`, `e1`, `e2`, `tl`, `data1`, 5781 `data1`, `FST (s:holfoot_state)`, `s1`, `s1''`, `SND (s:holfoot_state)`] 5782 holfoot_ap_data_list_seg_num___SAME_LENGTH_START) THEN 5783 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 5784 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP] 5785 ) THEN 5786 `s2'' = s2` by METIS_TAC[DISJOINT_FMAP_UNION___CANCELLATIVE] THEN 5787 Q.ABBREV_TAC `sfb = sfb_split + sfb_context` THEN 5788 Q.EXISTS_TAC `sfb` THEN Q.EXISTS_TAC `s2` THEN 5789 ASM_SIMP_TAC std_ss [ASL_IS_SUBSTATE___REFL] THEN 5790 Q.PAT_X_ASSUM `(FST s, s2'') IN XXX` MP_TAC THEN 5791 ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 5792 IS_SEPARATION_COMBINATOR___FINITE_MAP, IN_ABS] 5793 ] 5794) THEN 5795Q.PAT_X_ASSUM `X \/ Y` (K ALL_TAC) THEN 5796 5797`c IN FDOM s22` suffices_by (STRIP_TAC THEN 5798 FULL_SIMP_TAC std_ss [ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION, 5799 SUBSET_DEF] 5800) THEN 5801 5802Q.PAT_X_ASSUM `holfoot_implies_in_heap_or_null sfb sfb e3` MP_TAC THEN 5803ASM_SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def, 5804 holfoot_implies_in_heap_pred_def, GSYM LEFT_EXISTS_IMP_THM] THEN 5805Q.EXISTS_TAC `FST (s:holfoot_state)` THEN 5806Q.EXISTS_TAC `FST (s:holfoot_state)` THEN 5807Q.EXISTS_TAC `s22` THEN 5808Q.EXISTS_TAC `s22` THEN 5809ASM_SIMP_TAC std_ss [VAR_RES_STACK_IS_SUBSTATE___REFL]); 5810 5811 5812 5813 5814 5815 5816 5817 5818val VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___not_in_heap___imp = store_thm ( 5819"VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___not_in_heap___imp", 5820``!wpb rpb wpb' e2 e3 tl n m e1 data1 data2 sfb_context sfb_split sfb_imp sfb_restP sr. 5821 5822(holfoot_implies_in_heap_or_null 5823 (BAG_UNION sfb_imp sfb_context) 5824 (BAG_UNION sfb_imp sfb_context) e3) /\ 5825(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5826(ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) ==> 5827(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5828 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5829 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5830 5831(VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5832 sfb_context 5833 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5834 (BAG_INSERT (holfoot_ap_data_list_seg_num (n+m) tl e1 data2 e3) sfb_imp) sfb_restP = 5835 5836 VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5837 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_context) 5838 sfb_split 5839 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5840 (EVERY (\x. MEM (FST x, TAKE n (SND x)) data1) data2)) 5841 (BAG_INSERT (holfoot_ap_data_list_seg_num m tl e2 5842 (MAP (\x. (FST x, (DROP n (SND x)))) data2) e3) sfb_imp)) 5843 sfb_restP)``, 5844 5845 5846REPEAT STRIP_TAC THEN 5847MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 5848MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE___not_in_heap) THEN 5849ASM_REWRITE_TAC[]); 5850 5851 5852 5853 5854val VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___not_in_heap___split = store_thm ( 5855"VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___not_in_heap___split", 5856``!wpb rpb wpb' e2 e3 tl n m e1 data1 data2 sfb_context sfb_split sfb_imp sfb_restP sr. 5857 5858(holfoot_implies_in_heap_or_null 5859 (BAG_UNION sfb_split sfb_context) 5860 (BAG_UNION sfb_split sfb_context) e3) /\ 5861(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5862(ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) ==> 5863(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5864 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5865 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5866 5867(VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5868 sfb_context 5869 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_split) 5870 (BAG_INSERT (holfoot_ap_data_list_seg_num (n+m) tl e1 data2 e3) sfb_imp) sfb_restP = 5871 5872 VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 5873 (BAG_INSERT (holfoot_ap_data_list_seg_num n tl e1 data1 e2) sfb_context) 5874 sfb_split 5875 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5876 (EVERY (\x. MEM (FST x, TAKE n (SND x)) data1) data2)) 5877 (BAG_INSERT (holfoot_ap_data_list_seg_num m tl e2 5878 (MAP (\x. (FST x, (DROP n (SND x)))) data2) e3) sfb_imp)) 5879 sfb_restP)``, 5880 5881 5882REPEAT STRIP_TAC THEN 5883MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 5884MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE___not_in_heap) THEN 5885ASM_REWRITE_TAC[]); 5886 5887 5888 5889 5890 5891val VAR_RES_FRAME_SPLIT___data_list_seg___REMOVE_START___REWRITE = 5892store_thm ("VAR_RES_FRAME_SPLIT___data_list_seg___REMOVE_START___REWRITE", 5893``!data1 data2 wpb rpb sfb_context sfb_split sfb_imp e1 e2 e3 tl. 5894 5895(holfoot_implies_in_heap_or_null 5896 (BAG_UNION sfb_split sfb_context) 5897 (BAG_UNION sfb_split sfb_context) e3) /\ 5898(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 5899(ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) ==> 5900 5901(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 5902 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 5903 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 5904 5905((VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5906 sfb_context 5907 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_split) 5908 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data2 e3) sfb_imp)) 5909 5910 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_context) 5911 sfb_split 5912 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 5913 (EVERY (\x. MEM (FST x,TAKE (LENGTH (SND (HD data1))) (SND x)) data1) data2)) ( 5914 BAG_INSERT 5915 (holfoot_ap_data_list_seg tl e2 5916 (MAP (\x. (FST x, (DROP (LENGTH (SND (HD data1))) (SND x)))) data2) e3) sfb_imp)))``, 5917 5918 5919REPEAT STRIP_TAC THEN 5920SIMP_TAC std_ss [holfoot_ap_data_list_seg_def] THEN 5921 5922Q.HO_MATCH_ABBREV_TAC ` 5923 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5924 sfb_context 5925 (BAG_INSERT (asl_exists n. listP1 n) sfb_split) 5926 (BAG_INSERT (asl_exists n. listP2 n) sfb_imp) 5927 (BAG_INSERT (asl_exists n. listP1 n) sfb_context) 5928 sfb_split 5929 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION data2_cond) 5930 (BAG_INSERT (asl_exists n. listP3 n) sfb_imp))` THEN 5931 5932 5933`(!n. VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) (listP1 n)) /\ 5934 (!n. VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) (listP2 n)) /\ 5935 (!n. VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) (listP3 n))` by ( 5936 UNABBREV_ALL_TAC THEN 5937 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg_num] 5938) THEN 5939 5940`!n m. VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 5941 sfb_context (BAG_INSERT (listP1 n) sfb_split) 5942 (BAG_INSERT (listP2 (n+m)) sfb_imp) 5943 (BAG_INSERT (listP1 n) sfb_context) sfb_split 5944 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION data2_cond) 5945 (BAG_INSERT (listP3 m) sfb_imp))` by ( 5946 5947 UNABBREV_ALL_TAC THEN 5948 REPEAT STRIP_TAC THEN 5949 Tactical.REVERSE (Cases_on `data2 <> [] /\ (LENGTH (SND (HD data1)) <> n)`) THEN1 ( 5950 `(EVERY (\x. MEM (FST x,TAKE (LENGTH (SND (HD data1))) (SND x)) data1) data2 = 5951 EVERY (\x. MEM (FST x,TAKE n (SND x)) data1) data2) /\ 5952 (MAP (\x. (FST x,DROP (LENGTH (SND (HD data1))) (SND x))) data2 = 5953 MAP (\x. (FST x,DROP n (SND x))) data2)` by ( 5954 Cases_on `data2` THEN FULL_SIMP_TAC list_ss []) THEN 5955 ASM_SIMP_TAC std_ss [] THEN 5956 MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___data_list_seg_num___REMOVE_START___REWRITE___not_in_heap) THEN 5957 ASM_REWRITE_TAC[] 5958 ) THEN 5959 `holfoot_ap_data_list_seg_num n tl e1 data1 e2 = asl_false` by ( 5960 MATCH_MP_TAC holfoot_ap_data_list_seg_num___DATA_PROPS THEN 5961 5962 Cases_on `data2` THEN FULL_SIMP_TAC list_ss [] THEN 5963 Cases_on `data1` THEN FULL_SIMP_TAC list_ss [INSERT_SUBSET, MEM_MAP] 5964 ) THEN 5965 5966 ASM_SIMP_TAC std_ss [VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5967 var_res_prop___PROP___asl_false, asl_bool_EVAL, BAG_UNION_INSERT] 5968) THEN 5969 5970 5971POP_ASSUM MP_TAC THEN 5972ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [VAR_RES_FRAME_SPLIT___REWRITE_OK___REWRITE, 5973 var_res_prop___COND_INSERT, 5974 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_exists_direct, 5975 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 5976 BAG_UNION_INSERT, 5977 prove ( 5978 ``BAG_INSERT (var_res_bool_proposition f b) (BAG_INSERT sf B) = 5979 (BAG_INSERT sf (BAG_INSERT (var_res_bool_proposition f b) B))``, 5980 PROVE_TAC[bagTheory.BAG_INSERT_commutes])] THEN 5981SIMP_TAC std_ss [var_res_prop___PROP___asl_exists, 5982 asl_bool_EVAL, prove ( 5983 ``BAG_INSERT sf (BAG_INSERT (asl_exists x. P x) B) = 5984 (BAG_INSERT (asl_exists x. P x) (BAG_INSERT sf B))``, 5985 PROVE_TAC[bagTheory.BAG_INSERT_commutes]), 5986 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, IN_DEF] THEN 5987REPEAT STRIP_TAC THEN 5988Tactical.REVERSE EQ_TAC THEN1 ( 5989 REPEAT STRIP_TAC THEN 5990 `n'' = n` suffices_by (STRIP_TAC THEN 5991 Q.EXISTS_TAC `n + n'` THEN 5992 Q.PAT_X_ASSUM `!n m sfb_rest s. X` (MP_TAC o 5993 Q.SPECL [`n`, `n'`, `sfb_rest`, `s`]) THEN 5994 ASM_SIMP_TAC std_ss [] THEN 5995 METIS_TAC[BAG_INSERT_commutes] 5996 ) THEN 5997 `?s1 s2. (FST s, s1) IN listP1 n /\ 5998 (FST s, s2) IN listP1 n'' /\ 5999 (ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1 (SND s)) /\ 6000 (ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s2 (SND s))` by ( 6001 REPEAT (Q.PAT_X_ASSUM `var_res_prop___PROP f X Y s` MP_TAC) THEN 6002 ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 6003 var_res_prop___COND_INSERT, var_res_prop___COND_UNION, 6004 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 6005 IN_ABS] THEN 6006 REPEAT STRIP_TAC THEN 6007 Q.EXISTS_TAC `s1` THEN Q.EXISTS_TAC `s1'` THEN 6008 ASM_REWRITE_TAC[] THEN 6009 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP] 6010 ) THEN 6011 MATCH_MP_TAC holfoot_ap_data_list_seg_num___SAME_START_END THEN 6012 Q.EXISTS_TAC `e1` THEN Q.EXISTS_TAC `e2` THEN 6013 Q.EXISTS_TAC `e1` THEN Q.EXISTS_TAC `e2` THEN 6014 Q.EXISTS_TAC `tl` THEN 6015 Q.EXISTS_TAC `data1` THEN Q.EXISTS_TAC `data1` THEN 6016 Q.EXISTS_TAC `FST (s:holfoot_state)` THEN 6017 Q.EXISTS_TAC `s2` THEN 6018 Q.EXISTS_TAC `s1` THEN 6019 Q.EXISTS_TAC `SND (s:holfoot_state)` THEN 6020 Q.UNABBREV_TAC `listP1` THEN 6021 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 6022) THEN 6023REPEAT STRIP_TAC THEN 6024Tactical.REVERSE (Cases_on `n' < n`) THEN1 ( 6025 `?m. n' = n + m` by ( 6026 Q.EXISTS_TAC `n' - n` THEN 6027 DECIDE_TAC 6028 ) THEN 6029 Q.PAT_X_ASSUM `!n m sfb_rest s. X s` (MP_TAC o Q.SPECL 6030 [`n`, `m`, `sfb_rest`, `s`]) THEN 6031 FULL_SIMP_TAC std_ss [] THEN 6032 METIS_TAC[BAG_INSERT_commutes] 6033) THEN 6034`?m. n = n' + SUC m` by ( 6035 Q.EXISTS_TAC `PRE (n - n')` THEN 6036 DECIDE_TAC 6037) THEN 6038CCONTR_TAC THEN POP_ASSUM (K ALL_TAC) THEN 6039 6040REPEAT (Q.PAT_X_ASSUM `var_res_prop___PROP X Y Z s` MP_TAC) THEN 6041ASM_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, 6042 var_res_prop___COND_INSERT, var_res_prop___COND_UNION] THEN 6043Q.UNABBREV_TAC `listP1` THEN 6044`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 6045 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 6046 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e3)` by ( 6047 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 6048) THEN 6049ASM_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num___SPLIT, IN_ABS, 6050 asl_bool_EVAL, holfoot_separation_combinator_def, 6051 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM] THEN 6052 6053ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 6054 VAR_RES_IS_STACK_IMPRECISE___data_list_seg_num, IN_ABS, 6055 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 6056REPEAT STRIP_TAC THEN 6057CCONTR_TAC THEN FULL_SIMP_TAC std_ss [] THEN 6058`(e3 (FST s) = SOME c) /\ (s1' = es1)` by ( 6059 MP_TAC (Q.SPECL [`n'`, `e1`, `e3`, `e1`, `var_res_exp_const c`, `tl`, `data2`, 6060 `MAP (\x. (FST x,TAKE n' (SND x))) data1`, `FST (s:holfoot_state)`, `s1'`, `es1`, `SND (s:holfoot_state)`] 6061 holfoot_ap_data_list_seg_num___SAME_LENGTH_START) THEN 6062 Q.UNABBREV_TAC `listP2` THEN 6063 FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 6064 MATCH_MP_TAC (prove (``(A /\ (B ==> C)) ==> ((A ==> B) ==> C)``, METIS_TAC[])) THEN 6065 SIMP_TAC std_ss [var_res_exp_const_def] THEN 6066 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP, 6067 ASL_IS_SUBSTATE___TRANS] 6068) THEN 6069`~(c = 0) /\ (c IN FDOM es2)` by ( 6070 Q.PAT_X_ASSUM `(FST s, es2) IN X` MP_TAC THEN 6071 FULL_SIMP_TAC std_ss [holfoot_ap_data_list_seg_num___STACK_IMPRECISE___REWRITE, 6072 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 6073 IN_ABS, holfoot_ap_points_to_def, LET_THM] THEN 6074 STRIP_TAC THEN 6075 FULL_SIMP_TAC std_ss [var_res_exp_const_def, DISJOINT_FMAP_UNION___REWRITE, 6076 FDOM_FUNION, IN_UNION, IN_SING] 6077) THEN 6078`c IN FDOM s2` suffices_by (STRIP_TAC THEN 6079 FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, 6080 FDOM_FUNION, DISJOINT_UNION_BOTH] THEN 6081 FULL_SIMP_TAC std_ss [EXTENSION, DISJOINT_DEF, IN_INTER, NOT_IN_EMPTY] THEN 6082 METIS_TAC[] 6083) THEN 6084Q.PAT_X_ASSUM `(FST s, s2) IN Y` MP_TAC THEN 6085ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, IN_ABS] THEN 6086STRIP_TAC THEN 6087 6088Q.PAT_X_ASSUM `holfoot_implies_in_heap_or_null x y e3` MP_TAC THEN 6089ASM_SIMP_TAC std_ss [holfoot_implies_in_heap_or_null_def, 6090 holfoot_implies_in_heap_pred_def, GSYM LEFT_EXISTS_IMP_THM] THEN 6091 6092Q.EXISTS_TAC `FST (s:holfoot_state)` THEN 6093Q.EXISTS_TAC `FST (s:holfoot_state)` THEN 6094Q.EXISTS_TAC `s2` THEN 6095Q.EXISTS_TAC `s2` THEN 6096ASM_SIMP_TAC std_ss [VAR_RES_STACK_IS_SUBSTATE___REFL, 6097 holfoot_separation_combinator_def]); 6098 6099 6100 6101 6102val VAR_RES_FRAME_SPLIT___data_list_seg___REMOVE_START = store_thm ( 6103"VAR_RES_FRAME_SPLIT___data_list_seg___REMOVE_START", 6104``!data1 data2 wpb rpb wpb' sr sfb_restP sfb_context sfb_split sfb_imp e1 e2 e3 tl. 6105 6106(holfoot_implies_in_heap_or_null 6107 (BAG_UNION sfb_split sfb_context) 6108 (BAG_UNION sfb_split sfb_context) e3) ==> 6109((LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1)) /\ 6110 (ALL_DISTINCT (tl::(MAP FST data1)) ==> ALL_DISTINCT (MAP FST data2)) /\ 6111 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 6112 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 6113 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e3) ==> 6114 6115((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 6116 sfb_context 6117 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_split) 6118 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data2 e3) sfb_imp) sfb_restP) = 6119 6120 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 6121 (BAG_INSERT (holfoot_ap_data_list_seg tl e1 data1 e2) sfb_context) 6122 sfb_split 6123 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 6124 (EVERY (\x. MEM (FST x,TAKE (LENGTH (SND (HD data1))) (SND x)) data1) data2)) ( 6125 BAG_INSERT 6126 (holfoot_ap_data_list_seg tl e2 6127 (MAP (\x. (FST x, (DROP (LENGTH (SND (HD data1))) (SND x)))) data2) e3) sfb_imp)) 6128 sfb_restP))``, 6129 6130REPEAT STRIP_TAC THEN 6131MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 6132MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___data_list_seg___REMOVE_START___REWRITE) THEN 6133ASM_REWRITE_TAC[]); 6134 6135 6136(*----------------- 6137 * Queues 6138 *-----------------*) 6139 6140val holfoot_ap_data_queue_def = Define ` 6141 holfoot_ap_data_queue tl startExp data endExp = 6142 var_res_prop_binexpression_cond DISJOINT_FMAP_UNION $= 6143 startExp (var_res_exp_const 0) 6144 (var_res_bool_proposition DISJOINT_FMAP_UNION 6145 (EVERY (\td. NULL (SND td)) data)) 6146 (asl_star holfoot_separation_combinator 6147 (asl_star holfoot_separation_combinator 6148 (var_res_bool_proposition DISJOINT_FMAP_UNION 6149 (EVERY (\td. ~(NULL (SND td))) data)) 6150 (holfoot_ap_data_list_seg tl startExp 6151 (MAP (\td. (FST td, FRONT (SND td))) data) endExp)) 6152 (holfoot_ap_points_to endExp 6153 (LIST_TO_FMAP (ZIP 6154 (tl::MAP FST data, MAP var_res_exp_const 6155 (0::MAP (\x. LAST (SND x)) data))))))`; 6156 6157 6158val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_queue = 6159store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_queue", 6160`` !tl startExp data endExp vs. 6161 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs 6162 startExp /\ 6163 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs 6164 endExp ==> 6165 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 6166 (holfoot_ap_data_queue tl startExp data endExp)``, 6167 6168SIMP_TAC std_ss [holfoot_ap_data_queue_def] THEN 6169REPEAT STRIP_TAC THEN 6170CONSEQ_REWRITE_TAC ([], 6171 [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_binexpression_cond, 6172 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 6173 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star___holfoot, 6174 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg, 6175 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 6176 FEVERY_LIST_TO_FMAP], []) THEN 6177ASM_SIMP_TAC list_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 6178 ZIP_MAP, EVERY_MAP]); 6179 6180 6181val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_queue = 6182store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_queue", 6183`` !tl startExp data endExp. 6184 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 6185 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp) ==> 6186 VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_data_queue tl startExp data endExp)``, 6187 6188REWRITE_TAC [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 6189 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 6190 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_queue]); 6191 6192 6193val var_res_prop_varlist_update___holfoot_ap_data_queue = 6194store_thm ("var_res_prop_varlist_update___holfoot_ap_data_queue", 6195``!vcL tl startExp data endExp. 6196 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS startExp) /\ 6197 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS endExp) ==> 6198 6199 (var_res_prop_varlist_update vcL (holfoot_ap_data_queue tl startExp data endExp) = 6200 holfoot_ap_data_queue tl (var_res_exp_varlist_update vcL startExp) data (var_res_exp_varlist_update vcL endExp))``, 6201 6202REPEAT STRIP_TAC THEN 6203REWRITE_TAC [holfoot_ap_data_queue_def] THEN 6204Q.ABBREV_TAC `points_pred = (holfoot_ap_points_to endExp 6205 (LIST_TO_FMAP 6206 (ZIP 6207 (tl::MAP FST data, 6208 MAP var_res_exp_const 6209 (0::MAP (\x. LAST (SND x)) data)))))` THEN 6210`VAR_RES_IS_STACK_IMPRECISE points_pred` by ( 6211 Q.UNABBREV_TAC `points_pred` THEN 6212 CONSEQ_REWRITE_TAC ([], 6213 [VAR_RES_IS_STACK_IMPRECISE___points_to, 6214 FEVERY_LIST_TO_FMAP], []) THEN 6215 ASM_SIMP_TAC list_ss [ZIP_MAP, EVERY_MAP, 6216 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 6217) THEN 6218ASM_SIMP_TAC list_ss [holfoot_separation_combinator_def, 6219 var_res_exp_varlist_update___const_EVAL, 6220 var_res_prop_varlist_update___BOOL, 6221 var_res_prop_varlist_update___asl_star, 6222 var_res_prop_varlist_update___var_res_prop_binexpression_cond, 6223 var_res_prop_varlist_update___holfoot_ap_data_list_seg, 6224 VAR_RES_IS_STACK_IMPRECISE___var_res_bool_proposition, 6225 VAR_RES_IS_STACK_IMPRECISE___asl_star, 6226 VAR_RES_IS_STACK_IMPRECISE___data_list_seg, 6227 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 6228Q.UNABBREV_TAC `points_pred` THEN 6229ASM_SIMP_TAC list_ss [var_res_prop_varlist_update___holfoot_ap_points_to, 6230 o_f_LIST_TO_FMAP, ZIP_MAP, MAP_MAP_o, o_DEF, MAP_ZIP_EQ, 6231 var_res_exp_varlist_update___const_EVAL]); 6232 6233 6234 6235 6236val holfoot_ap_data_queue___startExp_null = store_thm ( 6237"holfoot_ap_data_queue___startExp_null", 6238``holfoot_ap_data_queue tl (var_res_exp_const 0) data endExp = 6239 var_res_bool_proposition DISJOINT_FMAP_UNION 6240 (EVERY (\td. NULL (SND td)) data)``, 6241SIMP_TAC std_ss [holfoot_ap_data_queue_def, 6242 var_res_prop_binexpression_cond___CONST_REWRITE]); 6243 6244 6245val holfoot_ap_data_queue___endExp_null = store_thm ( 6246"holfoot_ap_data_queue___endExp_null", 6247``holfoot_ap_data_queue tl startExp data (var_res_exp_const 0) = 6248 asl_trivial_cond 6249 (EVERY (\td. NULL (SND td)) data) 6250 (var_res_prop_equal DISJOINT_FMAP_UNION startExp (var_res_exp_const 0))``, 6251 6252SIMP_TAC std_ss [holfoot_ap_data_queue_def, 6253 holfoot_ap_points_to___null, asl_false___asl_star_THM, 6254 var_res_prop_binexpression_cond_def, 6255 asl_bool_EVAL, asl_trivial_cond_def, 6256 var_res_bool_proposition_REWRITE, IN_ABS] THEN 6257ONCE_REWRITE_TAC[FUN_EQ_THM] THEN 6258SIMP_TAC std_ss [COND_RAND, COND_RATOR, 6259 asl_bool_EVAL, var_res_prop_equal_unequal_EXPAND] THEN 6260SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) []); 6261 6262 6263 6264(*----------------- 6265 * Arrays 6266 *-----------------*) 6267 6268 6269 6270val holfoot_ap_data_array_MAP_LIST_def = Define 6271`holfoot_ap_data_array_MAP_LIST (e:holfoot_a_expression) (n:num) 6272 (data:((holfoot_tag # num list) list)) = 6273 (MAP (\n. (var_res_exp_add e n, 6274 LIST_TO_FMAP (MAP (\tl. (FST tl, (var_res_exp_const (EL n (SND tl))):holfoot_a_expression)) data))) 6275 (COUNT_LIST n))` 6276 6277 6278val holfoot_ap_data_array_def = Define ` 6279 holfoot_ap_data_array e ne data = 6280 var_res_exp_prop ne (\n. 6281 (asl_trivial_cond (EVERY (\tl. (LENGTH (SND tl) = n)) data /\ 6282 ALL_DISTINCT (MAP FST data)) 6283 (var_res_map DISJOINT_FMAP_UNION 6284 (\el. holfoot_ap_points_to (FST el) (SND el)) 6285 (holfoot_ap_data_array_MAP_LIST e n data))))` 6286 6287 6288val LENGTH___holfoot_ap_data_array_MAP_LIST = store_thm ("LENGTH___holfoot_ap_data_array_MAP_LIST", 6289``LENGTH (holfoot_ap_data_array_MAP_LIST e n data) = n``, 6290SIMP_TAC list_ss [holfoot_ap_data_array_MAP_LIST_def, LENGTH_COUNT_LIST]); 6291 6292 6293val EL___holfoot_ap_data_array_MAP_LIST = store_thm ("EL___holfoot_ap_data_array_MAP_LIST", 6294``!e n data m. (m < n) ==> 6295(EL m (holfoot_ap_data_array_MAP_LIST e n data) = 6296 (var_res_exp_add e m, 6297 LIST_TO_FMAP (MAP (\tl. (FST tl), var_res_exp_const (EL m (SND tl))) data)))``, 6298SIMP_TAC list_ss [holfoot_ap_data_array_MAP_LIST_def, EL_MAP, LENGTH_COUNT_LIST, 6299 EL_COUNT_LIST]); 6300 6301 6302val MEM___holfoot_ap_data_array_MAP_LIST = store_thm ("MEM___holfoot_ap_data_array_MAP_LIST", 6303``!x e n data. MEM x (holfoot_ap_data_array_MAP_LIST e n data) = 6304 (?m. m < n /\ (x = (var_res_exp_add e m, 6305 LIST_TO_FMAP (MAP (\tl. (FST tl), var_res_exp_const (EL m (SND tl))) data))))``, 6306 6307SIMP_TAC (std_ss++boolSimps.CONJ_ss) [MEM_EL, EL___holfoot_ap_data_array_MAP_LIST, 6308 LENGTH___holfoot_ap_data_array_MAP_LIST]); 6309 6310 6311val holfoot_ap_data_array_MAP_LIST___REWRITE = store_thm ("holfoot_ap_data_array_MAP_LIST___REWRITE", 6312``(!e data. (holfoot_ap_data_array_MAP_LIST e 0 data) = []) /\ 6313 (!e n data. (holfoot_ap_data_array_MAP_LIST e (SUC n) data) = 6314 ((e, LIST_TO_FMAP (MAP (\tl. (FST tl), var_res_exp_const (HD (SND tl))) data)):: 6315 (holfoot_ap_data_array_MAP_LIST (var_res_exp_add e 1) n 6316 (MAP (\tl. (FST tl, TL (SND tl))) data))))``, 6317 6318SIMP_TAC list_ss [holfoot_ap_data_array_MAP_LIST_def, COUNT_LIST_def] THEN 6319SIMP_TAC list_ss [var_res_exp_add_sub_REWRITES, MAP_MAP_o, o_DEF, 6320 EL, GSYM arithmeticTheory.ADD1]); 6321 6322 6323val holfoot_ap_data_array_MAP_LIST___REWRITE_EVAL = save_thm 6324 ("holfoot_ap_data_array_MAP_LIST___REWRITE_EVAL", 6325 CONV_RULE numLib.SUC_TO_NUMERAL_DEFN_CONV holfoot_ap_data_array_MAP_LIST___REWRITE); 6326 6327 6328val holfoot_ap_data_array___CONST = store_thm ("holfoot_ap_data_array___CONST", 6329``holfoot_ap_data_array e (var_res_exp_const n) data = 6330 (asl_trivial_cond (EVERY (\tl. (LENGTH (SND tl) = n)) data /\ 6331 ALL_DISTINCT (MAP FST data)) 6332 (var_res_map DISJOINT_FMAP_UNION 6333 (\el. holfoot_ap_points_to (FST el) (SND el)) 6334 (holfoot_ap_data_array_MAP_LIST e n data)))``, 6335SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop___CONST]); 6336 6337 6338 6339val holfoot_ap_data_array_0 = store_thm ("holfoot_ap_data_array_0", 6340``!e data. holfoot_ap_data_array e (var_res_exp_const 0) data = 6341 var_res_bool_proposition DISJOINT_FMAP_UNION (EVERY (\tl. NULL (SND tl)) data /\ 6342 ALL_DISTINCT (MAP FST data))``, 6343 6344SIMP_TAC list_ss [holfoot_ap_data_array___CONST, holfoot_ap_data_array_MAP_LIST___REWRITE, 6345 var_res_map___REWRITES, IS_SEPARATION_COMBINATOR___FINITE_MAP, 6346 asl_trivial_cond___var_res_stack_true, LENGTH_NIL, GSYM NULL_EQ_NIL]); 6347 6348 6349val holfoot_ap_data_array_0_start = store_thm ("holfoot_ap_data_array_0_start", 6350``!n data. holfoot_ap_data_array (var_res_exp_const 0) n data = 6351 asl_trivial_cond ((EVERY (\tl. NULL (SND tl)) data /\ 6352 ALL_DISTINCT (MAP FST data))) 6353 (var_res_prop_equal DISJOINT_FMAP_UNION n (var_res_exp_const 0))``, 6354 6355ONCE_REWRITE_TAC[FUN_EQ_THM] THEN 6356SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, LET_THM, 6357 asl_bool_EVAL, var_res_prop_equal_unequal_EXPAND, IN_ABS, 6358 var_res_exp_const_EVAL, IN_SING, asl_emp_DISJOINT_FMAP_UNION] THEN 6359REPEAT STRIP_TAC THEN 6360Cases_on `n (FST x)` THEN ASM_SIMP_TAC std_ss [] THEN 6361Cases_on `x'` THENL [ 6362 ASM_SIMP_TAC list_ss [LENGTH_NIL, NULL_EQ_NIL, 6363 holfoot_ap_data_array_MAP_LIST___REWRITE, var_res_map___REWRITES, 6364 IS_SEPARATION_COMBINATOR___FINITE_MAP, var_res_prop_stack_true_REWRITE, 6365 IN_ABS, asl_emp_DISJOINT_FMAP_UNION, IN_SING], 6366 6367 6368 ASM_SIMP_TAC list_ss [ 6369 holfoot_ap_data_array_MAP_LIST___REWRITE, var_res_map___REWRITES, 6370 IS_SEPARATION_COMBINATOR___FINITE_MAP, holfoot_ap_points_to___null, 6371 asl_false___asl_star_THM, asl_bool_EVAL] 6372]); 6373 6374 6375 6376val holfoot_ap_data_array_SUC = store_thm ("holfoot_ap_data_array_SUC", 6377``!e n data. 6378 (holfoot_ap_data_array e (var_res_exp_const (SUC n)) data = 6379 asl_trivial_cond (EVERY (\tl. ~(NULL (SND tl))) data) 6380 (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 6381 (holfoot_ap_points_to e (LIST_TO_FMAP 6382 (MAP (\tl. (FST tl,var_res_exp_const (HD (SND tl)))) data))) 6383 (holfoot_ap_data_array (var_res_exp_add e 1) (var_res_exp_const n) 6384 (MAP (\tl. (FST tl, TL (SND tl))) data))))``, 6385 6386REPEAT STRIP_TAC THEN 6387SIMP_TAC list_ss [holfoot_ap_data_array___CONST, holfoot_ap_data_array_MAP_LIST___REWRITE, 6388 var_res_map___REWRITES, IS_SEPARATION_COMBINATOR___FINITE_MAP, 6389 EVERY_MAP] THEN 6390SIMP_TAC std_ss [asl_trivial_cond___asl_star, asl_trivial_cond___asl_trivial_cond, 6391 GSYM EVERY_CONJ, CONJ_ASSOC, MAP_MAP_o, o_DEF, ETA_THM] THEN 6392`!l:num list. (~NULL l /\ (LENGTH (TL l) = n)) = (LENGTH l = SUC n)` by ( 6393 Cases_on `l` THEN SIMP_TAC list_ss [] 6394) THEN 6395ASM_SIMP_TAC std_ss []); 6396 6397 6398val holfoot_ap_data_array_SNOC = store_thm ("holfoot_ap_data_array_SNOC", 6399``!e n data. 6400 (holfoot_ap_data_array e (var_res_exp_const (SUC n)) data = 6401 asl_trivial_cond (EVERY (\tl. ~(NULL (SND tl))) data) 6402 (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 6403 (holfoot_ap_data_array e (var_res_exp_const n) 6404 (MAP (\tl. (FST tl, FRONT (SND tl))) data)) 6405 (holfoot_ap_points_to (var_res_exp_add e n) (LIST_TO_FMAP 6406 (MAP (\tl. (FST tl,var_res_exp_const (EL n (SND tl)))) data)))))``, 6407 6408REPEAT STRIP_TAC THEN 6409SIMP_TAC list_ss [holfoot_ap_data_array___CONST, holfoot_ap_data_array_MAP_LIST_def, 6410 COUNT_LIST_SNOC, MAP_SNOC, var_res_map_SNOC, IS_SEPARATION_COMBINATOR___FINITE_MAP, 6411 var_res_map_MAP, o_DEF, EVERY_MAP, MAP_MAP_o] THEN 6412SIMP_TAC std_ss [asl_trivial_cond___asl_star, asl_trivial_cond___asl_trivial_cond, 6413 GSYM EVERY_CONJ, CONJ_ASSOC, ETA_THM] THEN 6414`!l:num list. (~NULL l /\ (LENGTH (FRONT l) = n)) = (LENGTH l = SUC n)` by ( 6415 Cases_on `l` THEN SIMP_TAC list_ss [LENGTH_FRONT_CONS] 6416) THEN 6417ASM_SIMP_TAC std_ss [] THEN 6418Cases_on `EVERY (\tl. LENGTH (SND tl) = SUC n) data /\ 6419 ALL_DISTINCT (MAP FST data)` THEN ( 6420 FULL_SIMP_TAC std_ss [asl_trivial_cond_TF] 6421) THEN 6422AP_THM_TAC THEN AP_TERM_TAC THEN 6423MATCH_MP_TAC var_res_map___FUN_EQ THEN 6424SIMP_TAC std_ss [MEM_COUNT_LIST, IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 6425REPEAT STRIP_TAC THEN 6426AP_TERM_TAC THEN AP_TERM_TAC THEN 6427Induct_on `data` THEN SIMP_TAC list_ss [] THEN 6428METIS_TAC[EL_FRONT]); 6429 6430 6431val holfoot_ap_data_array_1 = store_thm ("holfoot_ap_data_array_1", 6432``!e data. 6433 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 6434 (holfoot_ap_data_array e (var_res_exp_const 1) data = 6435 asl_trivial_cond (EVERY (\tl. (LENGTH (SND tl) = 1)) data /\ (ALL_DISTINCT (MAP FST data))) 6436 (holfoot_ap_points_to e (LIST_TO_FMAP 6437 (MAP (\tl. (FST tl,var_res_exp_const (HD (SND tl)))) data))))``, 6438 6439SIMP_TAC std_ss [CONV_RULE numLib.SUC_TO_NUMERAL_DEFN_CONV holfoot_ap_data_array_SUC, 6440 holfoot_ap_data_array_0, EVERY_MAP] THEN 6441REPEAT STRIP_TAC THEN 6442Q.ABBREV_TAC `p = (holfoot_ap_points_to e (LIST_TO_FMAP 6443 (MAP (\tl. (FST tl,var_res_exp_const (HD (SND tl)))) data)))` THEN 6444`VAR_RES_IS_STACK_IMPRECISE p` by ( 6445 Q.UNABBREV_TAC `p` THEN 6446 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___points_to, 6447 FEVERY_LIST_TO_FMAP], []) THEN 6448 ASM_SIMP_TAC list_ss [EVERY_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 6449) THEN 6450ASM_SIMP_TAC std_ss [asl_trivial_cond___asl_star_var_res_bool_proposition, 6451 IS_SEPARATION_COMBINATOR___FINITE_MAP, GSYM EVERY_CONJ, 6452 asl_trivial_cond___asl_trivial_cond, CONJ_ASSOC, MAP_MAP_o, 6453 o_DEF, ETA_THM] THEN 6454`!l:num list. (~NULL l /\ (NULL (TL l))) = (LENGTH l = 1)` by ( 6455 Cases_on `l` THEN SIMP_TAC list_ss [] THEN 6456 Cases_on `t` THEN SIMP_TAC list_ss [] 6457) THEN 6458ASM_SIMP_TAC std_ss []); 6459 6460 6461val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array = 6462store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array", 6463``!e n data vs. 6464 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e /\ 6465 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs n ==> 6466 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 6467 (holfoot_ap_data_array e n data)``, 6468 6469SIMP_TAC std_ss [holfoot_ap_data_array_def] THEN 6470REPEAT STRIP_TAC THEN 6471MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_exp_prop THEN 6472ASM_SIMP_TAC std_ss [] THEN 6473CONSEQ_REWRITE_TAC ([], 6474 [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_trivial_cond, 6475 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_map], []) THEN 6476ASM_SIMP_TAC std_ss [EVERY_MEM, MEM___holfoot_ap_data_array_MAP_LIST, 6477 IS_SEPARATION_COMBINATOR___FINITE_MAP, GSYM LEFT_FORALL_IMP_THM] THEN 6478REPEAT STRIP_TAC THEN 6479CONSEQ_REWRITE_TAC ([], 6480 [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 6481 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_add_sub, 6482 FEVERY_LIST_TO_FMAP], []) THEN 6483ASM_SIMP_TAC list_ss [EVERY_MAP, 6484 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL]); 6485 6486 6487 6488val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array = 6489store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array", 6490`` !e n data. 6491 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 6492 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n) ==> 6493 VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_data_array e n data)``, 6494 6495REWRITE_TAC [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 6496 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 6497 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array]); 6498 6499 6500val var_res_prop_varlist_update___holfoot_ap_data_array = 6501store_thm ("var_res_prop_varlist_update___holfoot_ap_data_array", 6502``!vcL e n data. 6503 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 6504 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n) ==> 6505 (var_res_prop_varlist_update vcL (holfoot_ap_data_array e n data) = 6506 holfoot_ap_data_array (var_res_exp_varlist_update vcL e) (var_res_exp_varlist_update vcL n) data)``, 6507 6508SIMP_TAC std_ss [holfoot_ap_data_array_def, 6509 var_res_prop_varlist_update___var_res_exp_prop, 6510 var_res_prop_varlist_update___asl_trivial_cond, 6511 holfoot_ap_data_array_MAP_LIST_def, 6512 var_res_map_MAP, o_DEF] THEN 6513REPEAT STRIP_TAC THEN 6514AP_TERM_TAC THEN ABS_TAC THEN AP_TERM_TAC THEN 6515Q.MATCH_ABBREV_TAC `var_res_prop_varlist_update vcL (var_res_map DISJOINT_FMAP_UNION P l) = XXX` THEN 6516Q.UNABBREV_TAC `XXX` THEN 6517`!l. VAR_RES_IS_STACK_IMPRECISE (P l)` by ( 6518 Q.UNABBREV_TAC `P` THEN 6519 SIMP_TAC std_ss [] THEN 6520 CONSEQ_REWRITE_TAC ([], [ 6521 VAR_RES_IS_STACK_IMPRECISE___points_to, 6522 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 6523 FEVERY_LIST_TO_FMAP], []) THEN 6524 ASM_SIMP_TAC list_ss [EVERY_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 6525) THEN 6526ASM_SIMP_TAC std_ss [var_res_prop_varlist_update___var_res_map, 6527 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 6528AP_THM_TAC THEN AP_TERM_TAC THEN 6529Q.UNABBREV_TAC `P` THEN 6530ASM_SIMP_TAC std_ss [o_DEF, 6531 var_res_prop_varlist_update___holfoot_ap_points_to, 6532 var_res_exp_varlist_update___var_res_exp_add_sub_EVAL, 6533 var_res_exp_varlist_update___const_EVAL, 6534 o_f_LIST_TO_FMAP, MAP_MAP_o]); 6535 6536 6537val holfoot_ap_data_array___not_def_start = store_thm ("holfoot_ap_data_array___not_def_start", 6538``!n e data s. 6539 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 6540 (e (FST s) = NONE) ==> 6541 6542 (holfoot_ap_data_array e n data s = 6543 (EVERY (\tl. NULL (SND tl)) data /\ ALL_DISTINCT (MAP FST data) /\ 6544 (n (FST s) = SOME 0) /\ (SND s = FEMPTY)))``, 6545 6546REPEAT STRIP_TAC THEN 6547Cases_on `n (FST s)` THEN1 ( 6548 ASM_SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, LET_THM] 6549) THEN 6550`holfoot_ap_data_array e n data s = 6551 holfoot_ap_data_array e (var_res_exp_const x) data s` by ( 6552 ASM_SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, 6553 LET_THM, var_res_exp_const_EVAL] 6554) THEN 6555Cases_on `x` THEN1 ( 6556 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_array_0, 6557 var_res_bool_proposition_REWRITE, asl_emp_DISJOINT_FMAP_UNION, IN_SING] 6558) THEN 6559 6560ASM_SIMP_TAC arith_ss [holfoot_ap_data_array_SUC, asl_bool_EVAL] THEN 6561DISJ2_TAC THEN 6562Q.MATCH_ABBREV_TAC `~(s IN asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) P1 P2)` THEN 6563`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 6564 UNABBREV_ALL_TAC THEN 6565 CONSEQ_REWRITE_TAC ([], [ 6566 VAR_RES_IS_STACK_IMPRECISE___points_to, 6567 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array, 6568 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 6569 FEVERY_LIST_TO_FMAP], []) THEN 6570 ASM_SIMP_TAC list_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 6571 EVERY_MAP] 6572) THEN 6573 6574ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS] THEN 6575Q.UNABBREV_TAC `P1` THEN 6576ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, LET_THM, IN_ABS]); 6577 6578 6579val holfoot_ap_array_def = Define ` 6580 holfoot_ap_array e n = holfoot_ap_data_array e n []`; 6581 6582val holfoot_ap_array___ALTERNATIVE_DEF = store_thm ("holfoot_ap_array___ALTERNATIVE_DEF", 6583``!e en. holfoot_ap_array e en = 6584 var_res_exp_prop en (\n. 6585 var_res_map DISJOINT_FMAP_UNION (\n. 6586 holfoot_ap_points_to (var_res_exp_add e n) FEMPTY) 6587 (COUNT_LIST n))``, 6588SIMP_TAC list_ss [holfoot_ap_array_def, holfoot_ap_data_array_def, 6589 holfoot_ap_data_array_MAP_LIST_def, LIST_TO_FMAP_def, asl_trivial_cond_TF, 6590 FUPDATE_LIST_THM, var_res_map_MAP, MAP_MAP_o, o_DEF]); 6591 6592val holfoot_ap_array_SNOC = store_thm ("holfoot_ap_array_SNOC", 6593 ``!e n. holfoot_ap_array e (var_res_exp_const (SUC n)) = 6594 (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 6595 (holfoot_ap_array e (var_res_exp_const n)) 6596 (holfoot_ap_points_to (var_res_exp_add e n) FEMPTY))``, 6597 6598SIMP_TAC std_ss [holfoot_ap_array___ALTERNATIVE_DEF, COUNT_LIST_SNOC, 6599 var_res_map_SNOC, IS_SEPARATION_COMBINATOR___FINITE_MAP, 6600 var_res_exp_prop___CONST]); 6601 6602 6603 6604 6605val holfoot_ap_array_REWRITE = store_thm ("holfoot_ap_array_REWRITE", 6606``(!e. (holfoot_ap_array e (var_res_exp_const 0) = var_res_prop_stack_true DISJOINT_FMAP_UNION)) /\ 6607 (!e n. (holfoot_ap_array e (var_res_exp_const (SUC n)) = 6608 (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 6609 (holfoot_ap_points_to e FEMPTY) 6610 (holfoot_ap_array (var_res_exp_add e 1) (var_res_exp_const n)))))``, 6611SIMP_TAC list_ss [holfoot_ap_array___ALTERNATIVE_DEF, 6612 var_res_exp_prop___CONST, 6613 COUNT_LIST_def, var_res_map___REWRITES, 6614 IS_SEPARATION_COMBINATOR___FINITE_MAP, 6615 var_res_exp_add_sub_REWRITES, var_res_map_MAP, 6616 o_DEF, GSYM arithmeticTheory.ADD1]); 6617 6618 6619 6620val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array = 6621store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array", 6622``!e n vs. 6623 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e /\ 6624 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs n ==> 6625 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_array e n)``, 6626 6627SIMP_TAC std_ss [holfoot_ap_array_def, 6628 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array]); 6629 6630 6631val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_array = 6632store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_array", 6633`` !e n. 6634 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 6635 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n) ==> 6636 VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_array e n)``, 6637SIMP_TAC std_ss [holfoot_ap_array_def, VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array]); 6638 6639 6640val var_res_prop_varlist_update___holfoot_ap_array = 6641store_thm ("var_res_prop_varlist_update___holfoot_ap_array", 6642``!vcL e n. 6643 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 6644 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n) ==> 6645 (var_res_prop_varlist_update vcL (holfoot_ap_array e n) = 6646 holfoot_ap_array (var_res_exp_varlist_update vcL e) (var_res_exp_varlist_update vcL n))``, 6647SIMP_TAC std_ss [holfoot_ap_array_def, var_res_prop_varlist_update___holfoot_ap_data_array]); 6648 6649 6650val holfoot_ap_array___ALTERNATIVE_DEF2 = store_thm ("holfoot_ap_array___ALTERNATIVE_DEF2", 6651``!e en. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 6652 (holfoot_ap_array e en = 6653 var_res_exp_prop en (\n. 6654 if (n = 0) then var_res_prop_stack_true DISJOINT_FMAP_UNION else 6655 var_res_exp_prop e (\loc. 6656 (\state. loc <> 0 /\ (FDOM (SND state) = (IMAGE (\m. loc + m) (count n)))))))``, 6657 6658SIMP_TAC std_ss [holfoot_ap_array___ALTERNATIVE_DEF] THEN 6659REPEAT STRIP_TAC THEN 6660AP_TERM_TAC THEN ABS_TAC THEN 6661POP_ASSUM MP_TAC THEN 6662MAP_EVERY (fn q => Q.SPEC_TAC (q, q)) [`e`, `n`] THEN 6663Induct_on `n` THEN1 ( 6664 SIMP_TAC list_ss [COUNT_LIST_def, var_res_map___REWRITES, 6665 IS_SEPARATION_COMBINATOR___FINITE_MAP] 6666) THEN 6667SIMP_TAC std_ss [var_res_map_SNOC, IS_SEPARATION_COMBINATOR___FINITE_MAP, COUNT_LIST_SNOC] THEN 6668REPEAT STRIP_TAC THEN 6669Q.MATCH_ABBREV_TAC `asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) P1 P2 = XXX` THEN 6670Q.UNABBREV_TAC `XXX` THEN 6671`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 6672 MAP_EVERY Q.UNABBREV_TAC [`P1`, `P2`] THEN 6673 EXT_CONSEQ_REWRITE_TAC [K (DEPTH_CONV BETA_CONV)] [EVERY_MEM] ([], [ 6674 VAR_RES_IS_STACK_IMPRECISE___points_to, 6675 VAR_RES_IS_STACK_IMPRECISE___var_res_map, 6676 FEVERY_FEMPTY, 6677 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub], []) THEN 6678 ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 6679 IS_SEPARATION_COMBINATOR___FINITE_MAP] 6680) THEN 6681ASM_SIMP_TAC arith_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE] THEN 6682UNABBREV_ALL_TAC THEN 6683ONCE_REWRITE_TAC[FUN_EQ_THM] THEN GEN_TAC THEN 6684ASM_SIMP_TAC list_ss [IN_ABS, LET_THM, holfoot_ap_points_to_def, 6685 var_res_exp_add_def, var_res_exp_binop_const_REWRITE, 6686 var_res_exp_const_EVAL, FEVERY_FEMPTY, var_res_exp_prop_def, IN_SING, 6687 var_res_prop_stack_true_REWRITE, asl_emp_DISJOINT_FMAP_UNION] THEN 6688Cases_on `e (FST x)` THEN ( 6689 ASM_SIMP_TAC std_ss [] 6690) THEN 6691Cases_on `n = 0` THEN ( 6692 ASM_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___FEMPTY, FEVERY_FEMPTY, 6693 CONV_RULE numLib.SUC_TO_NUMERAL_DEFN_CONV COUNT_SUC, 6694 COUNT_ZERO, IMAGE_INSERT, IMAGE_EMPTY, COUNT_SUC, IN_ABS] 6695) THEN 6696EQ_TAC THEN REPEAT STRIP_TAC THENL [ 6697 FULL_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, 6698 FDOM_FUNION, EXTENSION, IN_SING, IN_UNION, IN_INSERT] THEN 6699 METIS_TAC[], 6700 6701 Q.ABBREV_TAC `s2 = (IMAGE (\m. m + x') (count n))` THEN 6702 Q.ABBREV_TAC `n'' = n + x'` THEN 6703 Q.EXISTS_TAC `DRESTRICT (SND x) s2` THEN 6704 Q.EXISTS_TAC `DRESTRICT (SND x) {n''}` THEN 6705 `~(n'' IN s2) /\ (s2 INTER {n''} = EMPTY)` by ( 6706 UNABBREV_ALL_TAC THEN 6707 SIMP_TAC std_ss [IN_IMAGE, IN_COUNT, EXTENSION, IN_INTER, NOT_IN_EMPTY, 6708 IN_SING] 6709 ) THEN 6710 ASM_SIMP_TAC std_ss [DISJOINT_FMAP_UNION___REWRITE, FDOM_DRESTRICT, 6711 INSERT_INTER] THEN 6712 ASM_SIMP_TAC (std_ss++CONJ_ss) [GSYM fmap_EQ_THM, EXTENSION, FUNION_DEF, 6713 DRESTRICT_DEF, IN_INTER, IN_SING, DISJOINT_DEF, 6714 NOT_IN_EMPTY, IN_INSERT, IN_UNION] THEN 6715 METIS_TAC[] 6716]); 6717 6718 6719val holfoot_ap_array_1 = store_thm ("holfoot_ap_array_1", 6720``!e. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 6721 (holfoot_ap_array e (var_res_exp_const 1) = holfoot_ap_points_to e FEMPTY)``, 6722SIMP_TAC list_ss [CONV_RULE numLib.SUC_TO_NUMERAL_DEFN_CONV holfoot_ap_array_REWRITE, 6723 asl_star___var_res_prop_stack_true___STACK_IMPRECISE___COMM, 6724 VAR_RES_IS_STACK_IMPRECISE___points_to, FEVERY_FEMPTY, 6725 IS_SEPARATION_COMBINATOR___FINITE_MAP]); 6726 6727 6728 6729val holfoot_ap_data_array___ELIM_DATA = 6730store_thm ("holfoot_ap_data_array___ELIM_DATA", 6731``!e n data1 data2 s. 6732(s IN holfoot_ap_data_array e n data2 /\ (!x. MEM x data1 ==> MEM x data2) /\ 6733 ALL_DISTINCT (MAP FST data1)) ==> 6734(s IN holfoot_ap_data_array e n data1)``, 6735 6736SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, IN_ABS, LET_THM] THEN 6737REPEAT STRIP_TAC THEN 6738`?cn. n (FST s) = SOME cn` by METIS_TAC[IS_SOME_EXISTS] THEN 6739FULL_SIMP_TAC std_ss [asl_bool_EVAL] THEN 6740POP_ASSUM (K ALL_TAC) THEN 6741CONJ_TAC THEN1 ( 6742 FULL_SIMP_TAC std_ss [EVERY_MEM] 6743) THEN 6744Q.PAT_X_ASSUM `EVERY X data2` (K ALL_TAC) THEN 6745REPEAT (POP_ASSUM MP_TAC) THEN 6746SIMP_TAC std_ss [AND_IMP_INTRO, GSYM CONJ_ASSOC] THEN 6747MAP_EVERY (fn x => Q.SPEC_TAC (x,x)) [`data1`, `data2`, `s`, `e`, `cn`] THEN 6748 6749Induct_on `cn` THEN1 ( 6750 SIMP_TAC std_ss [holfoot_ap_data_array_MAP_LIST___REWRITE] 6751) THEN 6752FULL_SIMP_TAC std_ss [holfoot_ap_data_array_MAP_LIST___REWRITE, 6753 var_res_map_REWRITE, IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 6754REPEAT STRIP_TAC THEN 6755Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 6756Q.MATCH_ABBREV_TAC `s IN asl_star f P1 P2 ==> s IN asl_star f P1' P2'` THEN 6757`(!s. s IN P1 ==> s IN P1') /\ (!s. s IN P2 ==> s IN P2')` suffices_by (STRIP_TAC THEN 6758 SIMP_TAC std_ss [asl_star_def, IN_ABS] THEN METIS_TAC[] 6759) THEN 6760 6761UNABBREV_ALL_TAC THEN 6762REPEAT STRIP_TAC THENL [ 6763 MATCH_MP_TAC holfoot_ap_points_to___SUBMAP THEN 6764 Q.EXISTS_TAC `LIST_TO_FMAP (MAP (\tl. (FST tl,var_res_exp_const (HD (SND tl)))) data2)` THEN 6765 ASM_SIMP_TAC std_ss [SUBMAP_DEF, FDOM_LIST_TO_FMAP, MAP_MAP_o, 6766 o_DEF, ETA_THM] THEN 6767 GEN_TAC THEN STRIP_TAC THEN 6768 `MEM x (MAP FST data2)` by ( 6769 FULL_SIMP_TAC list_ss [MEM_MAP] THEN METIS_TAC[] 6770 ) THEN 6771 ASM_REWRITE_TAC[] THEN 6772 Q.MATCH_ABBREV_TAC `LIST_TO_FMAP L1 ' x = LIST_TO_FMAP L2 ' x` THEN 6773 `(MAP FST L1 = MAP FST data1) /\ (MAP FST L2 = MAP FST data2)` by ( 6774 UNABBREV_ALL_TAC THEN 6775 SIMP_TAC std_ss [MAP_MAP_o, o_DEF, ETA_THM] 6776 ) THEN 6777 `?x2. MEM (x,x2) L1 /\ MEM (x,x2) L2` by ( 6778 UNABBREV_ALL_TAC THEN 6779 FULL_SIMP_TAC std_ss [MEM_MAP] THEN 6780 METIS_TAC[] 6781 ) THEN 6782 METIS_TAC [LIST_TO_FMAP___ALL_DISTINCT], 6783 6784 6785 Q.PAT_X_ASSUM `!e s data2 data1. X ==> Y` MATCH_MP_TAC THEN 6786 Q.EXISTS_TAC `MAP (\tl. (FST tl,TL (SND tl))) data2` THEN 6787 ASM_SIMP_TAC std_ss [MEM_MAP, GSYM LEFT_FORALL_IMP_THM, 6788 MAP_MAP_o, o_DEF, ETA_THM, EVERY_MAP] THEN 6789 METIS_TAC[] 6790]); 6791 6792 6793val holfoot_ap_data_array___ELIM_DATA___COMPLETE = 6794store_thm ("holfoot_ap_data_array___ELIM_DATA___COMPLETE", 6795``!e n data s. 6796(s IN holfoot_ap_data_array e n data) ==> 6797(s IN holfoot_ap_array e n)``, 6798 6799SIMP_TAC std_ss [holfoot_ap_array_def] THEN 6800REPEAT STRIP_TAC THEN 6801MATCH_MP_TAC holfoot_ap_data_array___ELIM_DATA THEN 6802Q.EXISTS_TAC `data` THEN 6803ASM_SIMP_TAC list_ss []); 6804 6805 6806 6807val holfoot_ap_data_array___DATA_PERM = 6808store_thm ("holfoot_ap_data_array___DATA_PERM", 6809``!e n data1 data2. 