src/HOL/UNITY/Constrains.ML
changeset 5313 1861a564d7e2
child 5319 7356d0c88b1b
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/src/HOL/UNITY/Constrains.ML	Thu Aug 13 18:06:40 1998 +0200
     1.3 @@ -0,0 +1,262 @@
     1.4 +(*  Title:      HOL/UNITY/Constrains
     1.5 +    ID:         $Id$
     1.6 +    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     1.7 +    Copyright   1998  University of Cambridge
     1.8 +
     1.9 +Safety relations: restricted to the set of reachable states.
    1.10 +*)
    1.11 +
    1.12 +
    1.13 +
    1.14 +(**MOVE TO EQUALITIES.ML**)
    1.15 +
    1.16 +Goal "(A Un B <= C) = (A <= C & B <= C)";
    1.17 +by (Blast_tac 1);
    1.18 +qed "Un_subset_iff";
    1.19 +
    1.20 +Goal "(C <= A Int B) = (C <= A & C <= B)";
    1.21 +by (Blast_tac 1);
    1.22 +qed "Int_subset_iff";
    1.23 +
    1.24 +
    1.25 +(*** Constrains ***)
    1.26 +
    1.27 +(*constrains (Acts prg) B B'
    1.28 +  ==> constrains (Acts prg) (reachable prg Int B) (reachable prg Int B')*)
    1.29 +bind_thm ("constrains_reachable_Int",
    1.30 +	  subset_refl RS
    1.31 +	  rewrite_rule [stable_def] stable_reachable RS 
    1.32 +	  constrains_Int);
    1.33 +
    1.34 +Goalw [Constrains_def]
    1.35 +    "constrains (Acts prg) A A' ==> Constrains prg A A'";
    1.36 +by (etac constrains_reachable_Int 1);
    1.37 +qed "constrains_imp_Constrains";
    1.38 +
    1.39 +val prems = Goal
    1.40 +    "(!!act s s'. [| act: Acts prg;  (s,s') : act;  s: A |] ==> s': A') \
    1.41 +\    ==> Constrains prg A A'";
    1.42 +by (rtac constrains_imp_Constrains 1);
    1.43 +by (blast_tac (claset() addIs (constrainsI::prems)) 1);
    1.44 +qed "ConstrainsI";
    1.45 +
    1.46 +Goalw [Constrains_def, constrains_def] "Constrains prg {} B";
    1.47 +by (Blast_tac 1);
    1.48 +qed "Constrains_empty";
    1.49 +
    1.50 +Goal "Constrains prg A UNIV";
    1.51 +by (blast_tac (claset() addIs [ConstrainsI]) 1);
    1.52 +qed "Constrains_UNIV";
    1.53 +AddIffs [Constrains_empty, Constrains_UNIV];
    1.54 +
    1.55 +
    1.56 +Goalw [Constrains_def]
    1.57 +    "[| Constrains prg A A'; A'<=B' |] ==> Constrains prg A B'";
    1.58 +by (blast_tac (claset() addIs [constrains_weaken_R]) 1);
    1.59 +qed "Constrains_weaken_R";
    1.60 +
    1.61 +Goalw [Constrains_def]
    1.62 +    "[| Constrains prg A A'; B<=A |] ==> Constrains prg B A'";
    1.63 +by (blast_tac (claset() addIs [constrains_weaken_L]) 1);
    1.64 +qed "Constrains_weaken_L";
    1.65 +
    1.66 +Goalw [Constrains_def]
    1.67 +   "[| Constrains prg A A'; B<=A; A'<=B' |] ==> Constrains prg B B'";
    1.68 +by (blast_tac (claset() addIs [constrains_weaken]) 1);
    1.69 +qed "Constrains_weaken";
    1.70 +
    1.71 +(** Union **)
    1.72 +
    1.73 +Goalw [Constrains_def]
    1.74 +    "[| Constrains prg A A'; Constrains prg B B' |]   \
    1.75 +\    ==> Constrains prg (A Un B) (A' Un B')";
    1.76 +by (blast_tac (claset() addIs [constrains_Un RS constrains_weaken]) 1);
    1.77 +qed "Constrains_Un";
    1.78 +
    1.79 +Goalw [Constrains_def]
    1.80 +    "ALL i:I. Constrains prg (A i) (A' i) \
    1.81 +\    ==> Constrains prg (UN i:I. A i) (UN i:I. A' i)";
    1.82 +by (dtac ball_constrains_UN 1);
    1.83 +by (blast_tac (claset() addIs [constrains_weaken]) 1);
