(* Examples for Simpl VCG in part from $AFP/Simpl/ex/VcgEx.thy. 
   License: LGPL *)

theory week11B_demo 
imports Vcg "~~/src/HOL/Word/Word"
begin

-- ---------------------------------------------------------------------

-- "state space again"

record 'g vars = "'g state" +
  A_' :: nat
  I_' :: nat
  M_' :: nat
  N_' :: nat
  R_' :: nat
  S_' :: nat
  Abr_':: string
  B_' :: bool


section "Recursion"

primrec fac where 
  "fac 0 = 1" |
  "fac (Suc n) = Suc n * fac n"

lemma fac_simp [simp]: "0 < i \<Longrightarrow>  fac i = i * fac (i - 1)"
  by (cases i) simp_all

text {* Recursive version of factorial. *}

procedures
  Fac (N|R) = "IF \<acute>N = 0 THEN \<acute>R :== 1
                       ELSE \<acute>R :== CALL Fac(\<acute>N - 1);;
                            \<acute>R :== \<acute>N * \<acute>R
                       FI"

context Fac_impl
begin

thm Fac_impl Fac_body_def

text {*
  For recursive procedures, we carry around another environment \<Theta> for
  procedure specifications. Similarly to induction, we need to quantify
  n if we want to use a different value n in the recursive call. 
*}

lemma "\<forall>n. \<Gamma>,\<Theta>\<turnstile>\<lbrace>\<acute>N=n\<rbrace> PROC Fac(\<acute>N,\<acute>R) \<lbrace>\<acute>R = fac n\<rbrace>"
  apply (hoare_rule HoarePartial.ProcRec1)
  apply vcg
  apply simp
  done


-- "single stepping, \<Theta> does not really need to be named explicitly."
lemma "\<forall>n. \<Gamma>\<turnstile>\<lbrace>\<acute>N=n\<rbrace> PROC Fac(\<acute>N,\<acute>R) \<lbrace>\<acute>R = fac n\<rbrace>"
  apply (hoare_rule HoarePartial.ProcRec1)
  apply vcg_step
  apply   vcg_step
  apply  vcg_step
  apply vcg_step
  apply vcg_step
  apply simp
  done

end (* of context Fac_Impl *)


-- ---------------------------------------------------------------------

section "Guards"

datatype faults = Div | Others

lemma
  "\<Gamma> \<turnstile> \<lbrace>\<acute>N dvd \<acute>A\<rbrace> 
         \<acute>M :== \<acute>A div \<acute>N
       \<lbrace>\<acute>M * \<acute>N = \<acute>A\<rbrace>"
apply vcg
apply (auto simp: dvd_def)
done

-- "force additional verification conditions"
lemma
  "\<Gamma> \<turnstile> \<lbrace>\<acute>N dvd \<acute>A \<and> \<acute>N \<noteq> 0\<rbrace> 
         Guard Div \<lbrace>\<acute>N \<noteq> 0\<rbrace> (\<acute>M :== \<acute>A div \<acute>N)  
       \<lbrace>\<acute>M * \<acute>N = \<acute>A\<rbrace>"
apply vcg
apply (auto simp: dvd_def)
done


-- "assume Guards instead of proving them (or prove them later)"
lemma
  "\<Gamma> \<turnstile>\<^bsub>/{Div}\<^esub> \<lbrace>\<acute>N dvd \<acute>A\<rbrace> 
                 Guard Div \<lbrace>\<acute>N \<noteq> 0\<rbrace> (\<acute>M :== \<acute>A div \<acute>N)  
               \<lbrace>\<acute>M * \<acute>N = \<acute>A\<rbrace>"
apply vcg
apply clarsimp
apply (auto simp: dvd_def)
done


-- ---------------------------------------------------------------------

section "Words"

type_synonym byte = "8 word"

term "x::8"
term "x::8 word"
term "y::'a word"

lemma "(27 :: 4 word) = -5" by simp
lemma "(27 :: 4 word) = 11" by simp
lemma "27 \<noteq> (11 :: 6 word)" by simp

-- "comparisons:"  
lemma "23 < (27::8 word)" by simp
lemma "23 \<le> (27::8 word)" by simp
lemma "0 < (4::3 word)" by simp

-- "ring operations"
lemma "a + 2 * b + c - b = (b + c) + (a :: 32 word)" by simp

-- "casting"
lemma "uint (234567 :: 10 word) = 71" by simp
lemma "uint (-234567 :: 10 word) = 953" by simp
lemma "sint (234567 :: 10 word) = 71" by simp
lemma "sint (-234567 :: 10 word) = -71" by simp

lemma "unat (-234567 :: 10 word) = 953" by simp

lemma "ucast (0b1010 :: 4 word) = (0b10 :: 2 word)" by simp
lemma "ucast (0b1010 :: 4 word) = (0b1010 :: 10 word)" by simp
lemma "scast (0b1010 :: 4 word) = (0b111010 :: 6 word)" by simp

-- "reducing goals to nat or int and arith:"
lemma "i < x ==> i < (i + 1 :: 'a :: len word)" by unat_arith
lemma "i < x ==> i < (i + 1 :: 'a :: len word)" by uint_arith

-- "bool lists"

lemma "of_bl [True, False, True, True] = (0b1011::'a::len word)" by simp

lemma "to_bl (0b110::4 word) = [False, True, True, False]" by simp



-- "bit operations"

lemma "0b110 AND 0b101 = (0b100 :: 32 word)" by simp

lemma "0b110 OR 0b011 = (0b111 :: 8 word)" by simp

lemma "0xF0 XOR 0xFF = (0x0F :: byte)" by simp

lemma "NOT (0xF0 :: 16 word) = 0xFF0F" by simp

lemma "(-1 :: 32 word) = 0xFFFFFFFF" by simp

lemma "(0b0010 :: 4 word) !! 1" by simp
lemma "\<not> (0b0010 :: 4 word) !! 0" by simp
lemma "\<not> (0b1000 :: 3 word) !! 4" by simp

lemma "(0b11000 :: 10 word) !! n = (n = 4 \<or> n = 3)" 
  by (auto simp add: bin_nth_Bit0 bin_nth_Bit1)

lemma "word_cat (0b0011::4 word) (0b1111::6word) = (0b0011001111 :: 10 word)" 
  by simp

lemma "0b1011 << 2 = (0b101100::'a::len0 word)" by simp
lemma "0b1011 >> 2 = (0b10::8 word)" by simp
lemma "0b1011 >>> 2 = (0b10::8 word)" by simp

lemma "slice 3 (0b101111::6 word) = (0b101::3 word)" by simp

lemma "word_rotr 2 0b0110 = (0b1001::4 word)" by simp
lemma "word_rotl 1 0b1110 = (0b1101::4 word)" by simp
lemma "word_roti 2 0b1110 = (0b1011::4 word)" by simp
lemma "word_roti -2 0b0110 = (0b1001::4 word)" by simp

end