6810(PERM data1 data2) ==> 6811(holfoot_ap_data_array e n data1 = 6812 holfoot_ap_data_array e n data2)``, 6813 6814SIMP_TAC std_ss [holfoot_ap_data_array_def] THEN 6815REPEAT STRIP_TAC THEN 6816`(!n. (EVERY (\tl. LENGTH (SND tl) = n) data2 = 6817 EVERY (\tl. LENGTH (SND tl) = n) data1)) /\ 6818 (ALL_DISTINCT (MAP FST data2) = ALL_DISTINCT (MAP FST data1))` by ( 6819 6820 REPEAT STRIP_TAC THENL [ 6821 SIMP_TAC std_ss [EVERY_MEM] THEN 6822 METIS_TAC[sortingTheory.PERM_MEM_EQ], 6823 6824 MATCH_MP_TAC (sortingTheory.ALL_DISTINCT_PERM) THEN 6825 MATCH_MP_TAC sortingTheory.PERM_MAP THEN 6826 ASM_SIMP_TAC std_ss [sortingTheory.PERM_SYM] 6827 ] 6828) THEN 6829 6830ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [EXTENSION, var_res_exp_prop_def, 6831 LET_THM, IN_ABS, asl_bool_EVAL] THEN 6832SIMP_TAC (std_ss++CONJ_ss) [IS_SOME_EXISTS, GSYM LEFT_FORALL_IMP_THM, 6833 GSYM LEFT_EXISTS_AND_THM, GSYM RIGHT_EXISTS_AND_THM] THEN 6834REPEAT STRIP_TAC THEN 6835` 6836 (holfoot_ap_data_array_MAP_LIST e x' data2 = 6837 holfoot_ap_data_array_MAP_LIST e x' data1)` suffices_by (STRIP_TAC THEN 6838 ASM_SIMP_TAC std_ss [] 6839) THEN 6840 6841SIMP_TAC list_ss [holfoot_ap_data_array_MAP_LIST_def, 6842 LIST_EQ_REWRITE, LENGTH_COUNT_LIST, 6843 EL_MAP, EL_COUNT_LIST] THEN 6844SIMP_TAC std_ss [GSYM fmap_EQ_THM, FDOM_LIST_TO_FMAP, 6845 MAP_MAP_o, o_DEF, ETA_THM, EXTENSION, 6846 MEM_MAP, GSYM LEFT_FORALL_IMP_THM] THEN 6847REPEAT STRIP_TAC THENL [ 6848 METIS_TAC[sortingTheory.PERM_MEM_EQ], 6849 6850 Cases_on `y` THEN 6851 ASM_SIMP_TAC std_ss [] THEN 6852 MATCH_MP_TAC (prove (``!c. ((A = c) /\ (B = c)) ==> (A = B)``, SIMP_TAC std_ss [])) THEN 6853 Q.EXISTS_TAC `var_res_exp_const (EL x'' r)` THEN 6854 CONSEQ_REWRITE_TAC ([], [LIST_TO_FMAP___ALL_DISTINCT], []) THEN 6855 ASM_SIMP_TAC std_ss [MAP_MAP_o, o_DEF, ETA_THM, 6856 MEM_MAP, var_res_exp_eq_THM, GSYM RIGHT_EXISTS_AND_THM, 6857 GSYM LEFT_EXISTS_AND_THM] THEN 6858 NTAC 2 (Q.EXISTS_TAC `(q, r)`) THEN 6859 ASM_SIMP_TAC std_ss [] THEN 6860 METIS_TAC[sortingTheory.PERM_MEM_EQ] 6861]); 6862 6863 6864val holfoot_ap_data_array___NOT_EMPTY_DATA = store_thm ("holfoot_ap_data_array___NOT_EMPTY_DATA", 6865``!e n t tvL data. 6866IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 6867IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n) ==> 6868 6869(holfoot_ap_data_array e n ((t,tvL)::data) = 6870asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 6871 (var_res_prop_equal DISJOINT_FMAP_UNION n (var_res_exp_const (LENGTH tvL))) 6872 (holfoot_ap_data_array e (var_res_exp_const (LENGTH tvL)) ((t,tvL)::data)))``, 6873 6874ONCE_REWRITE_TAC [FUN_EQ_THM] THEN 6875REPEAT STRIP_TAC THEN 6876ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, 6877 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array, 6878 VAR_RES_IS_STACK_IMPRECISE___var_res_prop_equal, 6879 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 6880SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, var_res_exp_const_def, IN_ABS, 6881 asl_emp_DISJOINT_FMAP_UNION, IN_SING, DISJOINT_FMAP_UNION___FEMPTY] THEN 6882Tactical.REVERSE (Cases_on `n (FST x) = SOME (LENGTH tvL)`) THEN1 ( 6883 ASM_SIMP_TAC list_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, 6884 LET_THM, IN_ABS, asl_bool_EVAL] THEN 6885 Cases_on `n (FST x)` THEN FULL_SIMP_TAC std_ss [] 6886) THEN 6887ASM_SIMP_TAC std_ss [holfoot_ap_data_array_def, 6888 var_res_exp_prop_def, LET_THM, IN_ABS]); 6889 6890 6891 6892val holfoot_ap_data_array___LENGTH_NOT_EQ_REWRITE = store_thm ( 6893"holfoot_ap_data_array___LENGTH_NOT_EQ_REWRITE", 6894``!e nc t tvL data. 6895~(LENGTH tvL = nc) ==> 6896(holfoot_ap_data_array e (var_res_exp_const nc) ((t,tvL)::data) = 6897 asl_false)``, 6898SIMP_TAC list_ss [holfoot_ap_data_array___CONST, asl_trivial_cond_TF]); 6899 6900 6901val holfoot_ap_data_array___var_res_prop_implies___length_eq = store_thm ("holfoot_ap_data_array___var_res_prop_implies___length_eq", 6902``!wpb rpb sfb e n t tvL data. 6903 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 6904 (SET_OF_BAG (BAG_UNION wpb rpb)) n ==> 6905 6906(var_res_prop_implies DISJOINT_FMAP_UNION (wpb, rpb) 6907 (BAG_INSERT (holfoot_ap_data_array e n ((t,tvL)::data)) sfb) 6908 {|var_res_prop_equal DISJOINT_FMAP_UNION n (var_res_exp_const (LENGTH tvL))|})``, 6909 6910SIMP_TAC std_ss [var_res_prop_implies_REWRITE, BAG_UNION_INSERT, BAG_UNION_EMPTY] THEN 6911SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [var_res_prop___EQ, 6912 var_res_prop___COND_INSERT, var_res_prop___PROP___REWRITE, 6913 var_res_prop___PROP_INSERT, IN_ABS, 6914 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 6915 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] THEN 6916REPEAT STRIP_TAC THEN 6917SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, IN_ABS, 6918 asl_emp_DISJOINT_FMAP_UNION, var_res_exp_const_EVAL, IN_SING, 6919 DISJOINT_FMAP_UNION___FEMPTY, EXTENSION] THEN 6920GEN_TAC THEN 6921REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 6922SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 6923 6924SIMP_TAC list_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, LET_THM, IN_ABS, 6925 asl_bool_EVAL]); 6926 6927 6928 6929val holfoot_ap_data_array___implies_in_heap = store_thm ("holfoot_ap_data_array___implies_in_heap", 6930``!c B sfb e n data. 6931((e <= c) /\ (c < e + n)) ==> 6932(holfoot_implies_in_heap B 6933 (BAG_INSERT (holfoot_ap_data_array (var_res_exp_const e) (var_res_exp_const n) data) sfb) 6934 (var_res_exp_const c))``, 6935 6936REPEAT STRIP_TAC THEN 6937MATCH_MP_TAC holfoot_implies_in_heap___FIRST THEN 6938ASM_SIMP_TAC std_ss [var_res_exp_const_EVAL, 6939 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 6940REPEAT GEN_TAC THEN STRIP_TAC THEN 6941IMP_RES_TAC holfoot_ap_data_array___ELIM_DATA___COMPLETE THEN 6942FULL_SIMP_TAC std_ss [holfoot_ap_array___ALTERNATIVE_DEF2, 6943 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 6944 var_res_exp_prop___CONST] THEN 6945Cases_on `n = 0` THEN1 ( 6946 FULL_SIMP_TAC arith_ss [] 6947) THEN 6948FULL_SIMP_TAC arith_ss [IN_ABS, IN_IMAGE, IN_COUNT] THEN 6949Q.EXISTS_TAC `c - e` THEN 6950DECIDE_TAC); 6951 6952 6953 6954val holfoot_ap_data_array___implies_in_heap___COMPUTE = store_thm ( 6955 "holfoot_ap_data_array___implies_in_heap___COMPUTE", 6956``!e n data B c. 6957((e <= c) /\ (c < e + n)) ==> 6958(holfoot_implies_in_heap B 6959 {|holfoot_ap_data_array (var_res_exp_const e) (var_res_exp_const n) data|} 6960 (var_res_exp_const c))``, 6961SIMP_TAC std_ss [holfoot_ap_data_array___implies_in_heap]); 6962 6963 6964val holfoot_ap_data_array___NOT_EMPTY_DATA_0 = store_thm ("holfoot_ap_data_array___NOT_EMPTY_DATA_0", 6965``!e n t data. 6966holfoot_ap_data_array e n ((t,[])::data) = 6967asl_trivial_cond (EVERY (\tl. NULL (SND tl)) data /\ ALL_DISTINCT (t::(MAP FST data))) 6968 (var_res_prop_equal DISJOINT_FMAP_UNION n (var_res_exp_const 0))``, 6969 6970ONCE_REWRITE_TAC [FUN_EQ_THM] THEN 6971REPEAT STRIP_TAC THEN 6972SIMP_TAC list_ss [holfoot_ap_data_array_def, 6973 var_res_exp_prop_def, LET_THM, asl_bool_EVAL, 6974 var_res_prop_equal_unequal_EXPAND, IN_ABS, asl_emp_DISJOINT_FMAP_UNION, 6975 var_res_exp_const_def, IN_SING] THEN 6976SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 6977REPEAT STRIP_TAC THEN 6978Q.PAT_X_ASSUM `0:num = XXX` (ASSUME_TAC o GSYM) THEN 6979ASM_SIMP_TAC std_ss [LENGTH_NIL, NULL_EQ_NIL, 6980 holfoot_ap_data_array_MAP_LIST___REWRITE, 6981 var_res_map_REWRITE, IS_SEPARATION_COMBINATOR___FINITE_MAP, 6982 var_res_prop_stack_true_REWRITE, 6983 IN_ABS, asl_emp_DISJOINT_FMAP_UNION, IN_SING]); 6984 6985 6986val holfoot_ap_data_array___SPLIT = store_thm ("holfoot_ap_data_array___SPLIT", 6987``!e n1 n2 data. 6988IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 6989 6990(holfoot_ap_data_array e (var_res_exp_const (n1+n2)) data = 6991asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 6992 (holfoot_ap_data_array e (var_res_exp_const n1) 6993 (MAP (\tl. (FST tl, TAKE n1 (SND tl))) data)) 6994 (holfoot_ap_data_array (var_res_exp_add e n1) (var_res_exp_const n2) 6995 (MAP (\tl. (FST tl, DROP n1 (SND tl))) data)))``, 6996 6997 6998Induct_on `n1` THEN1 ( 6999 SIMP_TAC list_ss [holfoot_ap_data_array_0, EVERY_MAP, 7000 MAP_MAP_o, o_DEF, ETA_THM, var_res_exp_add_sub_REWRITES] THEN 7001 REPEAT STRIP_TAC THEN 7002 Cases_on `ALL_DISTINCT (MAP FST data)` THENL [ 7003 ASM_SIMP_TAC std_ss [var_res_bool_proposition_TF, 7004 IS_SEPARATION_COMBINATOR___FINITE_MAP, 7005 asl_star___var_res_prop_stack_true___STACK_IMPRECISE, 7006 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array, 7007 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL], 7008 7009 7010 ASM_SIMP_TAC std_ss [var_res_bool_proposition_TF, asl_false___asl_star_THM, 7011 holfoot_ap_data_array___CONST, asl_trivial_cond_TF] 7012 ] 7013) THEN 7014 7015ASM_SIMP_TAC std_ss [holfoot_ap_data_array_SUC, ADD, 7016 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub] THEN 7017REPEAT (POP_ASSUM (K ALL_TAC)) THEN 7018SIMP_TAC list_ss [MAP_MAP_o, o_DEF, EVERY_MAP, 7019 var_res_exp_add_sub_REWRITES, GSYM ADD1] THEN 7020REPEAT STRIP_TAC THEN 7021 7022Q.MATCH_ABBREV_TAC ` 7023 asl_trivial_cond c1 (asl_star f p1 (asl_star f a11 a12)) = 7024 asl_star f (asl_trivial_cond c1' (asl_star f p1' a11')) a12'` THEN 7025 7026`c1' = c1` by ( 7027 UNABBREV_ALL_TAC THEN 7028 AP_THM_TAC THEN AP_TERM_TAC THEN ABS_TAC THEN 7029 Cases_on `SND tl` THEN SIMP_TAC list_ss [] 7030) THEN 7031ASM_SIMP_TAC std_ss [] THEN POP_ASSUM (K ALL_TAC) THEN 7032MAP_EVERY Q.UNABBREV_TAC [`c1`, `c1'`] THEN 7033 7034Cases_on `EVERY (\tl. ~NULL (SND tl)) data` THEN ( 7035 ASM_SIMP_TAC std_ss [asl_trivial_cond_TF, asl_false___asl_star_THM] 7036) THEN 7037 7038`(MAP (\tl. (FST tl, (var_res_exp_const (HD (SND tl))):holfoot_a_expression)) data= 7039 MAP (\tl. (FST tl, var_res_exp_const (HD (TAKE (SUC n1) (SND tl))))) data) /\ 7040 (MAP (\tl. (FST tl,TL (TAKE (SUC n1) (SND tl)))) data = 7041 MAP (\tl. (FST tl,TAKE n1 (TL (SND tl)))) data) /\ 7042 (MAP (\tl. (FST tl,DROP (SUC n1) (SND tl))) data = 7043 MAP (\tl. (FST tl,DROP n1 (TL (SND tl)))) data)` by ( 7044 UNABBREV_ALL_TAC THEN 7045 FULL_SIMP_TAC list_ss [LIST_EQ_REWRITE, EVERY_MEM, EL_MAP, 7046 var_res_exp_eq_THM, GSYM FORALL_AND_THM] THEN 7047 GEN_TAC THEN 7048 Cases_on `x < LENGTH data` THEN ASM_REWRITE_TAC[] THEN 7049 `?n ns. SND (EL x data) = n::ns` by ( 7050 `MEM (EL x data) data` by METIS_TAC[EL_IS_EL] THEN 7051 RES_TAC THEN 7052 Cases_on `SND (EL x data)` THEN 7053 FULL_SIMP_TAC list_ss [] 7054 ) THEN 7055 ASM_SIMP_TAC list_ss [] 7056) THEN 7057FULL_SIMP_TAC std_ss [] THEN 7058 7059METIS_TAC[asl_star___PROPERTIES, ASSOC_DEF, 7060 IS_SEPARATION_COMBINATOR___FINITE_MAP, 7061 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR]); 7062 7063 7064val holfoot_ap_data_array___LENGTH_EXP_REWRITE = store_thm ("holfoot_ap_data_array___LENGTH_EXP_REWRITE", 7065``!e n1 n2 data s. 7066 (n1 (FST s) = n2 (FST s)) ==> 7067 (s IN holfoot_ap_data_array e n1 data = 7068 s IN holfoot_ap_data_array e n2 data)``, 7069SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, 7070 IN_ABS, LET_THM]); 7071 7072val holfoot_ap_data_array___START_EXP_REWRITE = store_thm ("holfoot_ap_data_array___START_EXP_REWRITE", 7073``!e1 e2 n data s. 7074 (IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7075 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 7076 (e1 (FST s) = e2 (FST s)) ==> 7077 (s IN holfoot_ap_data_array e1 (var_res_exp_const n) data = 7078 s IN holfoot_ap_data_array e2 (var_res_exp_const n) data))``, 7079 7080 7081Induct_on `n` THEN1 ( 7082 SIMP_TAC std_ss [holfoot_ap_data_array_0] 7083) THEN 7084SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_array_SUC, asl_bool_EVAL] THEN 7085REPEAT STRIP_TAC THEN 7086Q.MATCH_ABBREV_TAC `s IN asl_star f P1 P2 = s IN asl_star f P1' P2'` THEN 7087 7088`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P1' /\ 7089 VAR_RES_IS_STACK_IMPRECISE P2 /\ VAR_RES_IS_STACK_IMPRECISE P2'` by ( 7090 7091 UNABBREV_ALL_TAC THEN 7092 CONSEQ_REWRITE_TAC ([], [ 7093 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array, 7094 VAR_RES_IS_STACK_IMPRECISE___points_to, 7095 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 7096 FEVERY_LIST_TO_FMAP], []) THEN 7097 ASM_SIMP_TAC list_ss [EVERY_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 7098) THEN 7099Q.UNABBREV_TAC `f` THEN 7100 7101ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS] THEN 7102REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 7103REPEAT GEN_TAC THEN 7104`((FST s, es1) IN P1 = (FST s, es1) IN P1') /\ 7105 ((FST s, es2) IN P2 = (FST s, es2) IN P2')` suffices_by (STRIP_TAC THEN 7106 ASM_REWRITE_TAC[] 7107) THEN 7108UNABBREV_ALL_TAC THEN 7109ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] THEN 7110 7111Q.PAT_X_ASSUM `!e1 e2 data s. X` MATCH_MP_TAC THEN 7112ASM_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub] THEN 7113ASM_SIMP_TAC std_ss [var_res_exp_add_def, var_res_exp_binop_const_REWRITE]); 7114 7115 7116 7117 7118 7119val holfoot_ap_data_array___EXP_REWRITE = store_thm ("holfoot_ap_data_array___EXP_REWRITE", 7120``!e1 e2 n1 n2 data s. 7121 (IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7122 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 7123 (e1 (FST s) = e2 (FST s)) /\ (n1 (FST s) = n2 (FST s))) ==> 7124 (s IN holfoot_ap_data_array e1 n1 data = 7125 s IN holfoot_ap_data_array e2 n2 data)``, 7126 7127REPEAT STRIP_TAC THEN 7128Cases_on `n2 (FST s)` THEN1 ( 7129 ASM_SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, LET_THM, IN_ABS] 7130) THEN 7131`(s IN holfoot_ap_data_array e1 n1 data = 7132 s IN holfoot_ap_data_array e1 (var_res_exp_const x) data) /\ 7133 (s IN holfoot_ap_data_array e2 n2 data = 7134 s IN holfoot_ap_data_array e2 (var_res_exp_const x) data)` by 7135 METIS_TAC[holfoot_ap_data_array___LENGTH_EXP_REWRITE, var_res_exp_const_EVAL] THEN 7136ASM_SIMP_TAC std_ss [] THEN 7137METIS_TAC[holfoot_ap_data_array___START_EXP_REWRITE]); 7138 7139 7140 7141 7142val holfoot_ap_data_array___var_res_exp_const_INTRO = store_thm ("holfoot_ap_data_array___var_res_exp_const_INTRO", 7143``(!e n data nc s. 7144 (n (FST s) = SOME nc) ==> 7145 (s IN holfoot_ap_data_array e n data = 7146 s IN holfoot_ap_data_array e (var_res_exp_const nc) data)) /\ 7147 7148(!e n data ec s. 7149 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 7150 (e (FST s) = SOME ec) ==> 7151 (s IN holfoot_ap_data_array e n data = 7152 s IN holfoot_ap_data_array (var_res_exp_const ec) n data))``, 7153 7154REPEAT STRIP_TAC THENL [ 7155 MATCH_MP_TAC holfoot_ap_data_array___LENGTH_EXP_REWRITE THEN 7156 ASM_SIMP_TAC std_ss [var_res_exp_const_EVAL], 7157 7158 MATCH_MP_TAC holfoot_ap_data_array___EXP_REWRITE THEN 7159 ASM_SIMP_TAC std_ss [var_res_exp_const_EVAL, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 7160]); 7161 7162 7163 7164 7165val holfoot_ap_data_array___SAME_START_LENGTH___const = prove ( 7166``!e n data1 data2 st h1 h2 h. 7167 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h1 h /\ 7168 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h2 h /\ 7169 (st,h1) IN holfoot_ap_data_array (var_res_exp_const e) (var_res_exp_const n) data1 /\ 7170 (st,h2) IN holfoot_ap_data_array (var_res_exp_const e) (var_res_exp_const n) data2 ==> 7171 ((h1 = h2) /\ (!tag dl1 dl2. MEM (tag, dl1) data1 /\ MEM (tag, dl2) data2 ==> (dl1 = dl2)))``, 7172 7173Induct_on `n` THEN1 ( 7174 SIMP_TAC std_ss [holfoot_ap_data_array_0, var_res_bool_proposition_REWRITE, 7175 IN_ABS, asl_emp_DISJOINT_FMAP_UNION, IN_SING, NULL_EQ_NIL, 7176 ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION___FEMPTY, EVERY_MEM] THEN 7177 REPEAT STRIP_TAC THEN 7178 RES_TAC THEN 7179 FULL_SIMP_TAC std_ss [] 7180) THEN 7181 7182 7183SIMP_TAC (std_ss++CONJ_ss) [holfoot_ap_data_array_SUC, asl_bool_EVAL, 7184 var_res_exp_add_sub_REWRITES] THEN 7185REPEAT GEN_TAC THEN STRIP_TAC THEN 7186 7187REPEAT (Q.PAT_X_ASSUM `s IN asl_star f X Y` MP_TAC) THEN 7188 7189Q.MATCH_ABBREV_TAC ` 7190 (st, h1) IN asl_star f P1 P2 ==> 7191 (st, h2) IN asl_star f P1' P2' ==> XXX` THEN 7192Q.UNABBREV_TAC `XXX` THEN 7193 7194`VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P1' /\ 7195 VAR_RES_IS_STACK_IMPRECISE P2 /\ VAR_RES_IS_STACK_IMPRECISE P2'` by ( 7196 7197 UNABBREV_ALL_TAC THEN 7198 CONSEQ_REWRITE_TAC ([], [ 7199 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array, 7200 VAR_RES_IS_STACK_IMPRECISE___points_to, 7201 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 7202 FEVERY_LIST_TO_FMAP], []) THEN 7203 ASM_SIMP_TAC list_ss [EVERY_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 7204) THEN 7205Q.UNABBREV_TAC `f` THEN 7206 7207ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS, 7208 DISJOINT_FMAP_UNION___REWRITE, GSYM LEFT_FORALL_IMP_THM] THEN 7209REPEAT GEN_TAC THEN STRIP_TAC THEN 7210REPEAT GEN_TAC THEN STRIP_TAC THEN 7211 7212`(es1' = es1) /\ 7213 !tag dl1 dl2. MEM (tag,dl1) data1 /\ MEM (tag,dl2) data2 ==> (HD dl1 = HD dl2)` by ( 7214 Q.PAT_X_ASSUM `(st, es1) IN X` MP_TAC THEN 7215 Q.PAT_X_ASSUM `(st, es1') IN X` MP_TAC THEN 7216 UNABBREV_ALL_TAC THEN 7217 SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM, 7218 var_res_exp_const_EVAL, GSYM fmap_EQ_THM, IN_SING] THEN 7219 REPEAT GEN_TAC THEN STRIP_TAC THEN 7220 REPEAT GEN_TAC THEN STRIP_TAC THEN 7221 `(es1' ' e = h ' e) /\ (es1 ' e = h ' e)` by ( 7222 FULL_SIMP_TAC std_ss [ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION, 7223 FUNION_DEF, IN_SING, IN_UNION, DISJ_IMP_THM, FORALL_AND_THM] 7224 ) THEN 7225 ASM_SIMP_TAC std_ss [] THEN 7226 REPEAT STRIP_TAC THEN 7227 REPEAT (Q.PAT_X_ASSUM `FEVERY X L` MP_TAC) THEN 7228 ASM_SIMP_TAC (std_ss++CONJ_ss) [FEVERY_DEF, FDOM_LIST_TO_FMAP, MAP_MAP_o, 7229 o_DEF, IS_SOME_EXISTS, ETA_THM, 7230 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, GSYM LEFT_EXISTS_AND_THM] THEN 7231 Q.ABBREV_TAC `L1 = MAP (\tl. (FST tl,(var_res_exp_const (HD (SND tl))):holfoot_a_expression)) data1` THEN 7232 Q.ABBREV_TAC `L2 = MAP (\tl. (FST tl,(var_res_exp_const (HD (SND tl))):holfoot_a_expression)) data2` THEN 7233 REPEAT STRIP_TAC THEN 7234 `(LIST_TO_FMAP L1 ' tag st = LIST_TO_FMAP L2 ' tag st)` by 7235 METIS_TAC[pairTheory.FST] THEN 7236 `(LIST_TO_FMAP L1 ' tag = var_res_exp_const (HD dl1)) /\ 7237 (LIST_TO_FMAP L2 ' tag = var_res_exp_const (HD dl2))` suffices_by (STRIP_TAC THEN 7238 FULL_SIMP_TAC std_ss [var_res_exp_const_EVAL] 7239 ) THEN 7240 `ALL_DISTINCT (MAP FST L1) /\ ALL_DISTINCT (MAP FST L2)` by ( 7241 UNABBREV_ALL_TAC THEN 7242 FULL_SIMP_TAC std_ss [MAP_MAP_o, o_DEF, ETA_THM, 7243 holfoot_ap_data_array___CONST, asl_bool_EVAL] 7244 ) THEN 7245 `MEM (tag, var_res_exp_const (HD dl1)) L1 /\ 7246 MEM (tag, var_res_exp_const (HD dl2)) L2` by ( 7247 UNABBREV_ALL_TAC THEN 7248 ASM_SIMP_TAC std_ss [MEM_MAP, var_res_exp_eq_THM] THEN 7249 METIS_TAC[pairTheory.FST, pairTheory.SND] 7250 ) THEN 7251 ASM_SIMP_TAC std_ss [LIST_TO_FMAP___ALL_DISTINCT] 7252) THEN 7253Q.ABBREV_TAC `data1' = (MAP (\tl. (FST tl,TL (SND tl))) data1)` THEN 7254Q.ABBREV_TAC `data2' = (MAP (\tl. (FST tl,TL (SND tl))) data2)` THEN 7255`(es2 = es2') /\ 7256 !tag dl1 dl2. MEM (tag,dl1) data1' /\ MEM (tag,dl2) data2' ==> (dl1 = dl2)` by ( 7257 Q.PAT_X_ASSUM `!e data1 data2 st h1 h2 h. X` MATCH_MP_TAC THEN 7258 MAP_EVERY Q.EXISTS_TAC [`e+1`, `st`, `h`] THEN 7259 MAP_EVERY Q.UNABBREV_TAC [`P2`, `P2'`] THEN 7260 ASM_SIMP_TAC std_ss [] THEN 7261 METIS_TAC[ ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION___FUNION] 7262) THEN 7263 7264ASM_SIMP_TAC std_ss [] THEN 7265REPEAT STRIP_TAC THEN 7266Q.PAT_X_ASSUM `!e data1 data2 st h1 h2 h. X` (K ALL_TAC) THEN 7267`?dl_h dl1_l dl2_l. (dl1 = dl_h::dl1_l) /\ (dl2 = dl_h::dl2_l)` by ( 7268 FULL_SIMP_TAC std_ss [EVERY_MEM] THEN 7269 RES_TAC THEN 7270 Cases_on `dl2` THEN Cases_on `dl1` THEN 7271 FULL_SIMP_TAC list_ss [] 7272) THEN 7273ASM_SIMP_TAC list_ss [] THEN 7274 7275Q.PAT_X_ASSUM `!tag dl1 dl2. X` MATCH_MP_TAC THEN 7276Q.EXISTS_TAC `tag` THEN 7277MAP_EVERY Q.UNABBREV_TAC [`data1'`, `data2'`] THEN 7278SIMP_TAC std_ss [MEM_MAP, EXISTS_PROD, GSYM LEFT_EXISTS_AND_THM, 7279 GSYM RIGHT_EXISTS_AND_THM] THEN 7280MAP_EVERY Q.EXISTS_TAC [`dl1`, `dl2`] THEN 7281ASM_SIMP_TAC list_ss []); 7282 7283 7284 7285 7286val holfoot_ap_data_array___SAME_START_LENGTH = store_thm ("holfoot_ap_data_array___SAME_START_LENGTH", 7287``!e1 e2 n1 n2 data1 data2 st h1 h2 h. 7288 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7289 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) /\ 7290 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n1) /\ 7291 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n2) /\ 7292 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h1 h /\ 7293 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION h2 h /\ 7294 (st,h1) IN holfoot_ap_data_array e1 n1 data1 /\ 7295 (st,h2) IN holfoot_ap_data_array e2 n2 data2 /\ 7296 (e1 st = e2 st) /\ (n1 st = n2 st) ==> 7297 ((h1 = h2) /\ (!tag dl1 dl2. MEM (tag, dl1) data1 /\ MEM (tag, dl2) data2 ==> (dl1 = dl2)))``, 7298 7299REPEAT GEN_TAC THEN STRIP_TAC THEN 7300Tactical.REVERSE (Cases_on `?nc. n2 st = SOME nc`) THEN1 ( 7301 Cases_on `n2 st` THEN 7302 FULL_SIMP_TAC std_ss [holfoot_ap_data_array_def, var_res_exp_prop_def, IN_ABS, LET_THM] 7303) THEN 7304FULL_SIMP_TAC std_ss [] THEN 7305`(st,h1) IN holfoot_ap_data_array e1 (var_res_exp_const nc) data1 /\ 7306 (st,h2) IN holfoot_ap_data_array e2 (var_res_exp_const nc) data2` by 7307 METIS_TAC[holfoot_ap_data_array___var_res_exp_const_INTRO, pairTheory.FST] THEN 7308 7309Cases_on `nc` THEN1 ( 7310 FULL_SIMP_TAC std_ss [holfoot_ap_data_array_0, IN_SING, 7311 var_res_bool_proposition_REWRITE, IN_ABS, asl_emp_DISJOINT_FMAP_UNION, 7312 EVERY_MEM] THEN 7313 REPEAT STRIP_TAC THEN 7314 RES_TAC THEN 7315 FULL_SIMP_TAC std_ss [NULL_EQ_NIL] 7316) THEN 7317Tactical.REVERSE (Cases_on `?ec. e2 st = SOME ec`) THEN1 ( 7318 Cases_on `e2 st` THEN 7319 FULL_SIMP_TAC std_ss [holfoot_ap_data_array_SUC, asl_bool_EVAL] THEN 7320 Q.PAT_X_ASSUM `(st, h1) IN X` MP_TAC THEN 7321 Q.MATCH_ABBREV_TAC `(st, h1) IN asl_star f P1 P2 ==> XXX` THEN 7322 `VAR_RES_IS_STACK_IMPRECISE P1 /\ VAR_RES_IS_STACK_IMPRECISE P2` by ( 7323 UNABBREV_ALL_TAC THEN 7324 CONSEQ_REWRITE_TAC ([], 7325 [VAR_RES_IS_STACK_IMPRECISE___points_to, 7326 VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_array, 7327 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 7328 FEVERY_LIST_TO_FMAP], []) THEN 7329 ASM_SIMP_TAC list_ss [EVERY_MAP, IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 7330 ) THEN 7331 Q.UNABBREV_TAC `f` THEN 7332 Q.UNABBREV_TAC `P1` THEN 7333 ASM_SIMP_TAC std_ss [asl_star___VAR_RES_IS_STACK_IMPRECISE, IN_ABS, 7334 holfoot_ap_points_to_def, LET_THM] 7335) THEN 7336FULL_SIMP_TAC std_ss [] THEN 7337 7338`(st,h1) IN holfoot_ap_data_array (var_res_exp_const ec) (var_res_exp_const (SUC n)) data1 /\ 7339 (st,h2) IN holfoot_ap_data_array (var_res_exp_const ec) (var_res_exp_const (SUC n)) data2` by 7340 METIS_TAC[holfoot_ap_data_array___var_res_exp_const_INTRO, pairTheory.FST] THEN 7341METIS_TAC[holfoot_ap_data_array___SAME_START_LENGTH___const]); 7342 7343 7344 7345 7346val VAR_RES_FRAME_SPLIT___data_array___data_array___SAME_EXP_LENGTH___REWRITE = store_thm ( 7347"VAR_RES_FRAME_SPLIT___data_array___data_array___SAME_EXP_LENGTH___REWRITE", 7348``!e n data1 data2 wpb rpb sfb_context sfb_split sfb_imp. 7349 7350(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1) /\ 7351 ALL_DISTINCT (MAP FST data2)) ==> 7352 7353VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 7354VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) n 7355 7356==> 7357 VAR_RES_FRAME_SPLIT___REWRITE_OK DISJOINT_FMAP_UNION (wpb,rpb) 7358 sfb_context 7359 (BAG_INSERT (holfoot_ap_data_array e n data1) sfb_split) 7360 (BAG_INSERT (holfoot_ap_data_array e n data2) sfb_imp) 7361 7362 7363 (BAG_INSERT (holfoot_ap_data_array e n data1) sfb_context) 7364 sfb_split 7365 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 7366 (EVERY (\x. MEM x data1) data2)) sfb_imp)``, 7367 7368REPEAT STRIP_TAC THEN 7369ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss++CONJ_ss) [ 7370 VAR_RES_FRAME_SPLIT___REWRITE_OK_def, 7371 var_res_prop___COND_UNION, IN_ABS, 7372 var_res_prop___COND_INSERT, 7373 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_bool_proposition, 7374 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array, 7375 BAG_UNION_INSERT, 7376 var_res_prop___PROP_INSERT] THEN 7377REPEAT STRIP_TAC THEN 7378SIMP_TAC std_ss [var_res_bool_proposition_REWRITE, IN_ABS, 7379 asl_emp_DISJOINT_FMAP_UNION, IN_SING, 7380 DISJOINT_FMAP_UNION___FEMPTY, GSYM RIGHT_EXISTS_AND_THM] THEN 7381REDEPTH_CONSEQ_CONV_TAC (K EXISTS_EQ___CONSEQ_CONV) THEN 7382SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 7383REPEAT STRIP_TAC THEN 7384 7385Tactical.REVERSE (Cases_on `s1' = s1`) THEN1 ( 7386 FULL_SIMP_TAC std_ss [ 7387 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 7388 `ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1 (SND s) /\ 7389 ASL_IS_SUBSTATE DISJOINT_FMAP_UNION s1' (SND s)` by ( 7390 METIS_TAC[ASL_IS_SUBSTATE_INTRO, IS_SEPARATION_COMBINATOR___FINITE_MAP] 7391 ) THEN 7392 METIS_TAC[holfoot_ap_data_array___SAME_START_LENGTH] 7393) THEN 7394FULL_SIMP_TAC std_ss [] THEN 7395EQ_TAC THENL [ 7396 REPEAT STRIP_TAC THEN 7397 `!tag dl1 dl2. 