    1.84 +qed "ball_Constrains_UN";
    1.85 +
    1.86 +(** Intersection **)
    1.87 +
    1.88 +Goalw [Constrains_def]
    1.89 +    "[| Constrains prg A A'; Constrains prg B B' |]   \
    1.90 +\    ==> Constrains prg (A Int B) (A' Int B')";
    1.91 +by (blast_tac (claset() addIs [constrains_Int RS constrains_weaken]) 1);
    1.92 +qed "Constrains_Int";
    1.93 +
    1.94 +Goalw [Constrains_def]
    1.95 +    "[| ALL i:I. Constrains prg (A i) (A' i) |]   \
    1.96 +\    ==> Constrains prg (INT i:I. A i) (INT i:I. A' i)";
    1.97 +by (dtac ball_constrains_INT 1);
    1.98 +by (blast_tac (claset() addIs [constrains_reachable_Int, constrains_weaken]) 1);
    1.99 +qed "ball_Constrains_INT";
   1.100 +
   1.101 +Goalw [Constrains_def]
   1.102 +     "[| Constrains prg A A'; id: Acts prg |] ==> reachable prg Int A <= A'";
   1.103 +by (dtac constrains_imp_subset 1);
   1.104 +by (assume_tac 1);
   1.105 +by (full_simp_tac (simpset() addsimps [Int_subset_iff, Int_lower1]) 1);
   1.106 +qed "Constrains_imp_subset";
   1.107 +
   1.108 +Goalw [Constrains_def]
   1.109 +    "[| id: Acts prg; Constrains prg A B; Constrains prg B C |]   \
   1.110 +\    ==> Constrains prg A C";
   1.111 +by (blast_tac (claset() addIs [constrains_trans, constrains_weaken]) 1);
   1.112 +qed "Constrains_trans";
   1.113 +
   1.114 +
   1.115 +(*** Stable ***)
   1.116 +
   1.117 +Goal "Stable prg A = stable (Acts prg) (reachable prg Int A)";
   1.118 +by (simp_tac (simpset() addsimps [Stable_def, Constrains_def, stable_def]) 1);
   1.119 +qed "Stable_eq_stable";
   1.120 +
   1.121 +Goalw [Stable_def] "Constrains prg A A ==> Stable prg A";
   1.122 +by (assume_tac 1);
   1.123 +qed "StableI";
   1.124 +
   1.125 +Goalw [Stable_def] "Stable prg A ==> Constrains prg A A";
   1.126 +by (assume_tac 1);
   1.127 +qed "StableD";
   1.128 +
   1.129 +Goalw [Stable_def]
   1.130 +    "[| Stable prg A; Stable prg A' |] ==> Stable prg (A Un A')";
   1.131 +by (blast_tac (claset() addIs [Constrains_Un]) 1);
   1.132 +qed "Stable_Un";
   1.133 +
   1.134 +Goalw [Stable_def]
   1.135 +    "[| Stable prg A; Stable prg A' |] ==> Stable prg (A Int A')";
   1.136 +by (blast_tac (claset() addIs [Constrains_Int]) 1);
   1.137 +qed "Stable_Int";
   1.138 +
   1.139 +Goalw [Stable_def]
   1.140 +    "[| Stable prg C; Constrains prg A (C Un A') |]   \
   1.141 +\    ==> Constrains prg (C Un A) (C Un A')";
   1.142 +by (blast_tac (claset() addIs [Constrains_Un RS Constrains_weaken]) 1);
   1.143 +qed "Stable_Constrains_Un";
   1.144 +
   1.145 +Goalw [Stable_def]
   1.146 +    "[| Stable prg C; Constrains prg (C Int A) A' |]   \
   1.147 +\    ==> Constrains prg (C Int A) (C Int A')";
   1.148 +by (blast_tac (claset() addIs [Constrains_Int RS Constrains_weaken]) 1);
   1.149 +qed "Stable_Constrains_Int";
   1.150 +
   1.151 +Goalw [Stable_def]
   1.152 +    "(ALL i:I. Stable prg (A i)) ==> Stable prg (INT i:I. A i)";
   1.153 +by (etac ball_Constrains_INT 1);
   1.154 +qed "ball_Stable_INT";
   1.155 +
   1.156 +Goal "Stable prg (reachable prg)";
   1.157 +by (simp_tac (simpset() addsimps [Stable_eq_stable, stable_reachable]) 1);
   1.158 +qed "Stable_reachable";
   1.159 +
   1.160 +
   1.161 +
   1.162 +(*** The Elimination Theorem.  The "free" m has become universally quantified!
