src/HOL/UNITY/Comp.thy
author paulson
Thu Dec 03 10:45:06 1998 +0100 (1998-12-03)
changeset 6012 1894bfc4aee9
parent 5612 e981ca6f7332
child 6138 b7e6e607bb4d
permissions -rw-r--r--
Addition of the States component; parts of Comp not working
paulson@5597
     1
(*  Title:      HOL/UNITY/Comp.thy
paulson@5597
     2
    ID:         $Id$
paulson@5597
     3
    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
paulson@5597
     4
    Copyright   1998  University of Cambridge
paulson@5597
     5
paulson@5597
     6
Composition
paulson@5597
     7
paulson@5597
     8
From Chandy and Sanders, "Reasoning About Program Composition"
paulson@5597
     9
*)
paulson@5597
    10
paulson@5597
    11
Comp = Union +
paulson@5597
    12
paulson@5597
    13
constdefs
paulson@5597
    14
paulson@5597
    15
  (*Existential and Universal properties.  I formalize the two-program
paulson@5597
    16
    case, proving equivalence with Chandy and Sanders's n-ary definitions*)
paulson@5597
    17
paulson@5597
    18
  ex_prop  :: 'a program set => bool
paulson@6012
    19
   "ex_prop X ==
paulson@6012
    20
      ALL F G. (F:X | G: X) & States F = States G --> (F Join G) : X"
paulson@5597
    21
paulson@5597
    22
  strict_ex_prop  :: 'a program set => bool
paulson@6012
    23
   "strict_ex_prop X ==
paulson@6012
    24
      ALL F G. States F = States G --> (F:X | G: X) = (F Join G : X)"
paulson@5597
    25
paulson@5597
    26
  uv_prop  :: 'a program set => bool
paulson@6012
    27
   "uv_prop X ==
paulson@6012
    28
      SKIP UNIV : X &
paulson@6012
    29
      (ALL F G. F:X & G: X & States F = States G --> (F Join G) : X)"
paulson@5597
    30
paulson@5597
    31
  strict_uv_prop  :: 'a program set => bool
paulson@6012
    32
   "strict_uv_prop X ==
paulson@6012
    33
      SKIP UNIV : X &
paulson@6012
    34
      (ALL F G. States F = States G --> (F:X & G: X) = (F Join G : X))"
paulson@5597
    35
paulson@5612
    36
  (*Ill-defined programs can arise through "Join"*)
paulson@5612
    37
  welldef :: 'a program set  
paulson@5612
    38
   "welldef == {F. Init F ~= {}}"
paulson@5597
    39
paulson@5597
    40
  component :: ['a program, 'a program] => bool
paulson@6012
    41
   "component F H == EX G. F Join G = H & States F = States G"
paulson@5597
    42
paulson@5597
    43
  guarantees :: ['a program set, 'a program set] => 'a program set (infixl 65)
paulson@5597
    44
   "X guarantees Y == {F. ALL H. component F H --> H:X --> H:Y}"
paulson@5597
    45
paulson@5612
    46
  refines :: ['a program, 'a program, 'a program set] => bool
paulson@5612
    47
			("(3_ refines _ wrt _)" [10,10,10] 10)
paulson@5612
    48
   "G refines F wrt X ==
paulson@6012
    49
      States F = States G &
paulson@6012
    50
      (ALL H. States F = States H & (F Join H) : welldef Int X
paulson@6012
    51
        --> G Join H : welldef Int X)"
paulson@5612
    52
paulson@5612
    53
  iso_refines :: ['a program, 'a program, 'a program set] => bool
paulson@5612
    54
			("(3_ iso'_refines _ wrt _)" [10,10,10] 10)
paulson@5612
    55
   "G iso_refines F wrt X ==
paulson@5612
    56
      F : welldef Int X --> G : welldef Int X"
paulson@5612
    57
paulson@5597
    58
end