7398 MEM (tag,dl1) data1 /\ MEM (tag,dl2) data2 ==> (dl1 = dl2)` by ( 7399 METIS_TAC[holfoot_ap_data_array___SAME_START_LENGTH, 7400 ASL_IS_SUBSTATE___DISJOINT_FMAP_UNION___REFL, 7401 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] 7402 ) THEN 7403 FULL_SIMP_TAC std_ss [EVERY_MEM] THEN 7404 REPEAT STRIP_TAC THEN 7405 `?tag dl1. x = (tag, dl1)` by (Cases_on `x` THEN SIMP_TAC std_ss []) THEN 7406 `?dl2. MEM (tag, dl2) data1` by ( 7407 FULL_SIMP_TAC std_ss [SUBSET_DEF, 7408 MEM_MAP, GSYM LEFT_FORALL_IMP_THM, EXISTS_PROD] THEN 7409 METIS_TAC[pairTheory.FST] 7410 ) THEN 7411 METIS_TAC[], 7412 7413 7414 REPEAT STRIP_TAC THEN 7415 MATCH_MP_TAC holfoot_ap_data_array___ELIM_DATA THEN 7416 Q.EXISTS_TAC `data1` THEN 7417 FULL_SIMP_TAC std_ss [EVERY_MEM] 7418]); 7419 7420 7421 7422 7423 7424val VAR_RES_FRAME_SPLIT___data_array___data_array___SAME_EXP_LENGTH = store_thm ( 7425"VAR_RES_FRAME_SPLIT___data_array___data_array___SAME_EXP_LENGTH", 7426``!e n data1 data2 sfb_restP wpb wpb' rpb sfb_context sfb_split sfb_imp sr. 7427 7428(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1) /\ 7429 ALL_DISTINCT (MAP FST data2) /\ 7430VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 7431VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) n) 7432 7433==> 7434 ((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 7435 sfb_context 7436 (BAG_INSERT (holfoot_ap_data_array e n data1) sfb_split) 7437 (BAG_INSERT (holfoot_ap_data_array e n data2) sfb_imp) sfb_restP) = 7438 7439 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 7440 (BAG_INSERT (holfoot_ap_data_array e n data1) sfb_context) 7441 sfb_split 7442 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 7443 (EVERY (\x. MEM x data1) data2)) sfb_imp) 7444 sfb_restP))``, 7445 7446 7447REPEAT STRIP_TAC THEN 7448MATCH_MP_TAC VAR_RES_FRAME_SPLIT___REWRITE_OK___THM THEN 7449MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___data_array___data_array___SAME_EXP_LENGTH___REWRITE) THEN 7450ASM_REWRITE_TAC[]); 7451 7452 7453 7454 7455val holfoot_ap_data_interval_def = Define ` 7456 holfoot_ap_data_interval e1 e2 data = 7457 holfoot_ap_data_array e1 (var_res_exp_binop $- (var_res_exp_add e2 1) e1) data` 7458 7459val holfoot_ap_data_interval___CONST = store_thm ("holfoot_ap_data_interval___CONST", 7460``holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c2) data = 7461 holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const ((SUC c2) - c1)) data``, 7462SIMP_TAC arith_ss [holfoot_ap_data_interval_def, 7463 var_res_exp_add_sub_REWRITES, 7464 var_res_exp_binop___const_eval, arithmeticTheory.ADD1]); 7465 7466 7467val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_interval = 7468store_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_interval", 7469``!e1 e2 data vs. 7470 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e1 /\ 7471 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e2 ==> 7472 VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs 7473 (holfoot_ap_data_interval e1 e2 data)``, 7474 7475SIMP_TAC std_ss [holfoot_ap_data_interval_def] THEN 7476REPEAT STRIP_TAC THEN 7477CONSEQ_REWRITE_TAC ([], [ 7478 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array, 7479 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_binop, 7480 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_add_sub], 7481 []) THEN 7482ASM_REWRITE_TAC[]); 7483 7484val VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_interval = 7485store_thm ("VAR_RES_IS_STACK_IMPRECISE___holfoot_ap_data_interval", 7486`` !e1 e2 data. 7487 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7488 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) ==> 7489 VAR_RES_IS_STACK_IMPRECISE (holfoot_ap_data_interval e1 e2 data)``, 7490 7491REWRITE_TAC [VAR_RES_IS_STACK_IMPRECISE___ALTERNATIVE_DEF, 7492 GSYM VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___UNIV_REWRITE, 7493 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_interval]); 7494 7495 7496val var_res_prop_varlist_update___holfoot_ap_data_interval = 7497store_thm ("var_res_prop_varlist_update___holfoot_ap_data_interval", 7498``!vcL e1 e2 data. 7499 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7500 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) ==> 7501 (var_res_prop_varlist_update vcL (holfoot_ap_data_interval e1 e2 data) = 7502 holfoot_ap_data_interval (var_res_exp_varlist_update vcL e1) (var_res_exp_varlist_update vcL e2) data)``, 7503 7504SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7505 var_res_prop_varlist_update___holfoot_ap_data_array, 7506 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 7507 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_binop, 7508 var_res_exp_varlist_update___var_res_exp_add_sub_EVAL, 7509 var_res_exp_varlist_update___var_res_exp_binop_EVAL]); 7510 7511 7512val holfoot_ap_data_interval___TRIVIAL_LENGTH = store_thm ( 7513 "holfoot_ap_data_interval___TRIVIAL_LENGTH", 7514``IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 7515 ((holfoot_ap_data_interval e e data = 7516 holfoot_ap_data_array e (var_res_exp_const 1) data) /\ 7517 (holfoot_ap_data_interval e (var_res_exp_add e n) data = 7518 holfoot_ap_data_array e (var_res_exp_const (SUC n)) data))``, 7519 7520STRIP_TAC THEN 7521SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7522 var_res_exp_add_sub_REWRITES] THEN 7523ONCE_REWRITE_TAC[EXTENSION] THEN 7524SIMP_TAC std_ss [GSYM FORALL_AND_THM] THEN 7525GEN_TAC THEN 7526Cases_on `e (FST x)` THEN1 ( 7527 `!n. var_res_exp_sub e n (FST x) = NONE` by ( 7528 ASM_SIMP_TAC std_ss [var_res_exp_sub_def, var_res_exp_binop_const_REWRITE] 7529 ) THEN 7530 ASM_SIMP_TAC std_ss [holfoot_ap_data_array___not_def_start, IN_DEF, 7531 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub] THEN 7532 ASM_SIMP_TAC arith_ss [var_res_exp_const_EVAL, var_res_exp_binop_REWRITE, 7533 var_res_exp_add_def, var_res_exp_sub_def, var_res_exp_binop_const_REWRITE] 7534) THEN 7535CONSEQ_REWRITE_TAC ([], [holfoot_ap_data_array___EXP_REWRITE, 7536 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub], []) THEN 7537ASM_SIMP_TAC std_ss [] THEN 7538ASM_SIMP_TAC arith_ss [var_res_exp_binop_REWRITE, var_res_exp_add_def, 7539 var_res_exp_sub_def, var_res_exp_binop_const_REWRITE, 7540 var_res_exp_const_EVAL]); 7541 7542 7543val holfoot_ap_data_interval_0_start = store_thm ( 7544"holfoot_ap_data_interval_0_start", 7545``!n data. 7546 holfoot_ap_data_interval (var_res_exp_const 0) n data = 7547 asl_false``, 7548 7549SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7550 holfoot_ap_data_array_0_start, EXTENSION, asl_bool_EVAL, 7551 var_res_prop_equal_unequal_EXPAND, IN_ABS, 7552 var_res_exp_binop_REWRITE, var_res_exp_const_EVAL, 7553 var_res_exp_add_def, var_res_exp_binop_const_REWRITE] THEN 7554REPEAT GEN_TAC THEN 7555Cases_on `n (FST x)` THEN ASM_SIMP_TAC std_ss []); 7556 7557val holfoot_ap_data_interval_0 = store_thm ( 7558"holfoot_ap_data_interval_0", 7559``!e data. 7560 holfoot_ap_data_interval (var_res_exp_const e) (var_res_exp_const 0) data = 7561 var_res_bool_proposition DISJOINT_FMAP_UNION 7562 (EVERY (\tl. NULL (SND tl)) data /\ ALL_DISTINCT (MAP FST data) /\ 7563 ~(e = 0))``, 7564 7565SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7566 var_res_exp_add_sub_REWRITES, 7567 var_res_exp_binop___const_eval] THEN 7568Cases_on `e` THENL [ 7569 SIMP_TAC std_ss [holfoot_ap_data_array_0_start, 7570 var_res_prop_equal_unequal_REWRITES, 7571 var_res_bool_proposition_TF, asl_trivial_cond___asl_false], 7572 7573 `1 - SUC n = 0` by DECIDE_TAC THEN 7574 ASM_SIMP_TAC arith_ss [holfoot_ap_data_array_0] 7575]); 7576 7577 7578val holfoot_ap_data_interval___end_before_begin = store_thm ( 7579"holfoot_ap_data_interval___end_before_begin", 7580``!b e data. (e < b) ==> 7581 (holfoot_ap_data_interval (var_res_exp_const b) (var_res_exp_const e) data = 7582 var_res_bool_proposition DISJOINT_FMAP_UNION 7583 (EVERY (\tl. NULL (SND tl)) data /\ ALL_DISTINCT (MAP FST data)))``, 7584 7585SIMP_TAC arith_ss [holfoot_ap_data_interval___CONST] THEN 7586REPEAT STRIP_TAC THEN 7587`SUC e - b = 0` by DECIDE_TAC THEN 7588ASM_SIMP_TAC std_ss [holfoot_ap_data_array_0]); 7589 7590 7591val holfoot_ap_data_interval___LENGTH_NOT_EQ_REWRITE = store_thm ( 7592"holfoot_ap_data_interval___LENGTH_NOT_EQ_REWRITE", 7593``!ec nc t tvL data. 7594 LENGTH tvL <> ((nc + 1) - ec) ==> 7595 (holfoot_ap_data_interval (var_res_exp_const ec) (var_res_exp_const nc) ((t,tvL)::data) = 7596 asl_false)``, 7597SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7598 var_res_exp_binop___const_eval, 7599 var_res_exp_add_sub_REWRITES, 7600 holfoot_ap_data_array___LENGTH_NOT_EQ_REWRITE]); 7601 7602 7603val holfoot_ap_data_interval___SPLIT = store_thm ( 7604"holfoot_ap_data_interval___SPLIT", 7605``!e1 e2 e3 data. (e1 <= e2) /\ (e2 <= e3) ==> 7606 (holfoot_ap_data_interval (var_res_exp_const e1) (var_res_exp_const e3) data = 7607 asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7608 (holfoot_ap_data_interval (var_res_exp_const e1) (var_res_exp_const e2) 7609 (MAP (\tl. (FST tl,TAKE (e2 + 1 - e1) (SND tl))) data)) 7610 (holfoot_ap_data_interval (var_res_exp_const (SUC e2)) 7611 (var_res_exp_const e3) 7612 (MAP (\tl. (FST tl,DROP (e2 +1 - e1) (SND tl))) data)))``, 7613 7614REPEAT STRIP_TAC THEN 7615Cases_on `e1 = 0` THEN1 ( 7616 ASM_SIMP_TAC std_ss [holfoot_ap_data_interval_0_start, asl_false___asl_star_THM] 7617) THEN 7618SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7619 var_res_exp_add_sub_REWRITES, var_res_exp_binop___const_eval] THEN 7620`e3 + 1 - SUC e2 = e3 - e2` by DECIDE_TAC THEN 7621ASM_SIMP_TAC std_ss [] THEN 7622Q.ABBREV_TAC `l1 = (e2 + 1) - e1` THEN 7623Q.ABBREV_TAC `l2 = (e3 - e2)` THEN 7624`((e3 + 1) - e1 = l1 + l2) /\ (e1 + l1 = SUC e2)` by ( 7625 UNABBREV_ALL_TAC THEN 7626 IMP_RES_TAC LESS_EQUAL_ADD THEN 7627 Cases_on `e1` THEN FULL_SIMP_TAC std_ss [] THEN 7628 SIMP_TAC arith_ss [] 7629) THEN 7630FULL_SIMP_TAC std_ss [holfoot_ap_data_array___SPLIT, 7631 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 7632 var_res_exp_add_sub_REWRITES]); 7633 7634 7635val holfoot_ap_data_interval___DATA_PERM = 7636store_thm ("holfoot_ap_data_interval___DATA_PERM", 7637``!e n data1 data2. 7638(PERM data1 data2) ==> 7639(holfoot_ap_data_interval e n data1 = 7640 holfoot_ap_data_interval e n data2)``, 7641SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7642 holfoot_ap_data_array___DATA_PERM]); 7643 7644 7645 7646val VAR_RES_FRAME_SPLIT___data_interval___data_interval___SAME_EXP_LENGTH = store_thm ( 7647"VAR_RES_FRAME_SPLIT___data_interval___data_interval___SAME_EXP_LENGTH", 7648``!e1 e2 data1 data2 sfb_restP wpb wpb' rpb sfb_context sfb_split sfb_imp sr. 7649 7650(LIST_TO_SET (MAP FST data2) SUBSET LIST_TO_SET (MAP FST data1) /\ 7651 ALL_DISTINCT (MAP FST data2) /\ 7652VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 7653VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2) 7654 7655==> 7656 ((VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 7657 sfb_context 7658 (BAG_INSERT (holfoot_ap_data_interval e1 e2 data1) sfb_split) 7659 (BAG_INSERT (holfoot_ap_data_interval e1 e2 data2) sfb_imp) sfb_restP) = 7660 7661 (VAR_RES_FRAME_SPLIT DISJOINT_FMAP_UNION sr (wpb,rpb) wpb' 7662 (BAG_INSERT (holfoot_ap_data_interval e1 e2 data1) sfb_context) 7663 sfb_split 7664 (BAG_INSERT (var_res_bool_proposition DISJOINT_FMAP_UNION 7665 (EVERY (\x. MEM x data1) data2)) sfb_imp) 7666 sfb_restP))``, 7667 7668 7669SIMP_TAC std_ss [holfoot_ap_data_interval_def] THEN 7670REPEAT STRIP_TAC THEN 7671MATCH_MP_TAC VAR_RES_FRAME_SPLIT___data_array___data_array___SAME_EXP_LENGTH THEN 7672ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_add_sub, 7673 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_binop]); 7674 7675 7676 7677val holfoot_ap_data_interval___NOT_EMPTY_DATA_0 = store_thm ("holfoot_ap_data_interval___NOT_EMPTY_DATA_0", 7678``!b e t data. 7679holfoot_ap_data_interval b e ((t,[])::data) = 7680asl_trivial_cond (EVERY (\tl. NULL (SND tl)) data /\ ALL_DISTINCT (t::(MAP FST data))) 7681 (var_res_prop_binexpression DISJOINT_FMAP_UNION T $< e b)``, 7682 7683SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_interval_def, 7684 holfoot_ap_data_array___NOT_EMPTY_DATA_0, 7685 EXTENSION, asl_bool_EVAL, var_res_prop_equal_def, 7686 var_res_prop_binexpression_def, var_res_exp_const_EVAL, 7687 var_res_stack_proposition_def, IN_ABS, LET_THM] THEN 7688 7689SIMP_TAC list_ss [var_res_exp_binop_REWRITE, 7690 var_res_exp_add_def,var_res_exp_binop_const_REWRITE] THEN 7691REPEAT STRIP_TAC THEN 7692Cases_on `e (FST x)` THEN ASM_SIMP_TAC std_ss [] THEN 7693Cases_on `b (FST x)` THEN ASM_SIMP_TAC std_ss [] THEN 7694DECIDE_TAC); 7695 7696 7697 7698 7699val holfoot_ap_data_array_interval___same_start___SPLIT___aa = store_thm ( 7700 "holfoot_ap_data_array_interval___same_start___SPLIT___aa", 7701``!c1 c2 c3 c4 c5 lc data. 7702(c3 <= c2) ==> 7703((c1+c3 = c4) /\ ((c2 - c3) = c5) /\ (c3 = lc)) ==> 7704 7705(holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const c2) data = 7706asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7707 (holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const c3) 7708 (MAP (\tl. (FST tl, TAKE lc (SND tl))) data)) 7709 (holfoot_ap_data_array (var_res_exp_const c4) (var_res_exp_const c5) 7710 (MAP (\tl. (FST tl, DROP lc (SND tl))) data)))``, 7711 7712REPEAT STRIP_TAC THEN 7713`c2 = (c3 + c5)` by DECIDE_TAC THEN 7714ONCE_ASM_REWRITE_TAC[] THEN 7715SIMP_TAC std_ss [holfoot_ap_data_array___SPLIT, 7716 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 7717ASM_REWRITE_TAC [var_res_exp_add_sub_REWRITES]); 7718 7719 7720val holfoot_ap_data_array_interval___same_start___SPLIT___ai = store_thm ( 7721 "holfoot_ap_data_array_interval___same_start___SPLIT___ai", 7722``!c1 c2 c3 c4 c5 lc data. 7723(c1 <= SUC c3) /\ (c3 < c1 + c2) ==> 7724((SUC c3 = c4) /\ (c2 - (SUC c3 - c1) = c5) /\ (SUC c3 - c1 = lc)) ==> 7725 7726(holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const c2) data = 7727asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7728 (holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c3) 7729 (MAP (\tl. (FST tl, TAKE lc (SND tl))) data)) 7730 (holfoot_ap_data_array (var_res_exp_const c4) (var_res_exp_const c5) 7731 (MAP (\tl. (FST tl, DROP lc (SND tl))) data)))``, 7732 7733SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 7734REPEAT STRIP_TAC THEN 7735MATCH_MP_TAC (MP_CANON holfoot_ap_data_array_interval___same_start___SPLIT___aa) THEN 7736DECIDE_TAC); 7737 7738 7739val holfoot_ap_data_array_interval___same_start___SPLIT___ii = store_thm ( 7740 "holfoot_ap_data_array_interval___same_start___SPLIT___ii", 7741``!c1 c2 c3 c4 c5 lc data. 7742(c1 <= SUC c3) /\ (c3 <= c2) ==> 7743((SUC c3 = c4) /\ (c2 = c5) /\ (SUC c3 - c1 = lc)) ==> 7744 7745(holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c2) data = 7746asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7747 (holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c3) 7748 (MAP (\tl. (FST tl, TAKE lc (SND tl))) data)) 7749 (holfoot_ap_data_interval (var_res_exp_const c4) (var_res_exp_const c5) 7750 (MAP (\tl. (FST tl, DROP lc (SND tl))) data)))``, 7751 7752SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 7753REPEAT STRIP_TAC THEN 7754MATCH_MP_TAC (MP_CANON holfoot_ap_data_array_interval___same_start___SPLIT___aa) THEN 7755DECIDE_TAC); 7756 7757 7758val holfoot_ap_data_array_interval___same_start___SPLIT___ia = store_thm ( 7759 "holfoot_ap_data_array_interval___same_start___SPLIT___ia", 7760``!c1 c2 c3 c4 c5 lc data. 7761(c3 <= c2 - c1) ==> 7762((c1 + c3 = c4) /\ (c2 = c5) /\ (c3 = lc)) ==> 7763 7764(holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c2) data = 7765asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7766 (holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const c3) 7767 (MAP (\tl. (FST tl, TAKE lc (SND tl))) data)) 7768 (holfoot_ap_data_interval (var_res_exp_const c4) (var_res_exp_const c5) 7769 (MAP (\tl. (FST tl, DROP lc (SND tl))) data)))``, 7770 7771SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 7772REPEAT STRIP_TAC THEN 7773MATCH_MP_TAC (MP_CANON holfoot_ap_data_array_interval___same_start___SPLIT___aa) THEN 7774DECIDE_TAC); 7775 7776 7777val holfoot_ap_data_array___SPLIT___intro_same_start = store_thm ( 7778 "holfoot_ap_data_array___SPLIT___intro_same_start", 7779``!c1 c2 c3 c4 c5 lc data. 7780(c1 <= c3) /\ (c3 <= c1 + c2) ==> 7781((c3 - c1 = c4) /\ (c2 - (c3 - c1) = c5) /\ (c3 - c1 = lc)) ==> 7782 7783(holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const c2) data = 7784asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7785 (holfoot_ap_data_array (var_res_exp_const c1) (var_res_exp_const c4) 7786 (MAP (\tl. (FST tl, TAKE lc (SND tl))) data)) 7787 (holfoot_ap_data_array (var_res_exp_const c3) (var_res_exp_const c5) 7788 (MAP (\tl. (FST tl, DROP lc (SND tl))) data)))``, 7789 7790SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 7791REPEAT STRIP_TAC THEN 7792MATCH_MP_TAC (MP_CANON holfoot_ap_data_array_interval___same_start___SPLIT___aa) THEN 7793DECIDE_TAC); 7794 7795 7796val holfoot_ap_data_interval___SPLIT___intro_same_start = store_thm ( 7797 "holfoot_ap_data_interval___SPLIT___intro_same_start", 7798``!c1 c2 c3 c4 c5 lc data. 7799(c1 <= c3) /\ (c3 <= c2 + 1) ==> 7800((PRE c3 = c4) /\ (c2 = c5) /\ (c3 - c1 = lc)) ==> 7801 7802(holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c2) data = 7803asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 7804 (holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c4) 7805 (MAP (\tl. (FST tl, TAKE lc (SND tl))) data)) 7806 (holfoot_ap_data_interval (var_res_exp_const c3) (var_res_exp_const c5) 7807 (MAP (\tl. (FST tl, DROP lc (SND tl))) data)))``, 7808 7809REPEAT STRIP_TAC THEN 7810Cases_on `c1` THEN1 ( 7811 ASM_SIMP_TAC std_ss [holfoot_ap_data_interval_0_start, 7812 asl_false___asl_star_THM] 7813) THEN 7814SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 7815REPEAT STRIP_TAC THEN 7816MATCH_MP_TAC (MP_CANON holfoot_ap_data_array_interval___same_start___SPLIT___aa) THEN 7817DECIDE_TAC); 7818 7819 7820 7821val holfoot_ap_data_interval___var_res_prop_implies___length_eq = store_thm ( 7822 "holfoot_ap_data_interval___var_res_prop_implies___length_eq", 7823``!wpb rpb sfb ec1 ec2 t tvL data. 7824(var_res_prop_implies DISJOINT_FMAP_UNION (wpb, rpb) 7825 (BAG_INSERT (holfoot_ap_data_interval (var_res_exp_const ec1) (var_res_exp_const ec2) ((t,tvL)::data)) sfb) 7826 {|var_res_bool_proposition DISJOINT_FMAP_UNION (LENGTH tvL = SUC ec2 - ec1)|})``, 7827 7828REPEAT STRIP_TAC THEN 7829SIMP_TAC std_ss [holfoot_ap_data_interval___CONST, 7830 var_res_prop_implies_REWRITE, BAG_UNION_INSERT, BAG_UNION_EMPTY] THEN 7831Tactical.REVERSE (Cases_on `LENGTH tvL = SUC ec2 - ec1`) THEN1 ( 7832 ASM_SIMP_TAC std_ss [var_res_bool_proposition_TF, 7833 holfoot_ap_data_array___LENGTH_NOT_EQ_REWRITE] THEN 7834 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [var_res_prop___REWRITE, 7835 var_res_prop___PROP___asl_false, 7836 var_res_prop___COND_INSERT] 7837) THEN ASM_SIMP_TAC std_ss [var_res_bool_proposition_TF] THEN 7838METIS_TAC[var_res_prop___var_res_prop_stack_true, BAG_INSERT_commutes]); 7839 7840 7841 7842val holfoot_ap_data_interval___implies_in_heap = store_thm ("holfoot_ap_data_interval___implies_in_heap", 7843``!c B sfb c1 c2 data. 7844((c1 <= c) /\ (c <= c2)) ==> 7845(holfoot_implies_in_heap B 7846 (BAG_INSERT (holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c2) data) sfb) 7847 (var_res_exp_const c))``, 7848 7849SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 7850REPEAT STRIP_TAC THEN 7851MATCH_MP_TAC holfoot_ap_data_array___implies_in_heap THEN 7852DECIDE_TAC); 7853 7854 7855 7856val holfoot_ap_data_interval___implies_in_heap___COMPUTE = store_thm ( 7857 "holfoot_ap_data_interval___implies_in_heap___COMPUTE", 7858``!c1 c2 data B c. 7859((c1 <= c) /\ (c <= c2)) ==> 7860(holfoot_implies_in_heap B 7861 {|(holfoot_ap_data_interval (var_res_exp_const c1) (var_res_exp_const c2) data)|} 7862 (var_res_exp_const c))``, 7863SIMP_TAC std_ss [holfoot_ap_data_interval___implies_in_heap]); 7864 7865 7866val holfoot_ap_data_interval___EXP_REWRITE = store_thm ("holfoot_ap_data_interval___EXP_REWRITE", 7867``!e1 e2 e1' e2' data s. 7868 (IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7869 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1') /\ 7870 (e1 (FST s) = e1' (FST s)) /\ (e2 (FST s) = e2' (FST s))) ==> 7871 (s IN holfoot_ap_data_interval e1 e2 data = 7872 s IN holfoot_ap_data_interval e1' e2' data)``, 7873 7874REPEAT STRIP_TAC THEN 7875SIMP_TAC std_ss [holfoot_ap_data_interval_def] THEN 7876MATCH_MP_TAC holfoot_ap_data_array___EXP_REWRITE THEN 7877ASM_SIMP_TAC std_ss [var_res_exp_binop_REWRITE, 7878 var_res_exp_add_def, var_res_exp_binop_const_REWRITE]); 7879 7880 7881val holfoot_ap_data_interval___implies_inequal_0_start = store_thm ("holfoot_ap_data_interval___implies_inequal_0_start", 7882``!e1 e2 sfb data. 7883var_res_implies_unequal DISJOINT_FMAP_UNION 7884 (BAG_INSERT (holfoot_ap_data_interval e1 e2 data) sfb) 7885 e1 (var_res_exp_const 0)``, 7886 7887SIMP_TAC std_ss [var_res_implies_unequal_def, 7888 var_res_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___FINITE_MAP, 7889 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 7890 var_res_prop_weak_unequal_def, var_res_prop_weak_binexpression_def, 7891 var_res_prop_binexpression_def, var_res_stack_proposition_def, 7892 IN_ABS, LET_THM, asl_star_def, var_res_exp_const_EVAL] THEN 7893REPEAT GEN_TAC THEN STRIP_TAC THEN 7894Cases_on `e1 (FST p)` THEN1 ( 7895 FULL_SIMP_TAC std_ss [holfoot_ap_data_interval_def, 7896 holfoot_ap_data_array_def, var_res_exp_prop_def, 7897 var_res_exp_binop_REWRITE, var_res_exp_add_def, 7898 var_res_exp_binop_const_REWRITE, IN_ABS, LET_THM] 7899) THEN 7900`e1 (FST s) = SOME x` by ( 7901 `e1 (FST s) = e1 (FST p)` suffices_by (STRIP_TAC THEN 7902 ASM_REWRITE_TAC[] 7903 ) THEN 7904 MATCH_MP_TAC IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_RIGHT THEN 7905 FULL_SIMP_TAC std_ss [VAR_RES_COMBINATOR_REWRITE] THEN 7906 METIS_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO] 7907) THEN 7908ASM_SIMP_TAC std_ss [] THEN 7909STRIP_TAC THEN 7910`p IN holfoot_ap_data_interval (var_res_exp_const 0) e2 data` by ( 7911 MATCH_MP_TAC (MP_LEQ_CANON holfoot_ap_data_interval___EXP_REWRITE) THEN 7912 MAP_EVERY Q.EXISTS_TAC [`e1`, `e2`] THEN 7913 ASM_SIMP_TAC std_ss [var_res_exp_const_EVAL, 7914 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] 7915) THEN 7916FULL_SIMP_TAC std_ss [holfoot_ap_data_interval_0_start, asl_bool_EVAL]); 7917 7918 7919 7920val holfoot_ap_data_array___ADD_TAG = store_thm ("holfoot_ap_data_array___ADD_TAG", 7921``!t n e data. 7922~MEM t (MAP FST data) /\ 7923IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n) ==> 7924(holfoot_ap_data_array e n data = 7925asl_exists tdata. holfoot_ap_data_array e n 7926 ((t,tdata)::data))``, 7927 7928SIMP_TAC std_ss [EXTENSION, asl_exists_def, IN_ABS, 7929 GSYM RIGHT_FORALL_IMP_THM] THEN 7930REPEAT STRIP_TAC THEN 7931Cases_on `n (FST x)` THEN1 ( 7932 ASM_SIMP_TAC std_ss [holfoot_ap_data_array_def, 7933 var_res_exp_prop_def, IN_ABS, LET_THM] 7934) THEN 7935`!X. (x IN holfoot_ap_data_array e n X = 7936 x IN holfoot_ap_data_array e (var_res_exp_const x') X)` by ( 7937 METIS_TAC[holfoot_ap_data_array___var_res_exp_const_INTRO] 7938) THEN 7939ASM_REWRITE_TAC[] THEN (POP_ASSUM (K ALL_TAC)) THEN 7940Q.PAT_X_ASSUM `~(MEM t X)` MP_TAC THEN 7941REPEAT (POP_ASSUM (K ALL_TAC)) THEN 7942MAP_EVERY Q.SPEC_TAC [(`data`, `data`), (`x`, `s`), (`e`, `e`), (`x'`, `n`)] THEN 7943Induct_on `n` THEN1 ( 7944 ASM_SIMP_TAC (list_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_array_0, 7945 var_res_bool_proposition_REWRITE, IN_ABS, NULL_EQ_NIL] 7946) THEN 7947ASM_SIMP_TAC (list_ss++EQUIV_EXTRACT_ss) [holfoot_ap_data_array_SUC, asl_bool_EVAL, 7948 NULL_EQ_NIL, LIST_NOT_NIL___HD_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 7949 GSYM LEFT_EXISTS_AND_THM] THEN 7950REPEAT STRIP_TAC THEN 7951Q.HO_MATCH_ABBREV_TAC 7952` s IN asl_star f P1 P2 = 7953?e' l'. s IN asl_star f (P1' e') (P2' l')` THEN 7954 7955Tactical.REVERSE ( 7956 sg `(!s. (s IN P1 = ?e'. s IN P1' e')) /\ 7957 (!s. (s IN P2 = ?l'. s IN P2' l'))`) THEN1 ( 7958 SIMP_TAC std_ss [asl_star_def, IN_ABS] THEN 7959 METIS_TAC[] 7960) THEN 7961UNABBREV_ALL_TAC THEN 7962BETA_TAC THEN 7963CONJ_TAC THENL [ 7964 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [holfoot_ap_points_to_def, IN_ABS, LET_THM, 7965 FEVERY_DEF, FDOM_FUPDATE, IN_INSERT, 7966 DISJ_IMP_THM, FORALL_AND_THM, 7967 FAPPLY_FUPDATE_THM, LIST_TO_FMAP_THM, 7968 var_res_exp_const_def] THEN 7969 REPEAT STRIP_TAC THEN 7970 DEPTH_CONSEQ_CONV_TAC (K FORALL_EQ___CONSEQ_CONV) THEN 7971 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [] THEN 7972 REPEAT STRIP_TAC THEN 7973 `~(x = t)` by ( 7974 FULL_SIMP_TAC std_ss [FDOM_LIST_TO_FMAP, 7975 MAP_MAP_o, o_DEF, ETA_THM] THEN 7976 METIS_TAC[] 7977 ) THEN 7978 ASM_SIMP_TAC std_ss [], 7979 7980 7981 GEN_TAC THEN 7982 Q.PAT_X_ASSUM `!e s data. X` MATCH_MP_TAC THEN 7983 ASM_SIMP_TAC std_ss [MAP_MAP_o, o_DEF, ETA_THM] 7984]); 7985 7986 7987 7988val holfoot_ap_data_interval___ADD_TAG = store_thm ("holfoot_ap_data_interval___ADD_TAG", 7989``!t e1 e2 data. 7990~MEM t (MAP FST data) /\ 7991(IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 7992 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)) ==> 7993(holfoot_ap_data_interval e1 e2 data = 7994asl_exists tdata. holfoot_ap_data_interval e1 e2 ((t,tdata)::data))``, 7995 7996REPEAT STRIP_TAC THEN 7997SIMP_TAC std_ss [holfoot_ap_data_interval_def] THEN 7998MATCH_MP_TAC (MP_CANON holfoot_ap_data_array___ADD_TAG) THEN 7999CONSEQ_REWRITE_TAC ([], [ 8000 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_add_sub, 8001 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___var_res_exp_binop], 8002 []) THEN 8003ASM_SIMP_TAC std_ss []); 8004 8005 8006 8007 8008 8009(*************************************** 8010 * Some holfoot rewrites 8011 **************************************) 8012 8013val holfoot_disjoint_fmap_union_term = ``DISJOINT_FMAP_UNION :holfoot_heap bin_option_function``; 8014fun init_holfoot_sep_comb_RULE thmL = 8015let 8016 val thmL1 = flatten (map CONJUNCTS thmL); 8017 val thmL2 = map (ISPEC holfoot_disjoint_fmap_union_term) thmL1 8018 val thmL3 = map (REWRITE_RULE [IS_SEPARATION_COMBINATOR___FINITE_MAP]) thmL2 8019in 8020 LIST_CONJ thmL3 8021end; 8022 8023val holfoot_var_res_map_REWRITES = save_thm ("holfoot_var_res_map_REWRITES", 8024init_holfoot_sep_comb_RULE [var_res_map___REWRITES]); 8025 8026 8027(*************************************** 8028 * Export some informations 8029 **************************************) 8030 8031val holfoot_ap_data_array___SIMP_THMS = 8032 save_thm ("holfoot_ap_data_array___SIMP_THMS", 8033 LIST_CONJ [ 8034 holfoot_ap_data_array_0, 8035 holfoot_ap_data_array_0_start, 8036 holfoot_ap_data_array___NOT_EMPTY_DATA_0, 8037 holfoot_ap_data_interval_0, 8038 holfoot_ap_data_interval_0_start, 8039 holfoot_ap_data_interval___NOT_EMPTY_DATA_0]); 8040 8041val holfoot_ap_data_array___SIMP_THMS___PRECOND = 8042 save_thm ("holfoot_ap_data_array___SIMP_THMS___PRECOND", 8043 LIST_CONJ [ 8044 holfoot_ap_data_array___LENGTH_NOT_EQ_REWRITE, 8045 holfoot_ap_data_interval___LENGTH_NOT_EQ_REWRITE, 8046 holfoot_ap_data_interval___end_before_begin]) 8047 8048 8049val VAR_RES_IS_STACK_IMPRECISE___USED_VARS___HOLFOOT_REWRITES = 8050 save_thm ("VAR_RES_IS_STACK_IMPRECISE___USED_VARS___HOLFOOT_REWRITES", 8051 LIST_CONJ [ 8052 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star___holfoot, 8053 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, 8054 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list, 8055 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___data_list_seg, 8056 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree_seg, 8057 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_tree, 8058 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_tree, 8059 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_bintree, 8060 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array, 8061 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array, 8062 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_interval, 8063 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_queue]) 8064 8065 8066val holfoot___varlist_update_NO_VAR_THM = 8067 save_thm ("holfoot___varlist_update_NO_VAR_THM", 8068 LIST_CONJ [ 8069 var_res_prop_varlist_update___holfoot_ap_data_list_seg_num, 8070 var_res_prop_varlist_update___holfoot_ap_data_list_seg, 8071 var_res_prop_varlist_update___holfoot_ap_data_list, 8072 var_res_prop_varlist_update___asl_star___holfoot, 8073 var_res_prop_varlist_update___holfoot_ap_points_to, 8074 var_res_prop_varlist_update___holfoot_ap_data_tree, 8075 var_res_prop_varlist_update___holfoot_ap_tree, 8076 var_res_prop_varlist_update___holfoot_ap_bintree, 8077 var_res_prop_varlist_update___holfoot_ap_array, 8078 var_res_prop_varlist_update___holfoot_ap_data_array, 8079 var_res_prop_varlist_update___holfoot_ap_data_interval, 8080 var_res_prop_varlist_update___holfoot_ap_data_queue]) 8081 8082 8083 8084(*************************************** 8085 * Holfoot actions and programs 8086 **************************************) 8087 8088val _ = type_abbrev_pp("holfoot_program", 8089Type `:((holfoot_var list # num list), (*procedure args*) 8090 string (*locks*), 8091 string, (*procedure names*) 8092 holfoot_state (*states*) 8093 ) asl_program`); 8094 8095 8096(*============== 8097 = field lookup 8098 ===============*) 8099 8100val holfoot_field_lookup_action_def = Define ` 8101 (holfoot_field_lookup_action v e t) (s:holfoot_state) = 8102 let loc_opt = e (FST s) in 8103 if (~(var_res_sl___has_write_permission v (FST s)) \/ (IS_NONE loc_opt)) then NONE else 8104 let loc = (THE loc_opt) in ( 8105 if (~(loc IN FDOM (SND s)) \/ (loc = 0)) then NONE else 8106 SOME {var_res_ext_state_var_update (v, (((SND s) ' loc) t)) s})`; 8107 8108 8109val ASL_IS_LOCAL_ACTION___holfoot_field_lookup_action = store_thm ( 8110"ASL_IS_LOCAL_ACTION___holfoot_field_lookup_action", 8111``!e v t. 8112IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 8113ASL_IS_LOCAL_ACTION holfoot_separation_combinator (holfoot_field_lookup_action v e t)``, 8114 8115SIMP_TAC std_ss [ASL_IS_LOCAL_ACTION___ALTERNATIVE_EXT_DEF, 8116 holfoot_field_lookup_action_def, LET_THM, COND_NONE_SOME_REWRITES, 8117 NOT_NONE_IS_SOME, holfoot_separation_combinator_def, IN_SING] THEN 8118REPEAT GEN_TAC THEN STRIP_TAC THEN REPEAT GEN_TAC THEN STRIP_TAC THEN 8119`?c. e (FST s1) = SOME c` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS] THEN 8120IMP_RES_TAC VAR_RES_WRITE_PERM___SUBSTATE THEN 8121FULL_SIMP_TAC std_ss [VAR_RES_COMBINATOR_REWRITE, 8122 SOME___VAR_RES_STACK_COMBINE, DISJOINT_FMAP_UNION___REWRITE] THEN 8123`e (FMERGE VAR_RES_STACK_COMBINE___MERGE_FUNC (FST s1) (FST s2)) = SOME c` by ( 8124 FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___REWRITE, 8125 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_REL___REWRITE] THEN 8126 `vs SUBSET FDOM (FST s1)` by PROVE_TAC[IS_SOME_EXISTS] THEN 8127 Q.PAT_X_ASSUM `e (FST s1) = X` (fn thm => REWRITE_TAC [GSYM thm]) THEN 8128 Q.PAT_X_ASSUM `!st1 st2. X ==> (e st1 = e st2)` MATCH_MP_TAC THEN 8129 FULL_SIMP_TAC std_ss [FMERGE_DEF, SUBSET_DEF, IN_UNION, 8130 VAR_RES_STACK_COMBINE___MERGE_FUNC_def, COND_REWRITES] 8131) THEN 8132ASM_SIMP_TAC std_ss [FUNION_DEF, IN_UNION, 8133 var_res_ext_state_var_update_def, var_res_state_var_update_def] THEN 8134FULL_SIMP_TAC std_ss [VAR_RES_STACK_IS_SEPARATE_def, IN_DISJOINT, 8135 FDOM_FUPDATE, IN_INSERT, GSYM fmap_EQ_THM, FMERGE_DEF, 8136 FAPPLY_FUPDATE_THM] THEN 8137`v IN FDOM (FST s1) /\ ~(v IN FDOM (FST s2))` by ( 8138 FULL_SIMP_TAC std_ss [var_res_sl___has_write_permission_def] THEN 8139 Q.PAT_X_ASSUM `!x. x IN X1 /\ x IN X2 ==> Y x` (MP_TAC o Q.SPEC `v`) THEN 8140 ASM_SIMP_TAC std_ss [var_res_permission_THM2]) THEN 8141REPEAT CONJ_TAC THEN REPEAT GEN_TAC THENL [ 8142 Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [], 8143 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [EXTENSION, IN_INSERT, IN_UNION], 8144 Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [] 8145]); 8146 8147 8148 8149val holfoot_prog_field_lookup_def = Define ` 8150(holfoot_prog_field_lookup v e t):holfoot_program = 8151asl_prog_prim_command (asl_pc_shallow_command (\f. holfoot_field_lookup_action v e t))`; 8152 8153 8154 8155val VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_field_lookup = store_thm ( 8156"VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_field_lookup", 8157``!v c t e L vs e'. 8158 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e) /\ 8159 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e') /\ 8160 (VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_points_to e L)) /\ 8161 (t IN FDOM L) /\ (L ' t = e') ==> 8162 8163 (VAR_RES_PROGRAM_IS_ABSTRACTION DISJOINT_FMAP_UNION 8164 (holfoot_prog_field_lookup v e t) 8165 (var_res_prog_cond_best_local_action 8166 (var_res_prop DISJOINT_FMAP_UNION ({|v|}, BAG_OF_SET (vs DELETE v)) 8167 {|var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) (var_res_exp_const c); holfoot_ap_points_to e L|}) 8168 (var_res_prop DISJOINT_FMAP_UNION ({|v|}, BAG_OF_SET (vs DELETE v)) 8169 {|var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) (var_res_exp_var_update (v, c) e'); 8170 (var_res_prop_var_update (v, c) (holfoot_ap_points_to e L))|})))``, 8171 8172REPEAT STRIP_TAC THEN 8173`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)` by 8174 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 8175ASM_SIMP_TAC std_ss [VAR_RES_PROGRAM_IS_ABSTRACTION_def, 8176 ASL_PROGRAM_IS_ABSTRACTION_def, holfoot_prog_field_lookup_def, 8177 ASL_PROGRAM_SEM___prim_command, EVAL_asl_prim_command_THM, 8178 ASL_ATOMIC_ACTION_SEM_def, GSYM holfoot_separation_combinator_def, 8179 ASL_IS_LOCAL_ACTION___holfoot_field_lookup_action, 8180 var_res_prog_cond_best_local_action_REWRITE, 8181 ASL_IS_LOCAL_ACTION___var_res_cond_best_local_action, 8182 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 8183SIMP_TAC std_ss [var_res_cond_best_local_action_def, 8184 var_res_prop___REWRITE, COND_RAND, COND_RATOR] THEN 8185MATCH_MP_TAC (prove (``((~c) /\ (~c ==> x2)) ==> if c then x1 else x2``, SIMP_TAC std_ss [])) THEN 8186CONJ_TAC THEN1 ( 8187 SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___COND___REWRITE, 8188 FINITE_BAG_THM, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 8189 DISJ_IMP_THM, FORALL_AND_THM, IS_SEPARATION_COMBINATOR___FINITE_MAP, 8190 BAG_ALL_DISTINCT_THM, BAG_UNION_INSERT, BAG_UNION_EMPTY, 8191 BAG_IN_BAG_OF_SET, IN_DELETE, BAG_ALL_DISTINCT_BAG_OF_SET] THEN 8192 8193 `(SET_OF_BAG (BAG_INSERT v (BAG_OF_SET (vs DELETE v)))) = v INSERT vs` by ( 8194 ONCE_REWRITE_TAC[EXTENSION] THEN 8195 SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [IN_INSERT, IN_SET_OF_BAG, 8196 BAG_IN_BAG_INSERT, BAG_IN_BAG_OF_SET, IN_DELETE] 8197 ) THEN 8198 ASM_REWRITE_TAC[] THEN 8199 REPEAT STRIP_TAC THENL [ 8200 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 8201 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 8202 IN_INSERT], 8203 8204 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___SUBSET THEN 8205 Q.EXISTS_TAC `vs` THEN 8206 ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_INSERT], 8207 8208 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal THEN 8209 ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 8210 IN_INSERT] THEN 8211 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_var_update THEN 8212 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def, 8213 SUBSET_DEF, IN_INSERT], 8214 8215 8216 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_var_update THEN 8217 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___SUBSET THEN 8218 Q.EXISTS_TAC `vs` THEN 8219 ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_INSERT] 8220 ] 8221) THEN 8222SIMP_TAC std_ss [fasl_action_order_POINTWISE_DEF] THEN REPEAT STRIP_TAC THEN 8223Cases_on `holfoot_field_lookup_action v e t s = NONE` THEN1 ( 8224 FULL_SIMP_TAC std_ss [fasl_order_THM, 8225 var_res_best_local_action_def, NONE___quant_best_local_action, IN_ABS, 8226 var_res_prop___PROP_INSERT, var_res_prop___COND_INSERT] THEN 8227 ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 8228 IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 8229 var_res_bigstar_REWRITE, IN_ABS] THEN 8230 ASM_SIMP_TAC std_ss [var_res_prop_equal_unequal_EXPAND, 8231 var_res_prop_stack_true_REWRITE, IN_ABS, asl_emp_DISJOINT_FMAP_UNION, 8232 IN_SING, DISJOINT_FMAP_UNION___REWRITE, FUNION_FEMPTY_1, LET_THM, 8233 FUNION_FEMPTY_2, DISJOINT_EMPTY, FDOM_FEMPTY, 8234 var_res_exp_const_def, var_res_exp_var_def, IN_DELETE, 8235 var_res_sl___has_write_permission_def, BAG_IN_BAG_OF_SET, 8236 var_res_sl___has_read_permission_def] THEN 8237 SIMP_TAC (std_ss++CONJ_ss) [] THEN 8238 CCONTR_TAC THEN 8239 Q.PAT_X_ASSUM `holfoot_field_lookup_action v e t s = NONE` MP_TAC THEN 8240 FULL_SIMP_TAC std_ss [holfoot_field_lookup_action_def, 8241 LET_THM, SOME___holfoot_separation_combinator, 8242 SOME___VAR_RES_STACK_COMBINE, 8243 holfoot_ap_points_to_def, IN_ABS, COND_NONE_SOME_REWRITES, 8244 var_res_sl___has_write_permission_def, FMERGE_DEF, FUNION_DEF, 8245 IN_UNION] THEN 8246 `~(v IN FDOM (FST s0)) /\ 8247 (e (FMERGE VAR_RES_STACK_COMBINE___MERGE_FUNC (FST s0) (FST x)) = e (FST x))` suffices_by (STRIP_TAC THEN 8248 ASM_SIMP_TAC std_ss [NOT_NONE_IS_SOME, IN_SING] 8249 ) THEN 8250 CONJ_TAC THENL [ 8251 Q.PAT_X_ASSUM `VAR_RES_STACK_IS_SEPARATE (FST s0) (FST x)` MP_TAC THEN 8252 SIMP_TAC std_ss [VAR_RES_STACK_IS_SEPARATE_def, GSYM LEFT_EXISTS_IMP_THM] THEN 8253 Q.EXISTS_TAC `v` THEN ASM_SIMP_TAC std_ss [var_res_permission_THM2], 8254 8255 8256 MATCH_MP_TAC IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_RIGHT THEN 8257 `VAR_RES_STACK_COMBINE (SOME (FST s0)) (SOME (FST x)) = SOME (FST s)` suffices_by (STRIP_TAC THEN 8258 ASM_SIMP_TAC std_ss [] THEN 8259 METIS_TAC [VAR_RES_STACK_IS_SUBSTATE_INTRO] 8260 ) THEN 8261 ASM_SIMP_TAC std_ss [SOME___VAR_RES_STACK_COMBINE] 8262 ] 8263) THEN 8264FULL_SIMP_TAC std_ss [holfoot_field_lookup_action_def, LET_THM, 8265 COND_NONE_SOME_REWRITES, var_res_sl___has_write_permission_def] THEN 8266`?ev. e (FST s) = SOME ev` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS, NOT_NONE_IS_SOME] THEN 8267FULL_SIMP_TAC std_ss [fasl_order_THM2, var_res_best_local_action_def, 8268 SUBSET_DEF, IN_SING, SOME___quant_best_local_action, IN_ABS, 8269 asl_star_def, IN_SING] THEN 8270DISCH_TAC THEN (POP_ASSUM (K ALL_TAC)) THEN 8271REPEAT STRIP_TAC THEN 8272 8273Q.EXISTS_TAC `var_res_ext_state_var_update (v, (SND s ' ev t)) x'` THEN 8274Q.PAT_X_ASSUM `x' IN X` MP_TAC THEN 8275FULL_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, IN_ABS, 8276 var_res_prop___COND_INSERT] THEN 8277SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 8278 IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_IN_BAG_INSERT, 8279 NOT_IN_EMPTY_BAG, IN_ABS, BAG_IN_BAG_OF_SET, 8280 var_res_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 8281 asl_star___PROPERTIES] THEN 8282SIMP_TAC std_ss [var_res_prop_stack_true_def, var_res_bool_proposition_def, 8283 var_res_prop_equal_def, var_res_stack_proposition_def, asl_emp_DISJOINT_FMAP_UNION, 8284 IN_ABS, IN_SING, DISJOINT_FMAP_UNION___REWRITE, FUNION_FEMPTY_2, FUNION_FEMPTY_1, 8285 var_res_prop_binexpression_def, var_res_sl___has_write_permission_def, 8286 var_res_sl___has_read_permission_def, var_res_exp_const_def, 8287 var_res_exp_var_def, LET_THM, FDOM_FEMPTY, 8288 var_res_ext_state_var_update_def, var_res_state_var_update_def, 8289 FDOM_FUPDATE, IN_INSERT, DISJOINT_EMPTY, 8290 FAPPLY_FUPDATE_THM, var_res_exp_var_update_def, 8291 var_res_prop_var_update_def, FUPDATE_EQ] THEN 8292SIMP_TAC (std_ss++CONJ_ss) [] THEN 8293STRIP_TAC THEN 8294`(FST x' |+ (v,c,var_res_write_permission)) = FST x'` by ( 8295 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 8296 GSYM fmap_EQ_THM, FDOM_FUPDATE, EXTENSION, IN_INSERT, 8297 FAPPLY_FUPDATE_THM, COND_RAND, COND_RATOR] THEN 8298 Cases_on `FST x' ' v` THEN 8299 FULL_SIMP_TAC std_ss [] 8300) THEN 8301ASM_SIMP_TAC std_ss [] THEN 8302 8303Q.PAT_X_ASSUM `x' IN X` MP_TAC THEN 8304ASM_SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM, 8305 FEVERY_DEF] THEN 8306STRIP_TAC THEN 8307`e (FST x') = SOME ev` by ( 8308 `e (FST x') = e (FST s)` suffices_by ASM_SIMP_TAC std_ss [] THEN 8309 MATCH_MP_TAC IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT THEN 8310 Cases_on `x'` THEN 8311 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 8312 holfoot_ap_points_to_def, IN_ABS, LET_THM] THEN 8313 PROVE_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO] 8314) THEN 8315`SND x' ' ev = SND s ' ev` by ( 8316 Q.PAT_X_ASSUM `holfoot_separation_combinator (SOME s0') X = Y` MP_TAC THEN 8317 ONCE_REWRITE_TAC[holfoot_separation_combinator___COMM] THEN 8318 ASM_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 8319 FUNION_DEF, IN_SING] 8320) THEN 8321FULL_SIMP_TAC std_ss [] THEN 8322`e' (FST x') = SOME ((SND s) ' ev t)` by ( 8323 Q.PAT_X_ASSUM `!x. x IN FDOM L ==> Y` (MP_TAC o Q.SPEC `t`) THEN 8324 ASM_SIMP_TAC (std_ss++CONJ_ss) [ 8325 IS_SOME_EXISTS, GSYM LEFT_EXISTS_AND_THM, 8326 GSYM LEFT_FORALL_IMP_THM] 8327) THEN 8328ASM_SIMP_TAC std_ss [] THEN 8329Tactical.REVERSE CONJ_TAC THEN1 ( 8330 ASM_SIMP_TAC (std_ss++CONJ_ss) [ 8331 VAR_RES_STACK___IS_EQUAL_UPTO_VALUES_def, FDOM_FUPDATE, IN_INSERT, 8332 FAPPLY_FUPDATE_THM, COND_RAND, COND_RATOR] 8333) THEN 8334ONCE_REWRITE_TAC [holfoot_separation_combinator___COMM] THEN 8335Q.PAT_X_ASSUM `X = SOME s` MP_TAC THEN 8336ASM_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 8337 SOME___VAR_RES_STACK_COMBINE, GSYM fmap_EQ_THM] THEN 8338ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 8339 FMERGE_DEF, FDOM_FUPDATE, EXTENSION, IN_UNION, IN_INSERT, 8340 IN_DISJOINT, IN_SING, FAPPLY_FUPDATE_THM, 8341 VAR_RES_STACK_IS_SEPARATE_def] THEN 8342STRIP_TAC THEN 8343SIMP_TAC std_ss [GSYM FORALL_AND_THM] THEN GEN_TAC THEN 8344Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [] THEN 8345Tactical.REVERSE (sg `~(v IN FDOM (FST s0))`) THEN ASM_SIMP_TAC std_ss [] THEN 8346Q.PAT_X_ASSUM `!x. x IN FDOM (FST s0) /\ x IN Y ==> Z` (MP_TAC o Q.SPEC `v`) THEN 8347ASM_SIMP_TAC std_ss [var_res_permission_THM2]); 8348 8349 8350 8351 8352val HOLFOOT_COND_INFERENCE___prog_field_lookup = 8353store_thm ("HOLFOOT_COND_INFERENCE___prog_field_lookup", 8354`` 8355 !wpb rpb v e L t c sfb progL Q. 8356 8357((BAG_IN v wpb) /\ (t IN FDOM L) /\ 8358 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 8359 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) (L ' t)) 8360==> 8361((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8362 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8363 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8364 (var_res_exp_varlist_update [(v, c)] (L ' t))) 8365 (BAG_IMAGE (var_res_prop_varlist_update [(v, c)] ) 8366 (BAG_INSERT (holfoot_ap_points_to e L) 8367 sfb)))) 8368 (asl_prog_block progL) Q) ==> 8369 8370 8371(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8372 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8373 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8374 (var_res_exp_const c)) 8375 (BAG_INSERT (holfoot_ap_points_to e L) 8376 sfb))) 8377 8378 (asl_prog_block ((holfoot_prog_field_lookup v e t)::progL)) 8379 8380 Q)) 8381``, 8382 8383SIMP_TAC std_ss [VAR_RES_COND_INFERENCE___prog_block, 8384 var_res_prop_varlist_update_SING, 8385 var_res_exp_varlist_update_SING] THEN 8386REPEAT STRIP_TAC THEN 8387Tactical.REVERSE (Cases_on `(FST Q) /\ 8388 var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) 8389 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) (var_res_exp_const c)) 8390 (BAG_INSERT (holfoot_ap_points_to e L) sfb))`) THEN1 ( 8391 FULL_SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, var_res_prop___REWRITE] 8392) THEN 8393MATCH_MP_TAC VAR_RES_COND_HOARE_TRIPLE___PROGRAM_ABSTRACTION_first THEN 8394MP_TAC (Q.SPECL [`v`, `c`, `t`, `e`, `L`, `SET_OF_BAG (BAG_UNION wpb rpb)`] 8395 VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_field_lookup) THEN 8396ASM_SIMP_TAC std_ss [] THEN 8397MATCH_MP_TAC (prove (``(A /\ (B ==> C)) ==> ((A ==> B) ==> C)``, SIMP_TAC std_ss [])) THEN 8398CONJ_TAC THEN1 FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT] THEN 8399DISCH_TAC THEN POP_ASSUM (fn thm => EXISTS_TAC (rand (concl thm)) THEN REWRITE_TAC[thm]) THEN 8400SIMP_TAC std_ss [IS_SEPARATION_COMBINATOR___FINITE_MAP, GSYM VAR_RES_COND_INFERENCE___prog_block] THEN 8401HO_MATCH_MP_TAC 8402 (MP_CANON VAR_RES_COND_INFERENCE___var_res_prog_cond_best_local_action) THEN 8403ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_SET_OF_BAG, BAG_IN_BAG_OF_SET, IN_DELETE, 8404 BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, VAR_RES_FRAME_SPLIT_NORMALISE] THEN 8405ONCE_REWRITE_TAC [VAR_RES_FRAME_SPLIT___FRAME] THEN 8406MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___equal_const___context_SING) THEN 8407`FINITE_BAG sfb` by FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, FINITE_BAG_THM] THEN 8408ASM_SIMP_TAC std_ss [BAG_IMAGE_EMPTY, IN_SET_OF_BAG, BAG_IN_BAG_UNION, 8409 BAG_IMAGE_FINITE_INSERT, BAG_IMAGE_EMPTY, FINITE_BAG_THM] THEN 8410ONCE_REWRITE_TAC [VAR_RES_FRAME_SPLIT___FRAME] THEN 8411 8412MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___SOLVE) THEN 8413CONJ_TAC THEN1 ( 8414 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, BAG_EVERY, 8415 BAG_IN_FINITE_BAG_IMAGE, GSYM LEFT_FORALL_IMP_THM, BAG_IN_BAG_INSERT, 8416 DISJ_IMP_THM, FORALL_AND_THM] THEN 8417 REPEAT STRIP_TAC THEN 8418 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_var_update___INSERT THEN 8419 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___SUBSET THEN 8420 Q.EXISTS_TAC `SET_OF_BAG (BAG_UNION wpb rpb)` THEN 8421 ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_SET_OF_BAG, IN_INSERT, IN_UNION, IN_DIFF, 8422 BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, BAG_IN_BAG_UNION, 8423 BAG_IN_BAG_DIFF_ALL_DISTINCT] 8424) THEN 8425FULL_SIMP_TAC std_ss [BAG_IMAGE_FINITE_INSERT, BAG_UNION_INSERT, BAG_UNION_EMPTY]); 8426 8427 8428 8429 8430val HOLFOOT_COND_INFERENCE___prog_field_lookup___exp_rewrite = 8431store_thm ("HOLFOOT_COND_INFERENCE___prog_field_lookup___exp_rewrite", 8432``!wpb rpb v e e' t sfb progL Q. 8433 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 8434 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e') ==> 8435 8436 ((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8437 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8438 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e e') sfb)) 8439 (asl_prog_block ((holfoot_prog_field_lookup v e t)::progL)) Q) = 8440(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8441 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8442 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e e') sfb)) 8443 (asl_prog_block ((holfoot_prog_field_lookup v e' t)::progL)) Q))``, 8444 8445REPEAT STRIP_TAC THEN 8446MATCH_MP_TAC VAR_RES_COND_INFERENCE___first_command_PRECOND_SEM THEN 8447 8448SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___REWRITE] THEN 8449REPEAT STRIP_TAC THEN 8450ASM_SIMP_TAC std_ss [holfoot_prog_field_lookup_def, 8451 ASL_PROGRAM_SEM___prim_command, 8452 ASL_ATOMIC_ACTION_SEM_def, 8453 EVAL_asl_prim_command_THM, 8454 GSYM holfoot_separation_combinator_def, 8455 ASL_IS_LOCAL_ACTION___holfoot_field_lookup_action] THEN 8456 8457`e (FST s) = e' (FST s)` suffices_by (STRIP_TAC THEN 8458 ASM_SIMP_TAC std_ss [holfoot_field_lookup_action_def, LET_THM] 8459) THEN 8460 8461Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 8462FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 8463 var_res_prop___PROP_INSERT] THEN 8464SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 8465 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 8466 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM]); 8467 8468 8469 8470val var_res_prop___asl_star___holfoot = 8471save_thm ("var_res_prop___asl_star___holfoot", 8472let 8473 val thm0 = ISPEC ``(VAR_RES_COMBINATOR DISJOINT_FMAP_UNION):holfoot_state bin_option_function`` 8474 var_res_prop___asl_star 8475 val thm1 = SIMP_RULE std_ss [GSYM holfoot_separation_combinator_def, 8476 GET_VAR_RES_COMBINATOR___holfoot_separation_combinator, 8477 IS_VAR_RES_COMBINATOR___holfoot_separation_combinator] thm0 8478 val thm2 = SIMP_RULE std_ss [holfoot_separation_combinator_def] thm1 8479in 8480 thm2 8481end); 8482 8483 8484 8485 8486val HOLFOOT_COND_INFERENCE___prog_field_lookup___array = 8487store_thm ("HOLFOOT_COND_INFERENCE___prog_field_lookup___array", 8488``!tdata v e ds dl data t c wpb rpb sfb progL Q. 8489 8490((ds <= e) /\ (e < ds + dl)) ==> 8491(BAG_IN v wpb) /\ (MEM (t, tdata) data) ==> 8492 8493((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8494 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8495 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8496 (var_res_exp_const (EL (e - ds) tdata))) 8497 (BAG_IMAGE (var_res_prop_varlist_update [(v, c)] ) 8498 (BAG_INSERT (holfoot_ap_data_array (var_res_exp_const ds) (var_res_exp_const dl) data) 8499 sfb)))) 8500 (asl_prog_block progL) Q) ==> 8501 8502 8503(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8504 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8505 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8506 (var_res_exp_const c)) 8507 (BAG_INSERT (holfoot_ap_data_array (var_res_exp_const ds) (var_res_exp_const dl) data) 8508 sfb))) 8509 8510 (asl_prog_block ((holfoot_prog_field_lookup v (var_res_exp_const e) t)::progL)) 8511 8512 Q)) 8513``, 8514 8515REPEAT GEN_TAC THEN STRIP_TAC THEN STRIP_TAC THEN 8516 8517Tactical.REVERSE (Cases_on `EVERY (\tl. LENGTH (SND tl) = dl) 8518 data /\ ALL_DISTINCT (MAP FST data)`) THEN1 ( 8519 ASM_SIMP_TAC std_ss [holfoot_ap_data_array___CONST, asl_trivial_cond_TF] THEN 8520 SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, 8521 var_res_prop___REWRITE, var_res_prop___PROP_INSERT, 8522 var_res_prop___COND_INSERT, asl_bool_EVAL, 8523 VAR_RES_HOARE_TRIPLE_def, ASL_PROGRAM_HOARE_TRIPLE_def, IN_ABS, 8524 HOARE_TRIPLE_def] 8525) THEN 8526 8527`?dl1. ds + dl1 = e` by METIS_TAC[LESS_EQUAL_ADD] THEN 8528`dl1 + 1 <= dl` by DECIDE_TAC THEN 8529`?dl2. dl = dl1 + 1 + dl2` by METIS_TAC[LESS_EQUAL_ADD] THEN 8530Tactical.REVERSE (Cases_on `FINITE_BAG sfb`) THEN1 ( 8531 ASM_SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, 8532 var_res_prop___REWRITE, var_res_prop___COND___REWRITE, 8533 FINITE_BAG_THM] 8534) THEN 8535 8536ASM_SIMP_TAC std_ss [BAG_IMAGE_FINITE_INSERT, 8537 FINITE_BAG_THM, var_res_prop_varlist_update___asl_star___holfoot, 8538 var_res_prop_varlist_update___holfoot_ap_data_array, 8539 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 8540 var_res_exp_varlist_update___const_EVAL] THEN 8541ASM_SIMP_TAC arith_ss [holfoot_ap_data_array___SPLIT, 8542 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 8543 MAP_MAP_o, o_DEF, 8544 var_res_exp_add_sub_REWRITES] THEN 8545 8546Q.MATCH_ABBREV_TAC `XXX ==> VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8547 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8548 (BAG_INSERT 8549 (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8550 (var_res_exp_const c)) 8551 (BAG_INSERT (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 8552 (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 8553 array_pred_1 array_pred_2) array_pred_3) sfb))) prog Q` THEN 8554Q.UNABBREV_TAC `XXX` THEN 8555 8556 8557`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) array_pred_1 /\ 8558 VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) array_pred_2 /\ 8559 VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) array_pred_3` by ( 8560 UNABBREV_ALL_TAC THEN 8561 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array], []) THEN 8562 SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 8563) THEN 8564ASM_SIMP_TAC std_ss [prove (``(BAG_INSERT x (BAG_INSERT (asl_star f P1 P2) sfb) = 8565 (BAG_INSERT (asl_star f P1 P2) (BAG_INSERT x sfb)))``, 8566 METIS_TAC[BAG_INSERT_commutes]), 8567 var_res_prop___asl_star___holfoot, 8568 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star] THEN 8569Q.PAT_X_ASSUM `Abbrev (array_pred_2 = XXX)` MP_TAC THEN 8570FULL_SIMP_TAC list_ss [holfoot_ap_data_array_1, 8571 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 8572 EVERY_MAP, MAP_MAP_o, o_DEF, ETA_THM, 8573 EVERY_MEM, asl_trivial_cond_TF] THEN 8574STRIP_TAC THEN 8575 8576 8577`!x sfb. (BAG_INSERT array_pred_1 (BAG_INSERT array_pred_2 8578 (BAG_INSERT array_pred_3 (BAG_INSERT x sfb))) = 8579 BAG_INSERT x (BAG_INSERT array_pred_2 8580 (BAG_INSERT array_pred_1 (BAG_INSERT array_pred_3 sfb))))` by 8581 METIS_TAC[BAG_INSERT_commutes] THEN 8582ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 8583REPEAT STRIP_TAC THEN 8584Q.UNABBREV_TAC `array_pred_2` THEN 8585Q.UNABBREV_TAC `prog` THEN 8586MATCH_MP_TAC (MP_CANON HOLFOOT_COND_INFERENCE___prog_field_lookup) THEN 8587 8588Q.ABBREV_TAC `L' = LIST_TO_FMAP (MAP (\tl. 8589 (FST tl, (var_res_exp_const 8590 (HD (DROP dl1 (TAKE (dl1 + 1) (SND tl))))):holfoot_a_expression)) data)` THEN 8591 8592Tactical.REVERSE ( 8593 sg `(t IN FDOM L') /\ (L' ' t = var_res_exp_const (EL (e - ds) tdata))`) THEN1 ( 8594 UNABBREV_ALL_TAC THEN 8595 ASM_SIMP_TAC std_ss [var_res_exp_varlist_update___const_EVAL, 8596 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 8597 BAG_IMAGE_FINITE_INSERT, FINITE_BAG_THM, 8598 var_res_prop_varlist_update___holfoot_ap_data_array, 8599 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 8600 var_res_prop_varlist_update___holfoot_ap_points_to, o_f_LIST_TO_FMAP, 8601 MAP_MAP_o, o_DEF] 8602) THEN 8603 8604Q.UNABBREV_TAC `L'` THEN 8605CONJ_TAC THEN1 ( 8606 SIMP_TAC std_ss [FDOM_LIST_TO_FMAP, MEM_MAP, 8607 GSYM RIGHT_EXISTS_AND_THM] THEN 8608 Q.EXISTS_TAC `(t, tdata)` THEN 8609 ASM_SIMP_TAC std_ss [] 8610) THEN 8611MATCH_MP_TAC LIST_TO_FMAP___ALL_DISTINCT THEN 8612 8613ASM_SIMP_TAC std_ss [MAP_MAP_o, o_DEF, MEM_MAP, 8614 var_res_exp_eq_THM, ETA_THM] THEN 8615Q.EXISTS_TAC `(t, tdata)` THEN 8616`e - ds = dl1` by DECIDE_TAC THEN 8617`LENGTH tdata = dl` by ( 8618 RES_TAC THEN 8619 FULL_SIMP_TAC arith_ss [] 8620) THEN 8621ASM_SIMP_TAC list_ss [HD_DROP, EL_TAKE]); 8622 8623 8624 8625val HOLFOOT_COND_INFERENCE___prog_field_lookup___interval = 8626store_thm ("HOLFOOT_COND_INFERENCE___prog_field_lookup___interval", 8627``!tdata v b e m data t c wpb rpb sfb progL Q. 8628((b <= m) /\ (m <= e)) ==> 8629(BAG_IN v wpb) /\ (MEM (t, tdata) data) ==> 8630 8631((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8632 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8633 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8634 (var_res_exp_const (EL (m - b) tdata))) 8635 (BAG_IMAGE (var_res_prop_varlist_update [(v, c)] ) 8636 (BAG_INSERT (holfoot_ap_data_interval (var_res_exp_const b) (var_res_exp_const e) data) 8637 sfb)))) 8638 (asl_prog_block progL) Q) ==> 8639 8640 8641(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8642 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8643 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 8644 (var_res_exp_const c)) 8645 (BAG_INSERT (holfoot_ap_data_interval (var_res_exp_const b) (var_res_exp_const e) data) 8646 sfb))) 8647 8648 (asl_prog_block ((holfoot_prog_field_lookup v (var_res_exp_const m) t)::progL)) 8649 8650 Q)) 8651``, 8652 8653SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 8654REPEAT STRIP_TAC THEN 8655MATCH_MP_TAC (MP_CANON HOLFOOT_COND_INFERENCE___prog_field_lookup___array) THEN 8656Q.EXISTS_TAC `tdata` THEN 8657ASM_SIMP_TAC arith_ss []); 8658 8659 8660 8661 8662(*============== 8663 = field assign 8664 ===============*) 8665 8666val holfoot_field_assign_action_def = Define ` 8667 holfoot_field_assign_action e1 t e2 (s:holfoot_state) = 8668 let e1_opt = e1 (FST s) in 8669 let e2_opt = e2 (FST s) in 8670 if ((IS_NONE e1_opt) \/ (IS_NONE e2_opt)) then NONE else 8671 let e1_v = (THE e1_opt) in 8672 let e2_v = (THE e2_opt) in ( 8673 if (~(e1_v IN FDOM (SND s)) \/ (e1_v = 0)) then NONE else 8674 (SOME {(FST s, (SND s) |+ (e1_v, ((t =+ e2_v) ((SND s) ' e1_v))))}))` 8675 8676 8677 8678 8679val ASL_IS_LOCAL_ACTION___holfoot_field_assign_action = store_thm ( 8680"ASL_IS_LOCAL_ACTION___holfoot_field_assign_action", 8681``!e1 e2 t. 8682IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 8683IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) ==> 8684ASL_IS_LOCAL_ACTION holfoot_separation_combinator (holfoot_field_assign_action e1 t e2)``, 8685 8686SIMP_TAC std_ss [ASL_IS_LOCAL_ACTION___ALTERNATIVE_EXT_DEF, 8687 holfoot_field_assign_action_def, LET_THM, COND_NONE_SOME_REWRITES, 8688 NOT_NONE_IS_SOME, holfoot_separation_combinator_def, IN_SING] THEN 8689REPEAT GEN_TAC THEN STRIP_TAC THEN REPEAT GEN_TAC THEN STRIP_TAC THEN 8690`(e1 (FST s3) = e1 (FST s1)) /\ (e2 (FST s3) = e2 (FST s1))` by ( 8691 CONSEQ_REWRITE_TAC ([IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_RIGHT], [], []) THEN 8692 FULL_SIMP_TAC std_ss [VAR_RES_COMBINATOR_REWRITE] THEN 8693 PROVE_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO] 8694) THEN 8695`?ev1 ev2. (e1 (FST s1) = SOME ev1) /\ (e2 (FST s1) = SOME ev2)` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS] THEN 8696FULL_SIMP_TAC std_ss [VAR_RES_COMBINATOR_REWRITE, SOME___VAR_RES_STACK_COMBINE, 8697 DISJOINT_FMAP_UNION___REWRITE, IN_DISJOINT, FUNION_DEF, FDOM_FUPDATE, IN_UNION, 8698 IN_INSERT] THEN 8699CONJ_TAC THEN1 METIS_TAC[] THEN 8700SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 8701 GSYM fmap_EQ_THM, EXTENSION, FUNION_DEF, FDOM_FUPDATE, 8702 FAPPLY_FUPDATE_THM, IN_INSERT, IN_UNION, UPDATE_def] THEN 8703GEN_TAC THEN 8704Cases_on `x = ev1` THEN ASM_SIMP_TAC std_ss []); 8705 8706 8707 8708 8709 8710val holfoot_prog_field_assign_def = Define ` 8711(holfoot_prog_field_assign e1 t e2):holfoot_program = 8712asl_prog_prim_command (asl_pc_shallow_command (\f. holfoot_field_assign_action e1 t e2))`; 8713 8714 8715 8716val VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_field_assign = store_thm ( 8717"VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_field_assign", 8718``!t e1 e2 L vs. 8719 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e1) /\ 8720 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e2) /\ 8721 (VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_points_to e1 L)) /\ 8722 (VAR_RES_IS_STACK_IMPRECISE___USED_VARS vs (holfoot_ap_points_to e1 (L |+ (t, e2)))) ==> 8723 (VAR_RES_PROGRAM_IS_ABSTRACTION DISJOINT_FMAP_UNION 8724 (holfoot_prog_field_assign e1 t e2) 8725 (var_res_prog_cond_best_local_action 8726 (var_res_prop DISJOINT_FMAP_UNION (EMPTY_BAG, BAG_OF_SET vs) 8727 {|holfoot_ap_points_to e1 L|}) 8728 (var_res_prop DISJOINT_FMAP_UNION (EMPTY_BAG, BAG_OF_SET vs) 8729 {|holfoot_ap_points_to e1 (L|+(t,e2))|})))``, 8730 8731REPEAT STRIP_TAC THEN 8732`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 8733 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2)` by 8734 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 8735ASM_SIMP_TAC std_ss [VAR_RES_PROGRAM_IS_ABSTRACTION_def, 8736 ASL_PROGRAM_IS_ABSTRACTION_def, holfoot_prog_field_assign_def, 8737 ASL_PROGRAM_SEM___prim_command, EVAL_asl_prim_command_THM, 8738 ASL_ATOMIC_ACTION_SEM_def, GSYM holfoot_separation_combinator_def, 8739 ASL_IS_LOCAL_ACTION___holfoot_field_assign_action, 8740 var_res_prog_cond_best_local_action_REWRITE, 8741 ASL_IS_LOCAL_ACTION___var_res_cond_best_local_action, 8742 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 8743SIMP_TAC std_ss [var_res_cond_best_local_action_def, 8744 var_res_prop___REWRITE, COND_RAND, COND_RATOR] THEN 8745MATCH_MP_TAC (prove (``((~c) /\ (~c ==> x2)) ==> if c then x1 else x2``, SIMP_TAC std_ss [])) THEN 8746CONJ_TAC THEN1 ( 8747 ASM_SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___COND___REWRITE, 8748 FINITE_BAG_THM, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 8749 IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_UNION_EMPTY, 8750 BAG_ALL_DISTINCT_BAG_OF_SET, SET_BAG_I] 8751) THEN 8752SIMP_TAC std_ss [fasl_action_order_POINTWISE_DEF] THEN REPEAT STRIP_TAC THEN 8753Cases_on `holfoot_field_assign_action e1 t e2 s = NONE` THEN1 ( 8754 FULL_SIMP_TAC std_ss [fasl_order_THM, 8755 var_res_best_local_action_def, NONE___quant_best_local_action, IN_ABS, 8756 var_res_prop___PROP_INSERT, var_res_prop___COND_INSERT] THEN 8757 ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 8758 IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 8759 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, var_res_bigstar_REWRITE_EXT, 8760 asl_star___PROPERTIES, IN_ABS] THEN 8761 ASM_SIMP_TAC std_ss [var_res_prop_stack_true_def, var_res_bool_proposition_def, 8762 var_res_stack_proposition_def, IN_ABS, asl_emp_DISJOINT_FMAP_UNION, 8763 IN_SING, DISJOINT_FMAP_UNION___REWRITE, FDOM_FEMPTY, DISJOINT_EMPTY, 8764 FUNION_FEMPTY_2, BAG_IN_BAG_OF_SET, var_res_sl___has_read_permission_def, 8765 GSYM SUBSET_DEF, holfoot_ap_points_to_def, LET_THM] THEN 8766 CCONTR_TAC THEN 8767 Q.PAT_X_ASSUM `holfoot_field_assign_action e1 t e2 s = NONE` MP_TAC THEN 8768 FULL_SIMP_TAC std_ss [holfoot_field_assign_action_def, 8769 LET_THM, SOME___holfoot_separation_combinator, 8770 IN_ABS, COND_NONE_SOME_REWRITES] THEN 8771 `(e1 (FST s) = e1 (FST x)) /\ (IS_SOME (e2 (FST s)))` suffices_by (STRIP_TAC THEN 8772 ASM_SIMP_TAC std_ss [NOT_NONE_IS_SOME, FUNION_DEF, IN_UNION, IN_SING] 8773 ) THEN 8774 CONJ_TAC THENL [ 8775 MATCH_MP_TAC IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_RIGHT THEN 8776 ASM_SIMP_TAC std_ss [] THEN 8777 PROVE_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO], 8778 8779 8780 FULL_SIMP_TAC std_ss [SOME___VAR_RES_STACK_COMBINE, 8781 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___REWRITE, 8782 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_REL___REWRITE, 8783 SUBSET_DEF, FMERGE_DEF, IN_UNION] 8784 ] 8785) THEN 8786FULL_SIMP_TAC std_ss [holfoot_field_assign_action_def, LET_THM, 8787 COND_NONE_SOME_REWRITES, NOT_NONE_IS_SOME] THEN 8788`?ev1. e1 (FST s) = SOME ev1` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS, NOT_NONE_IS_SOME] THEN 8789`?ev2. e2 (FST s) = SOME ev2` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS, NOT_NONE_IS_SOME] THEN 8790FULL_SIMP_TAC std_ss [fasl_order_THM2, var_res_best_local_action_def, 8791 SUBSET_DEF, IN_SING, SOME___quant_best_local_action, IN_ABS, 8792 asl_star_def, IN_SING] THEN 8793DISCH_TAC THEN (POP_ASSUM (K ALL_TAC)) THEN 8794REPEAT STRIP_TAC THEN 8795 8796Q.EXISTS_TAC `(FST x',SND x' |+ (ev1,(t =+ ev2) (SND s ' ev1)))` THEN 8797 8798Q.PAT_X_ASSUM `x' IN X` MP_TAC THEN 8799ASM_SIMP_TAC std_ss [VAR_RES_STACK___IS_EQUAL_UPTO_VALUES___REFL, 8800 var_res_prop___PROP_INSERT] THEN 8801ASM_SIMP_TAC std_ss [IN_ABS, var_res_prop___PROP___REWRITE, 8802 IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, IS_SEPARATION_COMBINATOR___FINITE_MAP, 8803 NOT_IN_EMPTY_BAG, BAG_IN_BAG_OF_SET, var_res_bigstar_REWRITE, 8804 asl_star___PROPERTIES, var_res_sl___has_read_permission_def, 8805 GSYM SUBSET_DEF, var_res_prop_stack_true_def, 8806 var_res_bool_proposition_def, var_res_stack_proposition_def, 8807 LET_THM, DISJOINT_FMAP_UNION___REWRITE, asl_emp_DISJOINT_FMAP_UNION, 8808 IN_SING, FDOM_FEMPTY, DISJOINT_EMPTY, FUNION_FEMPTY_1, FUNION_FEMPTY_2] THEN 8809SIMP_TAC std_ss [holfoot_ap_points_to_def, IN_ABS, LET_THM] THEN 8810STRIP_TAC THEN 8811`e1 (FST x') = SOME ev1` by ( 8812 `e1 (FST x') = e1 (FST s)` suffices_by ASM_SIMP_TAC std_ss [] THEN 8813 MATCH_MP_TAC IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT THEN 8814 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator] THEN 8815 PROVE_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO] 8816) THEN 8817`e2 (FST x') = SOME ev2` by ( 8818 `e2 (FST x') = e2 (FST s)` suffices_by ASM_SIMP_TAC std_ss [] THEN 8819 MATCH_MP_TAC IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT THEN 8820 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator] THEN 8821 CONJ_TAC THEN1 PROVE_TAC[VAR_RES_STACK_IS_SUBSTATE_INTRO] THEN 8822 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_REL___REWRITE, 8823 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___REWRITE, SUBSET_DEF] 8824) THEN 8825FULL_SIMP_TAC std_ss [FDOM_FUPDATE, INSERT_INSERT, FEVERY_DEF, IN_INSERT] THEN 8826CONJ_TAC THENL [ 8827 ONCE_REWRITE_TAC [holfoot_separation_combinator___COMM] THEN 8828 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 8829 FDOM_FUPDATE, IN_DISJOINT, INSERT_INSERT, IN_SING] THEN 8830 SIMP_TAC std_ss [GSYM fmap_EQ_THM] THEN 8831 ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 8832 EXTENSION, FUNION_DEF, 8833 FDOM_FUPDATE, FAPPLY_FUPDATE_THM, INSERT_INSERT, IN_UNION, IN_INSERT, 8834 NOT_IN_EMPTY, UPDATE_def] THEN 8835 GEN_TAC THEN 8836 Cases_on `x = ev1` THEN ASM_SIMP_TAC std_ss [], 8837 8838 8839 SIMP_TAC std_ss [FAPPLY_FUPDATE_THM, UPDATE_def] THEN 8840 GEN_TAC THEN 8841 Cases_on `x = t` THEN ASM_SIMP_TAC std_ss [] THEN 8842 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 8843 FUNION_DEF, IN_DISJOINT, IN_SING] 8844]); 8845 8846 8847 8848 8849val HOLFOOT_COND_INFERENCE___prog_field_assign = 8850store_thm ("HOLFOOT_COND_INFERENCE___prog_field_assign", 8851``!wpb rpb e1 L e2 t sfb progL Q. 8852(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e1 /\ 8853 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) e2 /\ 8854 VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (BAG_UNION wpb rpb)) (holfoot_ap_points_to e1 (L |+ (t,e2)))) ==> 8855 8856((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8857 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8858 (BAG_INSERT (holfoot_ap_points_to e1 (L |+ (t, e2))) sfb)) 8859 (asl_prog_block progL) Q) ==> 8860 8861(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8862 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8863 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb)) 8864 (asl_prog_block ((holfoot_prog_field_assign e1 t e2)::progL)) Q))``, 8865 8866SIMP_TAC std_ss [VAR_RES_COND_INFERENCE___prog_block] THEN 8867REPEAT STRIP_TAC THEN 8868Tactical.REVERSE (Cases_on `(FST Q) /\ 8869 var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) 8870 (BAG_INSERT (holfoot_ap_points_to e1 L) sfb)`) THEN1 ( 8871 FULL_SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, var_res_prop___REWRITE] 8872) THEN 8873MATCH_MP_TAC VAR_RES_COND_HOARE_TRIPLE___PROGRAM_ABSTRACTION_first THEN 8874MP_TAC (Q.SPECL [`t`, `e1`, `e2`, `L`, `SET_OF_BAG (BAG_UNION wpb rpb)`] 8875 VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_field_assign) THEN 8876ASM_SIMP_TAC std_ss [] THEN 8877MATCH_MP_TAC (prove (``(A /\ (B ==> C)) ==> ((A ==> B) ==> C)``, SIMP_TAC std_ss [])) THEN 8878CONJ_TAC THEN1 FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT] THEN 8879DISCH_TAC THEN POP_ASSUM (fn thm => EXISTS_TAC (rand (concl thm)) THEN REWRITE_TAC[thm]) THEN 8880SIMP_TAC std_ss [GSYM VAR_RES_COND_INFERENCE___prog_block, 8881 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 8882HO_MATCH_MP_TAC 8883 (MP_CANON VAR_RES_COND_INFERENCE___var_res_prog_cond_best_local_action) THEN 8884SIMP_TAC std_ss [BAG_OF_EMPTY, EMPTY_SUBSET, SET_BAG_I, SUBSET_REFL, 8885 VAR_RES_FRAME_SPLIT_NORMALISE] THEN 8886ONCE_REWRITE_TAC [VAR_RES_FRAME_SPLIT___FRAME] THEN 8887 8888MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___SOLVE) THEN 8889CONJ_TAC THEN1 ( 8890 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, BAG_EVERY, 8891 BAG_OF_EMPTY, DIFF_EMPTY, 8892 BAG_IN_FINITE_BAG_IMAGE, GSYM LEFT_FORALL_IMP_THM, BAG_IN_BAG_INSERT, 8893 DISJ_IMP_THM, FORALL_AND_THM, SET_OF_BAG_UNION,BAG_DIFF_EMPTY] 8894) THEN 8895FULL_SIMP_TAC std_ss [BAG_IMAGE_FINITE_INSERT, BAG_UNION_INSERT, BAG_UNION_EMPTY]); 8896 8897 8898 8899 8900val HOLFOOT_COND_INFERENCE___prog_field_assign___array = 8901store_thm ("HOLFOOT_COND_INFERENCE___prog_field_assign___array", 8902``!tdata e ds dl c data wpb rpb t sfb progL Q. 8903ds <= e /\ e < ds + dl ==> 8904((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8905 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8906 (BAG_INSERT (holfoot_ap_data_array (var_res_exp_const ds) 8907 (var_res_exp_const dl) ((t, LUPDATE c (e - ds) tdata)::data)) sfb)) 8908 (asl_prog_block progL) Q) ==> 8909 8910(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8911 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8912 (BAG_INSERT (holfoot_ap_data_array (var_res_exp_const ds) (var_res_exp_const dl) ((t, tdata)::data)) sfb)) 8913 (asl_prog_block ((holfoot_prog_field_assign (var_res_exp_const e) t (var_res_exp_const c))::progL)) Q))``, 8914 8915 8916REPEAT GEN_TAC THEN STRIP_TAC THEN 8917Tactical.REVERSE (Cases_on `(LENGTH tdata = dl) /\ EVERY (\tl. LENGTH (SND tl) = dl) 8918 data /\ ALL_DISTINCT (t::(MAP FST data))`) THEN1 ( 8919 ASM_SIMP_TAC std_ss [holfoot_ap_data_array___CONST, asl_trivial_cond_TF, 8920 EVERY_DEF, MAP, GSYM CONJ_ASSOC] THEN 8921 SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, 8922 var_res_prop___REWRITE, var_res_prop___PROP_INSERT, 8923 var_res_prop___COND_INSERT, asl_bool_EVAL, 8924 VAR_RES_HOARE_TRIPLE_def, ASL_PROGRAM_HOARE_TRIPLE_def, IN_ABS, 8925 HOARE_TRIPLE_def] 8926) THEN 8927 8928`?dl1. ds + dl1 = e` by METIS_TAC[LESS_EQUAL_ADD] THEN 8929`dl1 + 1 <= dl` by DECIDE_TAC THEN 8930`?dl2. dl = dl1 + 1 + dl2` by METIS_TAC[LESS_EQUAL_ADD] THEN 8931`e - ds = dl1` by DECIDE_TAC THEN 8932ASM_SIMP_TAC std_ss [holfoot_ap_data_array___SPLIT, 8933 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 8934 MAP_MAP_o, o_DEF, MAP, 8935 var_res_exp_add_sub_REWRITES] THEN 8936FULL_SIMP_TAC std_ss [] THEN 8937ASM_SIMP_TAC arith_ss [TAKE_TAKE, LUPDATE_SEM, 8938 DROP_LUPDATE, TAKE_LUPDATE] THEN 8939FULL_SIMP_TAC list_ss [holfoot_ap_data_array_1, 8940 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 8941 EVERY_MAP, MAP_MAP_o, o_DEF, ETA_THM, EVERY_MEM, 8942 asl_trivial_cond_TF, HD_DROP, EL_TAKE, 8943 LUPDATE_SEM, LIST_TO_FMAP_THM] THEN 8944 8945Q.MATCH_ABBREV_TAC `XXX ==> VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8946 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8947 (BAG_INSERT (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 8948 (asl_star (VAR_RES_COMBINATOR DISJOINT_FMAP_UNION) 8949 array_pred_1 (holfoot_ap_points_to (var_res_exp_const e) 8950 (L' |+ (t, var_res_exp_const c')))) array_pred_3) sfb)) prog Q` THEN 8951Q.UNABBREV_TAC `XXX` THEN 8952 8953 8954`VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) array_pred_1 /\ 8955 !cc. VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) 8956 (holfoot_ap_points_to (var_res_exp_const e) (L' |+ (t, var_res_exp_const cc))) /\ 8957 VAR_RES_IS_STACK_IMPRECISE___USED_VARS (SET_OF_BAG (wpb + rpb)) array_pred_3` by ( 8958 UNABBREV_ALL_TAC THEN 8959 CONSEQ_REWRITE_TAC ([], [VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_data_array, 8960 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___points_to, FEVERY_LIST_TO_FMAP, FEVERY_STRENGTHEN_THM], []) THEN 8961 SIMP_TAC list_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, EVERY_MAP] 8962) THEN 8963ASM_SIMP_TAC std_ss [prove (``(BAG_INSERT x (BAG_INSERT (asl_star f P1 P2) sfb) = 8964 (BAG_INSERT (asl_star f P1 P2) (BAG_INSERT x sfb)))``, 8965 METIS_TAC[BAG_INSERT_commutes]), 8966 var_res_prop___asl_star___holfoot, 8967 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___asl_star] THEN 8968 8969`!x y sfb. (BAG_INSERT array_pred_1 (BAG_INSERT y 8970 (BAG_INSERT array_pred_3 sfb)) = 8971 BAG_INSERT y (BAG_INSERT array_pred_1 (BAG_INSERT array_pred_3 sfb)))` by 8972 METIS_TAC[BAG_INSERT_commutes] THEN 8973ASM_REWRITE_TAC[] THEN POP_ASSUM (K ALL_TAC) THEN 8974REPEAT STRIP_TAC THEN 8975Q.UNABBREV_TAC `prog` THEN 8976MATCH_MP_TAC (MP_CANON HOLFOOT_COND_INFERENCE___prog_field_assign) THEN 8977ASM_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 8978 FUPDATE_EQ]); 8979 8980 8981val HOLFOOT_COND_INFERENCE___prog_field_assign___interval = 8982store_thm ("HOLFOOT_COND_INFERENCE___prog_field_assign___interval", 8983``!tdata m b e c data wpb rpb t sfb progL Q. 8984((b <= m) /\ (m <= e)) ==> 8985((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8986 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8987 (BAG_INSERT (holfoot_ap_data_interval (var_res_exp_const b) 8988 (var_res_exp_const e) ((t, LUPDATE c (m - b) tdata)::data)) sfb)) 8989 (asl_prog_block progL) Q) ==> 8990 8991(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 8992 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 8993 (BAG_INSERT (holfoot_ap_data_interval (var_res_exp_const b) (var_res_exp_const e) ((t, tdata)::data)) sfb)) 8994 (asl_prog_block ((holfoot_prog_field_assign (var_res_exp_const m) t (var_res_exp_const c))::progL)) Q))``, 8995 8996 8997SIMP_TAC std_ss [holfoot_ap_data_interval___CONST] THEN 8998REPEAT STRIP_TAC THEN 8999MATCH_MP_TAC (MP_CANON HOLFOOT_COND_INFERENCE___prog_field_assign___array) THEN 9000ASM_SIMP_TAC arith_ss []); 9001 9002 9003val HOLFOOT_COND_INFERENCE___prog_field_assign___exp_rewrite = 9004store_thm ("HOLFOOT_COND_INFERENCE___prog_field_assign___exp_rewrite", 9005``!wpb rpb e1 e1' e2 t sfb progL Q. 9006 9007IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 9008IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1') /\ 9009IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) ==> 9010 9011((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9012 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9013 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e1 e1') sfb)) 9014 (asl_prog_block ((holfoot_prog_field_assign e1 t e2)::progL)) Q) = 9015(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9016 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9017 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e1 e1') sfb)) 9018 (asl_prog_block ((holfoot_prog_field_assign e1' t e2)::progL)) Q))``, 9019 9020REPEAT STRIP_TAC THEN 9021MATCH_MP_TAC VAR_RES_COND_INFERENCE___first_command_PRECOND_SEM THEN 9022 9023SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___REWRITE] THEN 9024REPEAT STRIP_TAC THEN 9025ASM_SIMP_TAC std_ss [holfoot_prog_field_assign_def, 9026 ASL_PROGRAM_SEM___prim_command, 9027 ASL_ATOMIC_ACTION_SEM_def, 9028 EVAL_asl_prim_command_THM, 9029 GSYM holfoot_separation_combinator_def, 9030 ASL_IS_LOCAL_ACTION___holfoot_field_assign_action] THEN 9031 9032`e1 (FST s) = e1' (FST s)` suffices_by (STRIP_TAC THEN 9033 ASM_SIMP_TAC std_ss [holfoot_field_assign_action_def, LET_THM] 9034) THEN 9035 9036Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 9037FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 9038 var_res_prop___PROP_INSERT] THEN 9039SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 9040 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 9041 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM]); 9042 9043 9044 9045val HOLFOOT_COND_INFERENCE___prog_field_assign___exp_rewrite___value = 9046store_thm ("HOLFOOT_COND_INFERENCE___prog_field_assign___exp_rewrite___value", 9047``!wpb rpb e1 e1' e2 t sfb progL Q. 9048 9049IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1) /\ 9050IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e1') /\ 9051IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e2) ==> 9052 9053((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9054 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9055 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e1 e1') sfb)) 9056 (asl_prog_block ((holfoot_prog_field_assign e2 t e1)::progL)) Q) = 9057(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9058 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9059 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e1 e1') sfb)) 9060 (asl_prog_block ((holfoot_prog_field_assign e2 t e1')::progL)) Q))``, 9061 9062REPEAT STRIP_TAC THEN 9063MATCH_MP_TAC VAR_RES_COND_INFERENCE___first_command_PRECOND_SEM THEN 9064 9065SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___REWRITE] THEN 9066REPEAT STRIP_TAC THEN 9067ASM_SIMP_TAC std_ss [holfoot_prog_field_assign_def, 9068 ASL_PROGRAM_SEM___prim_command, 9069 ASL_ATOMIC_ACTION_SEM_def, 9070 EVAL_asl_prim_command_THM, 9071 GSYM holfoot_separation_combinator_def, 9072 ASL_IS_LOCAL_ACTION___holfoot_field_assign_action] THEN 9073 9074`e1 (FST s) = e1' (FST s)` suffices_by (STRIP_TAC THEN 9075 ASM_SIMP_TAC std_ss [holfoot_field_assign_action_def, LET_THM] 9076) THEN 9077 9078Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 9079FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 9080 var_res_prop___PROP_INSERT] THEN 9081SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 9082 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 9083 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM]); 9084 9085 9086 9087 9088 9089(*================== 9090 = new heap location 9091 ===================*) 9092 9093val holfoot_new_action_def = Define ` 9094 holfoot_new_action me v (tagL:holfoot_tag list) (s:holfoot_state) = 9095 if ~(var_res_sl___has_write_permission v (FST s)) \/ 9096 ~(IS_SOME (me (FST s))) then NONE else 9097 let m = THE (me (FST s)) in 9098 SOME (\s'. ?n XL. ~(n = 0:num) /\ 9099 (!m'. (n <= m' /\ (m' < n + m)) ==> ~(m' IN FDOM (SND s))) /\ 9100 (LENGTH XL = m) /\ 9101 (s' = ((FST s) |+ (v, n, var_res_write_permission), 9102 (SND s) |++ MAP (\m'. (n+m', EL m' XL)) (COUNT_LIST m))))`; 9103 9104 9105val holfoot_new_action_1 = store_thm ("holfoot_new_action_1", 9106``holfoot_new_action (var_res_exp_const 1) v tagL s = 9107 if ~(var_res_sl___has_write_permission v (FST s)) then NONE else 9108 SOME (\s'. ?n X. ~(n = 0:num) /\ ~(n IN FDOM (SND s)) /\ 9109 (s' = ((FST s) |+ (v, n, var_res_write_permission), 9110 (SND s) |+ (n, X))))``, 9111SIMP_TAC list_ss [holfoot_new_action_def, LENGTH_EQ_NUM_compute, GSYM RIGHT_EXISTS_AND_THM, 9112 GSYM LEFT_EXISTS_AND_THM, FUPDATE_LIST_THM, numLib.SUC_RULE COUNT_LIST_def, 9113 GSYM arithmeticTheory.ADD1, COND_RAND, COND_RATOR, LET_THM, 9114 var_res_exp_const_EVAL] THEN 9115`!n:num m:num. ((n <= m) /\ (m < SUC n)) = (n = m)` by DECIDE_TAC THEN 9116ASM_SIMP_TAC std_ss []); 9117 9118 9119val ASL_IS_LOCAL_ACTION___holfoot_new_action = store_thm ( 9120"ASL_IS_LOCAL_ACTION___holfoot_new_action", 9121``!ne v tL. IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne) ==> 9122ASL_IS_LOCAL_ACTION holfoot_separation_combinator (holfoot_new_action ne v tL)``, 9123 9124REPEAT STRIP_TAC THEN 9125SIMP_TAC std_ss [ASL_IS_LOCAL_ACTION___ALTERNATIVE_EXT_DEF, 9126 holfoot_new_action_def, COND_NONE_SOME_REWRITES, IN_ABS, 9127 SOME___holfoot_separation_combinator, SOME___VAR_RES_STACK_COMBINE, 9128 var_res_sl___has_write_permission_def, FMERGE_DEF, IN_UNION, 9129 FUNION_DEF, VAR_RES_STACK_IS_SEPARATE_def, LET_THM] THEN 9130REPEAT GEN_TAC THEN STRIP_TAC THEN 9131`~(v IN FDOM (FST s2))` by ( 9132 Q.PAT_X_ASSUM `!x. X x` (MP_TAC o Q.SPEC `v`) THEN 9133 ASM_SIMP_TAC std_ss [var_res_permission_THM2] 9134) THEN 9135`?n. ne (FST s1) = SOME n` by ( 9136 Cases_on `ne (FST s1)` THEN FULL_SIMP_TAC std_ss []) THEN 9137`ne (FMERGE VAR_RES_STACK_COMBINE___MERGE_FUNC (FST s1) (FST s2)) = SOME n` by ( 9138 FULL_SIMP_TAC std_ss [IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___REWRITE, 9139 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_REL___REWRITE] THEN 9140 `vs SUBSET FDOM (FST s1)` by PROVE_TAC[IS_SOME_EXISTS] THEN 9141 Q.PAT_X_ASSUM `ne (FST s1) = X` (fn thm => REWRITE_TAC [GSYM thm]) THEN 9142 Q.PAT_X_ASSUM `!st1 st2. X ==> (ne st1 = ne st2)` MATCH_MP_TAC THEN 9143 FULL_SIMP_TAC std_ss [FMERGE_DEF, SUBSET_DEF, IN_UNION, 9144 VAR_RES_STACK_COMBINE___MERGE_FUNC_def, COND_REWRITES] 9145) THEN 9146ASM_SIMP_TAC std_ss [GSYM LEFT_FORALL_IMP_THM, 9147 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, FDOM_FUPDATE, 9148 DISJOINT_INSERT, FDOM_FUPDATE_LIST, DISJOINT_UNION_BOTH] THEN 9149REPEAT GEN_TAC THEN STRIP_TAC THEN 9150Q.EXISTS_TAC `n'` THEN 9151Q.EXISTS_TAC `XL` THEN 9152Q.ABBREV_TAC `upL = MAP (\m'. (n' + m',EL m' XL)) (COUNT_LIST n)` THEN 9153`ALL_DISTINCT (MAP FST upL) /\ 9154 (!x. (n' <= x /\ x < n' + n) = MEM x (MAP FST upL))` by ( 9155 Q.UNABBREV_TAC `upL` THEN 9156 SIMP_TAC std_ss [MAP_MAP_o, o_DEF] THEN 9157 REPEAT STRIP_TAC THENL [ 9158 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 9159 Induct_on `n` THEN 9160 FULL_SIMP_TAC list_ss [COUNT_LIST_SNOC, MAP_MAP_o, o_DEF, 9161 MAP_SNOC, ALL_DISTINCT_SNOC, MEM_MAP, MEM_COUNT_LIST], 9162 9163 9164 ASM_SIMP_TAC list_ss [MEM_MAP, MEM_COUNT_LIST] THEN 9165 EQ_TAC THEN SIMP_TAC std_ss [GSYM LEFT_FORALL_IMP_THM] THEN 9166 REPEAT STRIP_TAC THEN 9167 Q.EXISTS_TAC `x - n'` THEN 9168 DECIDE_TAC 9169 ] 9170) THEN 9171FULL_SIMP_TAC std_ss [] THEN 9172ASM_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 9173 GSYM fmap_EQ_THM, FUNION_DEF, 9174 FAPPLY_FUPDATE_THM, FDOM_FUPDATE, IN_INSERT, IN_UNION, 9175 FMERGE_DEF, EXTENSION, 9176 FDOM_FUPDATE_LIST] THEN 9177REPEAT CONJ_TAC THENL [ 9178 SIMP_TAC std_ss [DISJOINT_DEF, EXTENSION, NOT_IN_EMPTY, IN_INTER] THEN 9179 METIS_TAC[], 9180 9181 GEN_TAC THEN Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [], 9182 GEN_TAC THEN Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [], 9183 9184 GEN_TAC THEN Cases_on `MEM x (MAP FST upL)` THENL [ 9185 `?x2. MEM (x, x2) upL` by ( 9186 FULL_SIMP_TAC std_ss [MEM_MAP, EXISTS_PROD] THEN 9187 METIS_TAC[] 9188 ) THEN 9189 METIS_TAC [FUPDATE_LIST_APPLY___ALL_DISTINCT], 9190 9191 ASM_SIMP_TAC std_ss [FUPDATE_LIST_APPLY_NOT_MEM, FUNION_DEF] 9192 ] 9193]); 9194 9195 9196val holfoot_prog_new_def = Define ` 9197(holfoot_prog_new n v tL):holfoot_program = 9198asl_prog_prim_command (asl_pc_shallow_command (\f. holfoot_new_action n v tL))`; 9199 9200 9201val VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_new = store_thm ( 9202"VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_new", 9203``!n c v vs tL. 9204 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs n) ==> 9205 9206 VAR_RES_PROGRAM_IS_ABSTRACTION DISJOINT_FMAP_UNION (holfoot_prog_new n v tL) 9207 (var_res_prog_cond_best_local_action 9208 (var_res_prop DISJOINT_FMAP_UNION ({|v|}, BAG_OF_SET (vs DELETE v)) 9209 {|var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) (var_res_exp_const c)|}) 9210 (var_res_prop DISJOINT_FMAP_UNION ({|v|}, BAG_OF_SET (vs DELETE v)) 9211 {|holfoot_ap_array (var_res_exp_var v) (var_res_exp_var_update (v, c) n)|}))``, 9212 9213REPEAT STRIP_TAC THEN 9214`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n)` by 9215 METIS_TAC[VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 9216ASM_SIMP_TAC std_ss [holfoot_prog_new_def, VAR_RES_PROGRAM_IS_ABSTRACTION_def, 9217 var_res_prog_cond_best_local_action_REWRITE, 9218 ASL_PROGRAM_IS_ABSTRACTION_def, 9219 ASL_PROGRAM_SEM___prim_command, ASL_ATOMIC_ACTION_SEM_def, 9220 EVAL_asl_prim_command_THM, GSYM holfoot_separation_combinator_def, 9221 ASL_IS_LOCAL_ACTION___holfoot_new_action, 9222 ASL_IS_LOCAL_ACTION___var_res_cond_best_local_action, 9223 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator] THEN 9224SIMP_TAC std_ss [var_res_cond_best_local_action_def, 9225 var_res_prop___REWRITE, COND_RAND, COND_RATOR] THEN 9226REPEAT GEN_TAC THEN 9227MATCH_MP_TAC (prove (`` 9228 (~c /\ (~c ==> x2)) ==> if c then x1 else x2``, SIMP_TAC std_ss [])) THEN 9229CONJ_TAC THEN1 ( 9230 ASM_SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___COND___REWRITE, 9231 FINITE_BAG_THM, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 9232 BAG_UNION_EMPTY, DISJ_IMP_THM, FORALL_AND_THM, 9233 IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_ALL_DISTINCT_THM, 9234 BAG_ALL_DISTINCT_BAG_UNION, BAG_ALL_DISTINCT_BAG_OF_SET, 9235 BAG_DISJOINT_BAG_INSERT, BAG_IN_BAG_OF_SET, IN_DELETE, 9236 BAG_DISJOINT_EMPTY, SET_OF_BAG_UNION, SET_BAG_I, 9237 SET_OF_BAG_INSERT, BAG_OF_EMPTY] THEN 9238 CONSEQ_REWRITE_TAC ([], [ 9239 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array, 9240 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_equal, 9241 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___var_res_exp_var_update], []) THEN 9242 SIMP_TAC std_ss [ 9243 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 9244 IN_UNION, IN_INSERT] THEN 9245 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___SUBSET THEN 9246 Q.EXISTS_TAC `vs` THEN 9247 ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_UNION, IN_DELETE, IN_SING] 9248) THEN 9249SIMP_TAC std_ss [fasl_action_order_POINTWISE_DEF, 9250 holfoot_new_action_def, COND_RATOR, COND_RAND, 9251 fasl_order_THM2, var_res_best_local_action_def, IN_ABS, 9252 SOME___quant_best_local_action, NONE___quant_best_local_action, 9253 COND_EXPAND_IMP, var_res_exp_const_EVAL, LET_THM] THEN 9254STRIP_TAC THEN 9255FULL_SIMP_TAC std_ss [var_res_prop___PROP_INSERT, var_res_prop___COND_INSERT] THEN 9256SIMP_TAC std_ss [ 9257 var_res_prop___PROP___REWRITE, 9258 IS_SEPARATION_COMBINATOR___FINITE_MAP, IN_ABS, 9259 var_res_bigstar_REWRITE, IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 9260 asl_star___PROPERTIES, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 9261 var_res_prop_stack_true_def, var_res_bool_proposition_def, 9262 var_res_stack_proposition_def, LET_THM, asl_emp_DISJOINT_FMAP_UNION, 9263 IN_SING, SOME___holfoot_separation_combinator, 9264 FDOM_FEMPTY, DISJOINT_EMPTY, FUNION_FEMPTY_2, FUNION_FEMPTY_1, 9265 EXISTS_PROD, FORALL_PROD, 9266 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM, 9267 DISJOINT_FMAP_UNION___REWRITE, 9268 var_res_prop_equal_unequal_EXPAND, var_res_prop_binexpression_def, 9269 COND_NONE_SOME_REWRITES, var_res_exp_const_EVAL] THEN 9270REPEAT GEN_TAC THEN CONJ_TAC THEN1 ( 9271 REPEAT STRIP_TAC THEN 9272 FULL_SIMP_TAC std_ss [SOME___VAR_RES_STACK_COMBINE, IN_UNION, 9273 var_res_sl___has_write_permission_def, FMERGE_DEF, 9274 COND_REWRITES, VAR_RES_STACK_IS_SEPARATE_def, 9275 BAG_IN_BAG_OF_SET, IN_DELETE] THENL [ 9276 9277 Q.PAT_X_ASSUM `!x. X x` (MP_TAC o Q.SPEC `v`) THEN 9278 ASM_SIMP_TAC std_ss [var_res_permission_THM2], 9279 9280 `~(vs SUBSET (FDOM (FMERGE VAR_RES_STACK_COMBINE___MERGE_FUNC p_1'' p_1')))` by 9281 METIS_TAC[VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___IS_SOME_IMPL, 9282 IS_SOME_DEF] THEN 9283 POP_ASSUM MP_TAC THEN 9284 `vs SUBSET FDOM p_1'` suffices_by (STRIP_TAC THEN 9285 FULL_SIMP_TAC std_ss [SUBSET_DEF, FMERGE_DEF, IN_UNION] 9286 ) THEN 9287 FULL_SIMP_TAC std_ss [var_res_sl___has_read_permission_def, SUBSET_DEF] THEN 9288 METIS_TAC[] 9289 ] 9290) THEN 9291STRIP_TAC THEN 9292DISCH_TAC THEN (POP_ASSUM (K ALL_TAC)) THEN 9293SIMP_TAC std_ss [SUBSET_DEF, IN_ABS, GSYM LEFT_FORALL_IMP_THM, 9294 asl_star_def, IN_SING, EXISTS_PROD, 9295 VAR_RES_COMBINATOR_REWRITE, DISJOINT_FMAP_UNION___REWRITE, 9296 FDOM_FEMPTY, DISJOINT_EMPTY, FUNION_FEMPTY_1, FUNION_FEMPTY_2, 9297 GSYM RIGHT_EXISTS_AND_THM, GSYM LEFT_EXISTS_AND_THM] THEN 9298REPEAT STRIP_TAC THEN 9299 9300`(var_res_exp_var v p_1' = SOME c) /\ (v IN FDOM p_1') /\ (FST (p_1' ' v) = c)` by ( 9301 FULL_SIMP_TAC std_ss [var_res_exp_var_def, COND_NONE_SOME_REWRITES, COND_RAND, COND_RATOR] THEN 9302 Q.PAT_X_ASSUM `v IN FDOM p_1'` ASSUME_TAC THEN 9303 FULL_SIMP_TAC std_ss [] 9304) THEN 9305`?nc. n p_1 = SOME nc` by ( 9306 Cases_on `n p_1` THEN FULL_SIMP_TAC std_ss [] 9307) THEN 9308FULL_SIMP_TAC std_ss [] THEN 9309Q.ABBREV_TAC `upL = MAP (\m'. (n' + m',EL m' XL)) (COUNT_LIST nc)` THEN 9310`ALL_DISTINCT (MAP FST upL) /\ 9311 (!x. (n' <= x /\ x < n' + nc) = MEM x (MAP FST upL))` by ( 9312 Q.UNABBREV_TAC `upL` THEN 9313 SIMP_TAC std_ss [MAP_MAP_o, o_DEF] THEN 9314 REPEAT STRIP_TAC THENL [ 9315 REPEAT (POP_ASSUM (K ALL_TAC)) THEN 9316 Induct_on `nc` THEN 9317 FULL_SIMP_TAC list_ss [COUNT_LIST_SNOC, MAP_MAP_o, o_DEF, 9318 MAP_SNOC, ALL_DISTINCT_SNOC, MEM_MAP, MEM_COUNT_LIST], 9319 9320 9321 ASM_SIMP_TAC list_ss [MEM_MAP, MEM_COUNT_LIST] THEN 9322 EQ_TAC THEN SIMP_TAC std_ss [GSYM LEFT_FORALL_IMP_THM] THEN 9323 REPEAT STRIP_TAC THEN 9324 Q.EXISTS_TAC `x - n'` THEN 9325 DECIDE_TAC 9326 ] 9327) THEN 9328FULL_SIMP_TAC std_ss [] THEN 9329Q.EXISTS_TAC `p_1' |+ (v,n',var_res_write_permission)` THEN 9330Q.EXISTS_TAC `FEMPTY |++ upL` THEN 9331 9332ONCE_REWRITE_TAC [holfoot_separation_combinator___COMM] THEN 9333FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator, 9334 FDOM_FUPDATE, FAPPLY_FUPDATE_THM, FDOM_FEMPTY, FDOM_FUPDATE_LIST, 9335 var_res_sl___has_write_permission_def, IN_INSERT, NOT_IN_EMPTY, 9336 IN_DISJOINT, IN_SING, SOME___VAR_RES_STACK_COMBINE, 9337 FMERGE_DEF, IN_UNION, VAR_RES_STACK_IS_SEPARATE_def, 9338 var_res_sl___has_read_permission_def] THEN 9339`~(v IN FDOM p_1'')` by ( 9340 Q.PAT_X_ASSUM `!x. Y1 x /\ Y2 x ==> X x` (MP_TAC o Q.SPEC `v`) THEN 9341 ASM_SIMP_TAC std_ss [var_res_permission_THM2] 9342) THEN 9343FULL_SIMP_TAC (std_ss++CONJ_ss) [] THEN 9344 9345SIMP_TAC std_ss [GSYM fmap_EQ_THM, EXTENSION] THEN 9346ASM_SIMP_TAC (std_ss++CONJ_ss++EQUIV_EXTRACT_ss) [ 9347 FMERGE_DEF, FDOM_FUPDATE, IN_UNION, IN_INSERT, 9348 FAPPLY_FUPDATE_THM, FUNION_DEF, FDOM_FEMPTY, NOT_IN_EMPTY, 9349 VAR_RES_STACK___IS_EQUAL_UPTO_VALUES_def, FDOM_FUPDATE_LIST] THEN 9350REPEAT (GEN_TAC ORELSE CONJ_TAC) THENL [ 9351 METIS_TAC[], 9352 9353 Cases_on `x IN FDOM p_1''` THEN ASM_SIMP_TAC std_ss [] THEN 9354 `~(x = v)` by PROVE_TAC[] THEN 9355 ASM_SIMP_TAC std_ss [VAR_RES_STACK_COMBINE___MERGE_FUNC_def, 9356 COND_REWRITES], 9357 9358 Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [], 9359 9360 Cases_on `MEM x (MAP FST upL)` THENL [ 9361 FULL_SIMP_TAC std_ss [MEM_MAP, EXISTS_PROD] THEN 9362 METIS_TAC [FUPDATE_LIST_APPLY___ALL_DISTINCT], 9363 9364 ASM_SIMP_TAC std_ss [FUPDATE_LIST_APPLY_NOT_MEM] 9365 ], 9366 9367 `vs SUBSET FDOM p_1'` by ( 9368 FULL_SIMP_TAC std_ss [BAG_IN_BAG_OF_SET, IN_DELETE, SUBSET_DEF] THEN 9369 METIS_TAC[] 9370 ) THEN 9371 `(var_res_exp_var_update (v,c) n) (p_1' |+ (v,n',var_res_write_permission)) = n p_1` by ( 9372 SIMP_TAC std_ss [var_res_exp_var_update_def] THEN 9373 MATCH_MP_TAC 9374 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___EXP_EQ THEN 9375 Q.EXISTS_TAC `vs` THEN 9376 FULL_SIMP_TAC std_ss [FMERGE_DEF, FDOM_FUNION, IN_INTER, IN_UNION, FDOM_FUPDATE, 9377 SUBSET_DEF, IN_INSERT, var_res_state_var_update_def] THEN 9378 REPEAT STRIP_TAC THEN 9379 `FST ((p_1' |+ (v,n',var_res_write_permission) |+ 9380 (v,c,var_res_write_permission)) ' v') = FST (p_1' ' v')` by ( 9381 Cases_on `v' = v` THEN 9382 ASM_SIMP_TAC std_ss [FAPPLY_FUPDATE_THM] 9383 ) THEN 9384 ASM_SIMP_TAC std_ss [COND_RAND, COND_RATOR, VAR_RES_STACK_COMBINE___MERGE_FUNC_def] THEN 9385 METIS_TAC[] 9386 ) THEN 9387 Q.UNABBREV_TAC `upL` THEN 9388 ASM_SIMP_TAC list_ss [holfoot_ap_array___ALTERNATIVE_DEF2, 9389 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 9390 LET_THM, IN_ABS, COUNT_LIST_def, FUPDATE_LIST_THM, 9391 var_res_exp_var_def, FDOM_FUPDATE_LIST, FDOM_FUPDATE, IN_INSERT, 9392 FDOM_FEMPTY, UNION_EMPTY, FAPPLY_FUPDATE_THM, MAP_MAP_o, 9393 o_DEF, LIST_TO_SET_MAP, COUNT_LIST_COUNT, 9394 GSYM IMAGE_COMPOSE, var_res_exp_prop_def, COND_RAND, COND_RATOR, 9395 var_res_prop_stack_true_REWRITE, asl_emp_DISJOINT_FMAP_UNION, IN_SING], 9396 9397 Cases_on `x = v` THEN ASM_SIMP_TAC std_ss [] 9398]); 9399 9400 9401 9402val HOLFOOT_COND_INFERENCE___prog_new = 9403store_thm ("HOLFOOT_COND_INFERENCE___prog_new", 9404``!wpb rpb v n tL c sfb progL Q. 9405((BAG_IN v wpb) /\ 9406VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET (SET_OF_BAG (BAG_UNION wpb rpb)) n) ==> 9407((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9408 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9409 (BAG_INSERT (holfoot_ap_data_array (var_res_exp_var v) (var_res_exp_varlist_update [(v,c)] n) []) 9410 (BAG_IMAGE (var_res_prop_varlist_update [(v, c)]) sfb))) 9411 (asl_prog_block progL) Q) ==> 9412 9413(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9414 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9415 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION 9416 (var_res_exp_var v) (var_res_exp_const c)) sfb)) 9417 (asl_prog_block ((holfoot_prog_new n v tL)::progL)) Q))``, 9418 9419SIMP_TAC std_ss [VAR_RES_COND_INFERENCE___prog_block, 9420 var_res_prop_varlist_update_SING, GSYM holfoot_ap_array_def] THEN 9421REPEAT STRIP_TAC THEN 9422Tactical.REVERSE (Cases_on `var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) 9423 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION (var_res_exp_var v) 9424 (var_res_exp_const c)) sfb)`) THEN1 ( 9425 FULL_SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, var_res_prop___REWRITE] 9426) THEN 9427MATCH_MP_TAC VAR_RES_COND_HOARE_TRIPLE___PROGRAM_ABSTRACTION_first THEN 9428MP_TAC (Q.SPECL [`n`, `c`, `v`, `SET_OF_BAG (BAG_UNION wpb rpb)`, `tL`] VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_new) THEN 9429ASM_REWRITE_TAC[] THEN 9430DISCH_TAC THEN POP_ASSUM (fn thm => EXISTS_TAC (rand (concl thm)) THEN REWRITE_TAC[thm]) THEN 9431SIMP_TAC std_ss [GSYM VAR_RES_COND_INFERENCE___prog_block, 9432 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 9433 9434HO_MATCH_MP_TAC 9435 (MP_CANON VAR_RES_COND_INFERENCE___var_res_prog_cond_best_local_action) THEN 9436ASM_SIMP_TAC std_ss [BAG_OF_EMPTY, EMPTY_SUBSET, SUBSET_DEF, IN_SET_OF_BAG, 9437 NOT_IN_EMPTY_BAG, BAG_IN_BAG_INSERT, IN_DELETE, 9438 VAR_RES_FRAME_SPLIT_NORMALISE, BAG_IN_BAG_OF_SET, 9439 VAR_RES_FRAME_SPLIT___FRAME] THEN 9440MATCH_MP_TAC VAR_RES_FRAME_SPLIT___equal_const___context_SING THEN 9441ASM_SIMP_TAC std_ss [BAG_IMAGE_EMPTY, IN_SET_OF_BAG, BAG_IN_BAG_UNION] THEN 9442 9443MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___SOLVE) THEN 9444CONJ_TAC THEN1 ( 9445 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, BAG_EVERY, 9446 BAG_IN_FINITE_BAG_IMAGE, GSYM LEFT_FORALL_IMP_THM, BAG_IN_BAG_INSERT, 9447 FINITE_BAG_THM, SET_OF_BAG_UNION, DISJ_IMP_THM, FORALL_AND_THM] THEN 9448 REPEAT STRIP_TAC THEN 9449 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___var_res_prop_var_update___INSERT THEN 9450 MATCH_MP_TAC VAR_RES_IS_STACK_IMPRECISE___USED_VARS___SUBSET THEN 9451 Q.EXISTS_TAC `SET_OF_BAG wpb UNION SET_OF_BAG rpb` THEN 9452 ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_UNION, IN_DIFF, IN_INSERT, 9453 IN_SET_OF_BAG, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 9454 BAG_IN_BAG_DIFF_ALL_DISTINCT, BAG_IN_BAG_UNION] 9455) THEN 9456FULL_SIMP_TAC std_ss [BAG_IMAGE_FINITE_INSERT, BAG_UNION_INSERT, BAG_UNION_EMPTY, 9457 var_res_exp_varlist_update_SING]); 9458 9459 9460 9461val HOLFOOT_COND_INFERENCE___prog_new_1 = 9462store_thm ("HOLFOOT_COND_INFERENCE___prog_new_1", 9463``!wpb rpb v c tL sfb progL Q. 9464(BAG_IN v wpb) ==> 9465((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9466 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9467 (BAG_INSERT (holfoot_ap_points_to (var_res_exp_var v) FEMPTY) 9468 (BAG_IMAGE (var_res_prop_varlist_update [(v, c)]) sfb))) 9469 (asl_prog_block progL) Q) ==> 9470 9471(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9472 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9473 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION 9474 (var_res_exp_var v) (var_res_exp_const c)) sfb)) 9475 (asl_prog_block ((holfoot_prog_new (var_res_exp_const 1) v tL)::progL)) Q))``, 9476 9477 9478REPEAT STRIP_TAC THEN 9479MATCH_MP_TAC (MP_CANON HOLFOOT_COND_INFERENCE___prog_new) THEN 9480ASM_SIMP_TAC list_ss [holfoot_ap_data_array_1, asl_trivial_cond_TF, 9481 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL, 9482 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL, 9483 var_res_exp_varlist_update___const_EVAL, LIST_TO_FMAP_THM]); 9484 9485 9486 9487 9488val HOLFOOT_COND_INFERENCE___prog_new___exp_rewrite___count = 9489store_thm ("HOLFOOT_COND_INFERENCE___prog_new___exp_rewrite___count", 9490``!wpb rpb v ne ne' tL sfb progL Q. 9491 9492IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne) /\ 9493IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne') ==> 9494 9495((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9496 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9497 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION ne ne') sfb)) 9498 (asl_prog_block ((holfoot_prog_new ne v tL)::progL)) Q) = 9499(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9500 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9501 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION ne ne') sfb)) 9502 (asl_prog_block ((holfoot_prog_new ne' v tL)::progL)) Q))``, 9503 9504REPEAT STRIP_TAC THEN 9505MATCH_MP_TAC VAR_RES_COND_INFERENCE___first_command_PRECOND_SEM THEN 9506 9507SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___REWRITE] THEN 9508REPEAT STRIP_TAC THEN 9509ASM_SIMP_TAC std_ss [holfoot_prog_new_def, 9510 ASL_PROGRAM_SEM___prim_command, 9511 ASL_ATOMIC_ACTION_SEM_def, 9512 EVAL_asl_prim_command_THM, 9513 GSYM holfoot_separation_combinator_def, 9514 IS_SEPARATION_COMBINATOR___FINITE_MAP, 9515 ASL_IS_LOCAL_ACTION___holfoot_new_action] THEN 9516 9517`ne (FST s) = ne' (FST s)` suffices_by (STRIP_TAC THEN 9518 ASM_SIMP_TAC std_ss [holfoot_new_action_def, LET_THM] 9519) THEN 9520 9521Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 9522FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 9523 var_res_prop___PROP_INSERT] THEN 9524SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 9525 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 9526 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM]); 9527 9528 9529 9530 9531 9532(*======================= 9533 = dispose heap location 9534 ========================*) 9535 9536 9537val holfoot_dispose_action_def = Define ` 9538 holfoot_dispose_action me e (s:holfoot_state) = 9539 let loc_opt = e (FST s) in 9540 let m_opt = me (FST s) in 9541 if (IS_NONE m_opt) then NONE else 9542 let m = (THE m_opt) in if (m = 0) then SOME {s} else 9543 if (IS_NONE loc_opt) then NONE else 9544 let loc = (THE loc_opt) in ( 9545 if (~((IMAGE (\n'. loc + n') (count m)) SUBSET FDOM (SND s)) \/ (loc = 0)) then NONE else 9546 (SOME {(FST s, DRESTRICT (SND s) (COMPL (IMAGE (\n'. loc + n') (count m))))}))`; 9547 9548val ASL_IS_LOCAL_ACTION___holfoot_dispose_action = store_thm ( 9549"ASL_IS_LOCAL_ACTION___holfoot_dispose_action", 9550``!ne e. 9551IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne) /\ 9552IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) ==> 9553ASL_IS_LOCAL_ACTION holfoot_separation_combinator (holfoot_dispose_action ne e)``, 9554 9555SIMP_TAC std_ss [ASL_IS_LOCAL_ACTION___ALTERNATIVE_EXT_DEF, 9556 holfoot_dispose_action_def, COND_NONE_SOME_REWRITES, IN_ABS, LET_THM, 9557 SOME___holfoot_separation_combinator, NOT_NONE_IS_SOME, IN_SING, 9558 COND_NONE_SOME_REWRITES, ASL_IS_SUBSTATE_def] THEN 9559REPEAT STRIP_TAC THEN 9560`?n. ne (FST s1) = SOME n` by ( 9561 Cases_on `ne (FST s1)` THEN FULL_SIMP_TAC std_ss [] 9562) THEN 9563`(ne (FST s3) = ne (FST s1))` by METIS_TAC[ 9564 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT, 9565 VAR_RES_STACK_IS_SUBSTATE_INTRO, IS_SOME_EXISTS] THEN 9566Cases_on `n = 0` THEN 9567 FULL_SIMP_TAC list_ss [COUNT_ZERO, IN_SING] THEN 9568 SRW_TAC[][] THEN 9569 FULL_SIMP_TAC std_ss [IN_SING] THEN 9570`?ev. e (FST s1) = SOME ev` by ( 9571 Cases_on `e (FST s1)` THEN FULL_SIMP_TAC std_ss [] 9572) THEN 9573`(e (FST s3) = e (FST s1))` by METIS_TAC[ 9574 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT, 9575 VAR_RES_STACK_IS_SUBSTATE_INTRO, IS_SOME_EXISTS] THEN 9576FULL_SIMP_TAC std_ss [] THEN 9577Q.ABBREV_TAC `loc_set = IMAGE (\n'. n' + ev) (count n)` THEN 9578FULL_SIMP_TAC (std_ss++EQUIV_EXTRACT_ss) [ 9579 FDOM_DRESTRICT, IN_DELETE, FUNION_DEF, DOMSUB_FAPPLY_THM, 9580 IN_UNION, IN_INTER, IN_COMPL, SUBSET_DEF, IN_UNION, 9581 DRESTRICT_DEF, DISJOINT_DEF, GSYM fmap_EQ_THM, EXTENSION, 9582 NOT_IN_EMPTY] THEN 9583METIS_TAC[]); 9584 9585 9586 9587val holfoot_prog_dispose_def = Define ` 9588(holfoot_prog_dispose ne e):holfoot_program = 9589asl_prog_prim_command (asl_pc_shallow_command (\f. holfoot_dispose_action ne e))`; 9590 9591 9592val holfoot_prog_dispose_0 = store_thm ("holfoot_prog_dispose_0", 9593``!e. (holfoot_prog_dispose (var_res_exp_const 0) e) = asl_prog_skip``, 9594SIMP_TAC std_ss [holfoot_prog_dispose_def, asl_pc_skip_def, 9595 asl_prog_skip_def, asl_prim_command_11, asl_prog_prim_command_11] THEN 9596SIMP_TAC std_ss [FUN_EQ_THM, asla_skip_def, holfoot_dispose_action_def, 9597 var_res_exp_const_EVAL, LET_THM]); 9598 9599val VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_dispose = store_thm ( 9600"VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_dispose", 9601``!n e vs. 9602 (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs e /\ 9603 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET vs n) ==> 9604 9605 VAR_RES_PROGRAM_IS_ABSTRACTION DISJOINT_FMAP_UNION (holfoot_prog_dispose n e) 9606 (var_res_prog_cond_best_local_action 9607 (var_res_prop DISJOINT_FMAP_UNION (EMPTY_BAG, BAG_OF_SET vs) 9608 {|holfoot_ap_array e n|}) 9609 (var_res_prop DISJOINT_FMAP_UNION (EMPTY_BAG, BAG_OF_SET vs) 9610 EMPTY_BAG))``, 9611 9612REPEAT STRIP_TAC THEN 9613`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 9614 IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS n)` by 9615 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 9616ASM_SIMP_TAC std_ss [ 9617 holfoot_prog_dispose_def, VAR_RES_PROGRAM_IS_ABSTRACTION_def, 9618 var_res_prog_cond_best_local_action_REWRITE, 9619 ASL_PROGRAM_IS_ABSTRACTION_def, 9620 ASL_PROGRAM_SEM___prim_command, ASL_ATOMIC_ACTION_SEM_def, 9621 EVAL_asl_prim_command_THM, GSYM holfoot_separation_combinator_def, 9622 ASL_IS_LOCAL_ACTION___holfoot_dispose_action, 9623 ASL_IS_LOCAL_ACTION___var_res_cond_best_local_action, 9624 IS_SEPARATION_COMBINATOR___holfoot_separation_combinator, 9625 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___VAR_CONST_EVAL] THEN 9626SIMP_TAC std_ss [var_res_cond_best_local_action_def, 9627 var_res_prop___REWRITE, COND_RAND, COND_RATOR] THEN 9628MATCH_MP_TAC (prove (`` 9629 (~c /\ (~c ==> x2)) ==> if c then x1 else x2``, SIMP_TAC std_ss [])) THEN 9630CONJ_TAC THEN1 ( 9631 ASM_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, 9632 FINITE_BAG_THM, BAG_IN_BAG_INSERT, NOT_IN_EMPTY_BAG, 9633 BAG_UNION_EMPTY, IS_SEPARATION_COMBINATOR___FINITE_MAP, BAG_ALL_DISTINCT_THM, 9634 SET_BAG_I, BAG_ALL_DISTINCT_BAG_OF_SET, 9635 VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array] 9636) THEN 9637 9638SIMP_TAC std_ss [fasl_action_order_POINTWISE_DEF] THEN 9639REPEAT STRIP_TAC THEN 9640Cases_on `holfoot_dispose_action n e s` THENL [ 9641 POP_ASSUM MP_TAC THEN 9642 ASM_SIMP_TAC std_ss [fasl_order_THM2, var_res_best_local_action_def, 9643 NONE___quant_best_local_action, IN_ABS, holfoot_dispose_action_def, 9644 LET_THM, COND_NONE_SOME_REWRITES, COND_NONE_SOME_REWRITES3, 9645 var_res_prop___PROP_INSERT, var_res_exp_const_EVAL, 9646 GSYM LEFT_FORALL_IMP_THM] THEN 9647 ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 9648 IS_SEPARATION_COMBINATOR___FINITE_MAP, NOT_IN_EMPTY_BAG, 9649 BAG_IN_BAG_OF_SET, var_res_bigstar_REWRITE, 9650 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 9651 var_res_sl___has_read_permission_def, 9652 var_res_prop_stack_true_def, var_res_bool_proposition_def, 9653 var_res_stack_proposition_def, asl_emp_DISJOINT_FMAP_UNION, 9654 IN_ABS, IN_SING, DISJOINT_FMAP_UNION___FEMPTY, GSYM SUBSET_DEF] THEN 9655 ASM_SIMP_TAC std_ss [holfoot_ap_array___ALTERNATIVE_DEF2, LET_THM, IN_ABS, 9656 GSYM RIGHT_FORALL_IMP_THM, NOT_NONE_IS_SOME, var_res_exp_prop_def] THEN 9657 REPEAT GEN_TAC THEN 9658 Cases_on `SOME s = holfoot_separation_combinator (SOME s0) (SOME x)` THEN ASM_REWRITE_TAC[] THEN 9659 Cases_on `vs SUBSET FDOM (FST x)` THEN ASM_REWRITE_TAC[] THEN 9660 `IS_SOME (e (FST x)) /\ IS_SOME (n (FST x))` by 9661 METIS_TAC[VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___IS_SOME_IMPL] THEN 9662 FULL_SIMP_TAC std_ss [SOME___holfoot_separation_combinator] THEN 9663 `(e (FST s) = e (FST x)) /\ (n (FST s) = n (FST x))` by METIS_TAC[ 9664 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT, 9665 VAR_RES_STACK_IS_SUBSTATE_INTRO] THEN 9666 `?ev. e (FST x) = SOME ev` by PROVE_TAC[IS_SOME_EXISTS] THEN 9667 `?nv. n (FST x) = SOME nv` by PROVE_TAC[IS_SOME_EXISTS] THEN 9668 FULL_SIMP_TAC std_ss [FDOM_FUNION, IN_UNION, IN_DISJOINT, 9669 COND_NONE_SOME_REWRITES3] THEN 9670 Q.ABBREV_TAC `locS = (IMAGE (\n'. ev + n') (count nv))` THEN 9671 Cases_on `FDOM (SND x) = locS` THEN ASM_SIMP_TAC std_ss [SUBSET_UNION], 9672 9673 9674 POP_ASSUM MP_TAC THEN 9675 ASM_SIMP_TAC std_ss [fasl_order_THM2, var_res_best_local_action_def, 9676 SOME___quant_best_local_action, IN_ABS, holfoot_dispose_action_def, 9677 LET_THM, COND_NONE_SOME_REWRITES, NOT_NONE_IS_SOME, 9678 var_res_exp_const_EVAL, COND_NONE_SOME_REWRITES3, 9679 COND_NONE_SOME_REWRITES2] THEN 9680 STRIP_TAC THEN 9681 DISCH_TAC THEN POP_ASSUM (K ALL_TAC) THEN 9682 ASM_SIMP_TAC std_ss [SUBSET_DEF, IN_SING, IN_ABS, asl_star_def, 9683 var_res_prop___PROP_INSERT] THEN 9684 ASM_SIMP_TAC std_ss [var_res_prop___PROP___REWRITE, 9685 IS_SEPARATION_COMBINATOR___FINITE_MAP, NOT_IN_EMPTY_BAG, 9686 BAG_IN_BAG_OF_SET, var_res_bigstar_REWRITE, 9687 asl_star___PROPERTIES, IS_SEPARATION_COMBINATOR___VAR_RES_COMBINATOR, 9688 var_res_sl___has_read_permission_def, 9689 var_res_prop_stack_true_def, var_res_bool_proposition_def, 9690 var_res_stack_proposition_def, asl_emp_DISJOINT_FMAP_UNION, 9691 IN_ABS, IN_SING, DISJOINT_FMAP_UNION___FEMPTY, GSYM SUBSET_DEF] THEN 9692 ASM_SIMP_TAC std_ss [EXISTS_PROD, SOME___holfoot_separation_combinator, 9693 FDOM_FEMPTY, DISJOINT_EMPTY, FUNION_FEMPTY_1, holfoot_ap_points_to_def, 9694 IN_ABS, LET_THM, holfoot_ap_array___ALTERNATIVE_DEF2, var_res_exp_prop_def] THEN 9695 REPEAT STRIP_TAC THEN 9696 `n (FST s) = n (FST x'')` by METIS_TAC[ 9697 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT, 9698 VAR_RES_STACK_IS_SUBSTATE_INTRO] THEN 9699 `?nv. n (FST x'') = SOME nv` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS] THEN 9700 FULL_SIMP_TAC std_ss [] THEN 9701 Cases_on `nv = 0` THEN1 ( 9702 FULL_SIMP_TAC std_ss [var_res_prop_stack_true_REWRITE, asl_emp_DISJOINT_FMAP_UNION, 9703 IN_SING, FUNION_FEMPTY_2] THEN 9704 Q.PAT_X_ASSUM `X = x` (ASSUME_TAC o GSYM) THEN 9705 FULL_SIMP_TAC std_ss [IN_SING] THEN 9706 METIS_TAC[VAR_RES_STACK___IS_EQUAL_UPTO_VALUES___REFL, 9707 VAR_RES_STACK_COMBINE___COMM] 9708 ) THEN 9709 FULL_SIMP_TAC std_ss [] THEN 9710 Q.PAT_X_ASSUM `X = x` (ASSUME_TAC o GSYM) THEN 9711 `e (FST s) = e (FST x'')` by METIS_TAC[ 9712 IS_SOME___VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS___SUBSTATE_LEFT, 9713 VAR_RES_STACK_IS_SUBSTATE_INTRO] THEN 9714 `?ev. e (FST x'') = SOME ev` by FULL_SIMP_TAC std_ss [IS_SOME_EXISTS] THEN 9715 FULL_SIMP_TAC (std_ss++CONJ_ss) [IN_SING] THEN 9716 REPEAT STRIP_TAC THEN 9717 Q.EXISTS_TAC `FST x''` THEN 9718 FULL_SIMP_TAC std_ss [VAR_RES_STACK___IS_EQUAL_UPTO_VALUES___REFL] THEN 9719 CONJ_TAC THEN1 METIS_TAC[VAR_RES_STACK_COMBINE___COMM] THEN 9720 ASM_SIMP_TAC std_ss [GSYM fmap_EQ_THM, EXTENSION] THEN 9721 FULL_SIMP_TAC std_ss [FDOM_DOMSUB, FUNION_DEF, DOMSUB_FAPPLY_THM, 9722 IN_UNION, IN_DELETE, IN_DISJOINT, IN_SING, DRESTRICT_DEF, IN_INTER, 9723 IN_COMPL] THEN 9724 METIS_TAC[] 9725]); 9726 9727 9728 9729 9730 9731val HOLFOOT_COND_INFERENCE___prog_dispose___SIMPLE = 9732store_thm ("HOLFOOT_COND_INFERENCE___prog_dispose___SIMPLE", 9733``!wpb rpb e n sfb progL Q. 9734(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9735 (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 9736 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9737 (SET_OF_BAG (BAG_UNION wpb rpb)) n) ==> 9738((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9739 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) sfb) 9740 (asl_prog_block progL) Q) ==> 9741 9742(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9743 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9744 (BAG_INSERT (holfoot_ap_array e n) sfb)) 9745 (asl_prog_block ((holfoot_prog_dispose n e)::progL)) Q))``, 9746 9747SIMP_TAC std_ss [VAR_RES_COND_INFERENCE___prog_block] THEN 9748REPEAT STRIP_TAC THEN 9749Tactical.REVERSE (Cases_on `var_res_prop___COND DISJOINT_FMAP_UNION (wpb,rpb) 9750 (BAG_INSERT (holfoot_ap_array e n) sfb)`) THEN1 ( 9751 FULL_SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, var_res_prop___REWRITE] 9752) THEN 9753MATCH_MP_TAC VAR_RES_COND_HOARE_TRIPLE___PROGRAM_ABSTRACTION_first THEN 9754MP_TAC (Q.SPECL [`n`, `e`, `(SET_OF_BAG (BAG_UNION wpb rpb))`] VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_dispose) THEN 9755MATCH_MP_TAC (prove (``(A /\ (B ==> C)) ==> ((A ==> B) ==> C)``, SIMP_TAC std_ss [])) THEN 9756CONJ_TAC THEN1 FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT] THEN 9757DISCH_TAC THEN POP_ASSUM (fn thm => EXISTS_TAC (rand (concl thm)) THEN REWRITE_TAC[thm]) THEN 9758SIMP_TAC std_ss [GSYM VAR_RES_COND_INFERENCE___prog_block, 9759 IS_SEPARATION_COMBINATOR___FINITE_MAP] THEN 9760HO_MATCH_MP_TAC 9761 (MP_CANON VAR_RES_COND_INFERENCE___var_res_prog_cond_best_local_action) THEN 9762ASM_SIMP_TAC std_ss [BAG_OF_EMPTY, EMPTY_SUBSET, SET_BAG_I, SUBSET_REFL, 9763 VAR_RES_FRAME_SPLIT_NORMALISE] THEN 9764REWRITE_TAC[VAR_RES_FRAME_SPLIT___FRAME] THEN 9765MATCH_MP_TAC (MP_CANON VAR_RES_FRAME_SPLIT___SOLVE) THEN 9766CONJ_TAC THEN1 ( 9767 FULL_SIMP_TAC std_ss [var_res_prop___COND___REWRITE, BAG_EVERY, 9768 BAG_IN_FINITE_BAG_IMAGE, GSYM LEFT_FORALL_IMP_THM, BAG_IN_BAG_INSERT, 9769 FINITE_BAG_THM, DISJ_IMP_THM, FORALL_AND_THM, 9770 BAG_OF_EMPTY, DIFF_EMPTY, GSYM SET_OF_BAG_UNION, 9771 BAG_DIFF_EMPTY] 9772) THEN 9773FULL_SIMP_TAC std_ss [BAG_UNION_EMPTY]); 9774 9775 9776 9777 9778 9779val HOLFOOT_COND_INFERENCE___prog_dispose = 9780store_thm ("HOLFOOT_COND_INFERENCE___prog_dispose", 9781``!wpb rpb e n data sfb progL Q. 9782(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9783 (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 9784 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9785 (SET_OF_BAG (BAG_UNION wpb rpb)) n) ==> 9786((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9787 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) sfb) 9788 (asl_prog_block progL) Q) ==> 9789 9790(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9791 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9792 (BAG_INSERT (holfoot_ap_data_array e n data) sfb)) 9793 (asl_prog_block ((holfoot_prog_dispose n e)::progL)) Q))``, 9794 9795REPEAT STRIP_TAC THEN 9796MATCH_MP_TAC (MP_CANON VAR_RES_COND_HOARE_TRIPLE___COND_PROP_IMP) THEN 9797Q.EXISTS_TAC `var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9798 (BAG_INSERT (holfoot_ap_array e n) sfb)` THEN 9799Tactical.REVERSE CONJ_TAC THEN1 METIS_TAC[HOLFOOT_COND_INFERENCE___prog_dispose___SIMPLE] THEN 9800 9801SIMP_TAC (std_ss++CONJ_ss) [COND_PROP___IMP_def, var_res_prop___REWRITE, 9802 var_res_prop___COND_INSERT, var_res_prop___PROP_INSERT, IN_ABS] THEN 9803REPEAT STRIP_TAC THEN1 ( 9804 METIS_TAC[VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array] 9805) THEN 9806Q.EXISTS_TAC `s1` THEN Q.EXISTS_TAC `s2` THEN 9807ASM_SIMP_TAC std_ss [] THEN 9808METIS_TAC[holfoot_ap_data_array___ELIM_DATA___COMPLETE]); 9809 9810 9811 9812 9813val HOLFOOT_COND_INFERENCE___prog_dispose_1 = 9814store_thm ("HOLFOOT_COND_INFERENCE___prog_dispose_1", 9815``!wpb rpb e L sfb progL Q. 9816(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9817 (SET_OF_BAG (BAG_UNION wpb rpb)) e) ==> 9818((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9819 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) sfb) 9820 (asl_prog_block progL) Q) ==> 9821 9822(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9823 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9824 (BAG_INSERT (holfoot_ap_points_to e L) sfb)) 9825 (asl_prog_block ((holfoot_prog_dispose (var_res_exp_const 1) e)::progL)) Q))``, 9826 9827 9828REPEAT STRIP_TAC THEN 9829MATCH_MP_TAC (MP_CANON VAR_RES_COND_HOARE_TRIPLE___COND_PROP_IMP) THEN 9830Q.EXISTS_TAC `var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9831 (BAG_INSERT (holfoot_ap_array e (var_res_exp_const 1)) sfb)` THEN 9832Tactical.REVERSE CONJ_TAC THEN1 ( 9833 MATCH_MP_TAC (MP_CANON HOLFOOT_COND_INFERENCE___prog_dispose___SIMPLE) THEN 9834 ASM_SIMP_TAC std_ss [ 9835 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 9836) THEN 9837SIMP_TAC (std_ss++CONJ_ss) [COND_PROP___IMP_def, var_res_prop___REWRITE, 9838 var_res_prop___COND_INSERT, var_res_prop___PROP_INSERT, IN_ABS] THEN 9839REPEAT STRIP_TAC THEN1 ( 9840 METIS_TAC[VAR_RES_IS_STACK_IMPRECISE___USED_VARS___holfoot_ap_array, 9841 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET___VAR_CONST_EVAL] 9842) THEN 9843Q.EXISTS_TAC `s1` THEN Q.EXISTS_TAC `s2` THEN 9844ASM_SIMP_TAC std_ss [] THEN 9845 9846`IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e)` by 9847 FULL_SIMP_TAC std_ss [VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET_def] THEN 9848`count 1 = {0}` by ( 9849 `1 = SUC 0` by DECIDE_TAC THEN 9850 ASM_REWRITE_TAC[COUNT_SUC, COUNT_ZERO] 9851) THEN 9852Q.PAT_X_ASSUM `X IN holfoot_ap_points_to e L` MP_TAC THEN 9853ASM_SIMP_TAC std_ss [holfoot_ap_array___ALTERNATIVE_DEF2, IN_ABS, LET_THM, 9854 COUNT_SUC, IMAGE_INSERT, IMAGE_EMPTY, holfoot_ap_points_to_def, 9855 var_res_exp_prop_def, var_res_exp_const_EVAL]); 9856 9857 9858 9859 9860 9861 9862val HOLFOOT_COND_INFERENCE___prog_dispose___FRAME = 9863store_thm ("HOLFOOT_COND_INFERENCE___prog_dispose___FRAME", 9864``!wpb rpb e n sfb progL Q. 9865(VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9866 (SET_OF_BAG (BAG_UNION wpb rpb)) e /\ 9867 VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS_SUBSET 9868 (SET_OF_BAG (BAG_UNION wpb rpb)) n) ==> 9869((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9870 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) sfb) 9871 (asl_prog_block 9872 ((var_res_prog_cond_best_local_action 9873 (var_res_prop DISJOINT_FMAP_UNION (EMPTY_BAG, BAG_UNION wpb rpb) 9874 {| holfoot_ap_array e n |}) 9875 (var_res_prop DISJOINT_FMAP_UNION (EMPTY_BAG, BAG_UNION wpb rpb) 9876 EMPTY_BAG))::progL)) Q) ==> 9877 9878(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9879 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) sfb) 9880 (asl_prog_block ((holfoot_prog_dispose n e)::progL)) Q))``, 9881 9882 9883SIMP_TAC std_ss [VAR_RES_COND_INFERENCE___prog_block] THEN 9884REPEAT STRIP_TAC THEN 9885Tactical.REVERSE (Cases_on `BAG_ALL_DISTINCT (BAG_UNION wpb rpb)`) THEN1 ( 9886 FULL_SIMP_TAC std_ss [VAR_RES_COND_HOARE_TRIPLE_def, var_res_prop___REWRITE, 9887 var_res_prop___COND___REWRITE] 9888) THEN 9889MATCH_MP_TAC VAR_RES_COND_HOARE_TRIPLE___PROGRAM_ABSTRACTION_first THEN 9890MP_TAC (Q.SPECL [`n`, `e`, `(SET_OF_BAG (BAG_UNION wpb rpb))`] VAR_RES_PROGRAM_IS_ABSTRACTION___holfoot_prog_dispose) THEN 9891FULL_SIMP_TAC std_ss [BAG_ALL_DISTINCT_SET] THEN 9892DISCH_TAC THEN POP_ASSUM (fn thm => EXISTS_TAC (rand (concl thm)) THEN REWRITE_TAC[thm]) THEN 9893ASM_SIMP_TAC std_ss []); 9894 9895 9896 9897 9898val HOLFOOT_COND_INFERENCE___prog_dispose___exp_rewrite = 9899store_thm ("HOLFOOT_COND_INFERENCE___prog_dispose___exp_rewrite", 9900``!wpb rpb ne e e' sfb progL Q. 9901 9902IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne) /\ 9903IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 9904IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e') ==> 9905 9906((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9907 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9908 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e e') sfb)) 9909 (asl_prog_block ((holfoot_prog_dispose ne e)::progL)) Q) = 9910(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9911 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9912 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION e e') sfb)) 9913 (asl_prog_block ((holfoot_prog_dispose ne e')::progL)) Q))``, 9914 9915REPEAT STRIP_TAC THEN 9916MATCH_MP_TAC VAR_RES_COND_INFERENCE___first_command_PRECOND_SEM THEN 9917 9918SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___REWRITE] THEN 9919REPEAT STRIP_TAC THEN 9920ASM_SIMP_TAC std_ss [holfoot_prog_dispose_def, 9921 ASL_PROGRAM_SEM___prim_command, 9922 ASL_ATOMIC_ACTION_SEM_def, 9923 EVAL_asl_prim_command_THM, 9924 GSYM holfoot_separation_combinator_def, 9925 ASL_IS_LOCAL_ACTION___holfoot_dispose_action] THEN 9926 9927`e (FST s) = e' (FST s)` suffices_by (STRIP_TAC THEN 9928 ASM_SIMP_TAC std_ss [holfoot_dispose_action_def, LET_THM] 9929) THEN 9930 9931Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 9932FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 9933 var_res_prop___PROP_INSERT] THEN 9934SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 9935 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 9936 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM]); 9937 9938 9939val HOLFOOT_COND_INFERENCE___prog_dispose___exp_rewrite___count = 9940store_thm ("HOLFOOT_COND_INFERENCE___prog_dispose___exp_rewrite___count", 9941``!wpb rpb e ne ne' sfb progL Q. 9942 9943IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS e) /\ 9944IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne) /\ 9945IS_SOME (VAR_RES_IS_STACK_IMPRECISE_EXPRESSION___USED_VARS ne') ==> 9946 9947((VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9948 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9949 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION ne ne') sfb)) 9950 (asl_prog_block ((holfoot_prog_dispose ne e)::progL)) Q) = 9951(VAR_RES_COND_HOARE_TRIPLE DISJOINT_FMAP_UNION 9952 (var_res_prop DISJOINT_FMAP_UNION (wpb,rpb) 9953 (BAG_INSERT (var_res_prop_equal DISJOINT_FMAP_UNION ne ne') sfb)) 9954 (asl_prog_block ((holfoot_prog_dispose ne' e)::progL)) Q))``, 9955 9956REPEAT STRIP_TAC THEN 9957MATCH_MP_TAC VAR_RES_COND_INFERENCE___first_command_PRECOND_SEM THEN 9958 9959SIMP_TAC (std_ss++CONJ_ss) [var_res_prop___REWRITE] THEN 9960REPEAT STRIP_TAC THEN 9961ASM_SIMP_TAC std_ss [holfoot_prog_dispose_def, 9962 ASL_PROGRAM_SEM___prim_command, 9963 ASL_ATOMIC_ACTION_SEM_def, 9964 EVAL_asl_prim_command_THM, 9965 GSYM holfoot_separation_combinator_def, 9966 ASL_IS_LOCAL_ACTION___holfoot_dispose_action] THEN 9967 9968`ne (FST s) = ne' (FST s)` suffices_by (STRIP_TAC THEN 9969 ASM_SIMP_TAC std_ss [holfoot_dispose_action_def, LET_THM] 9970) THEN 9971 9972Q.PAT_X_ASSUM `s IN X` MP_TAC THEN 9973FULL_SIMP_TAC std_ss [var_res_prop___COND_INSERT, 9974 var_res_prop___PROP_INSERT] THEN 9975SIMP_TAC (std_ss++CONJ_ss) [var_res_prop_equal_unequal_EXPAND, IN_ABS, 9976 IS_SOME_EXISTS, GSYM RIGHT_EXISTS_AND_THM, 9977 GSYM LEFT_EXISTS_AND_THM, GSYM LEFT_FORALL_IMP_THM]); 9978 9979 9980 9981 9982 9983 9984(******************************************************* 9985 * PROCCALL FREE 9986 ******************************************************) 9987 9988 9989val asl_prog_IS_RESOURCE_AND_PROCCALL_FREE___HOLFOOT_SIMPLE_REWRITES = 9990store_thm ("asl_prog_IS_RESOURCE_AND_PROCCALL_FREE___HOLFOOT_SIMPLE_REWRITES", 9991``asl_prog_IS_RESOURCE_AND_PROCCALL_FREE (holfoot_prog_dispose n e) /\ 9992 asl_prog_IS_RESOURCE_AND_PROCCALL_FREE (holfoot_prog_new n v tL) /\ 9993 asl_prog_IS_RESOURCE_AND_PROCCALL_FREE (holfoot_prog_field_assign e1 t e2) /\ 9994 asl_prog_IS_RESOURCE_AND_PROCCALL_FREE (holfoot_prog_field_lookup v e t)``, 9995 9996SIMP_TAC std_ss [holfoot_prog_dispose_def, 9997 holfoot_prog_new_def, holfoot_prog_field_lookup_def, 9998 holfoot_prog_field_assign_def, 9999 asl_prog_IS_RESOURCE_AND_PROCCALL_FREE___prim_command]); 10000 10001 10002val asl_prog_IS_RESOURCE_AND_PROCCALL_FREE___HOLFOOT_REWRITES = 10003 save_thm ("asl_prog_IS_RESOURCE_AND_PROCCALL_FREE___HOLFOOT_REWRITES", 10004 LIST_CONJ [ 10005 asl_prog_IS_RESOURCE_AND_PROCCALL_FREE___HOLFOOT_SIMPLE_REWRITES]) 10006 10007 10008val _ = export_theory(); 10009