   1.163 +     Should the premise be !!m instead of ALL m ?  Would make it harder to use
   1.164 +     in forward proof. ***)
   1.165 +
   1.166 +Goalw [Constrains_def, constrains_def]
   1.167 +    "[| ALL m. Constrains prg {s. s x = m} (B m) |] \
   1.168 +\    ==> Constrains prg {s. s x : M} (UN m:M. B m)";
   1.169 +by (Blast_tac 1);
   1.170 +qed "Elimination";
   1.171 +
   1.172 +(*As above, but for the trivial case of a one-variable state, in which the
   1.173 +  state is identified with its one variable.*)
   1.174 +Goalw [Constrains_def, constrains_def]
   1.175 +    "(ALL m. Constrains prg {m} (B m)) ==> Constrains prg M (UN m:M. B m)";
   1.176 +by (Blast_tac 1);
   1.177 +qed "Elimination_sing";
   1.178 +
   1.179 +Goalw [Constrains_def, constrains_def]
   1.180 +   "[| Constrains prg A (A' Un B); Constrains prg B B'; id: Acts prg |] \
   1.181 +\   ==> Constrains prg A (A' Un B')";
   1.182 +by (Blast_tac 1);
   1.183 +qed "Constrains_cancel";
   1.184 +
   1.185 +
   1.186 +(*** Specialized laws for handling Invariants ***)
   1.187 +
   1.188 +(** Natural deduction rules for "Invariant prg A" **)
   1.189 +
   1.190 +Goal "[| Init prg<=A;  Stable prg A |] ==> Invariant prg A";
   1.191 +by (asm_simp_tac (simpset() addsimps [Invariant_def]) 1);
   1.192 +qed "InvariantI";
   1.193 +
   1.194 +Goal "Invariant prg A ==> Init prg<=A & Stable prg A";
   1.195 +by (asm_full_simp_tac (simpset() addsimps [Invariant_def]) 1);
   1.196 +qed "InvariantD";
   1.197 +
   1.198 +bind_thm ("InvariantE", InvariantD RS conjE);
   1.199 +
   1.200 +
   1.201 +(*The set of all reachable states is an Invariant...*)
   1.202 +Goal "Invariant prg (reachable prg)";
   1.203 +by (simp_tac (simpset() addsimps [Invariant_def]) 1);
   1.204 +by (blast_tac (claset() addIs (Stable_reachable::reachable.intrs)) 1);
   1.205 +qed "Invariant_reachable";
   1.206 +
   1.207 +(*...in fact the strongest Invariant!*)
   1.208 +Goal "Invariant prg A ==> reachable prg <= A";
   1.209 +by (full_simp_tac 
   1.210 +    (simpset() addsimps [Stable_def, Constrains_def, constrains_def, 
   1.211 +			 Invariant_def]) 1);
   1.212 +by (rtac subsetI 1);
   1.213 +by (etac reachable.induct 1);
   1.214 +by (REPEAT (blast_tac (claset() addIs reachable.intrs) 1));
   1.215 +qed "Invariant_includes_reachable";
   1.216 +
   1.217 +
   1.218 +Goal "Invariant prg INV ==> reachable prg Int INV = reachable prg";
   1.219 +by (dtac Invariant_includes_reachable 1);
   1.220 +by (Blast_tac 1);
   1.221 +qed "reachable_Int_INV";
   1.222 +
   1.223 +Goal "[| Invariant prg INV;  Constrains prg (INV Int A) A' |]   \
   1.224 +\     ==> Constrains prg A A'";
   1.225 +by (asm_full_simp_tac
   1.226 +    (simpset() addsimps [Constrains_def, reachable_Int_INV,
   1.227 +			 Int_assoc RS sym]) 1);
   1.228 +qed "Invariant_ConstrainsI";
   1.229 +
   1.230 +bind_thm ("Invariant_StableI", Invariant_ConstrainsI RS StableI);
   1.231 +
   1.232 +Goal "[| Invariant prg INV;  Constrains prg A A' |]   \
   1.233 +\     ==> Constrains prg A (INV Int A')";
   1.234 +by (asm_full_simp_tac
   1.235 +    (simpset() addsimps [Constrains_def, reachable_Int_INV,
   1.236 +			 Int_assoc RS sym]) 1);
   1.237 +qed "Invariant_ConstrainsD";
   1.238 +
   1.239 +bind_thm ("Invariant_StableD", StableD RSN (2,Invariant_ConstrainsD));
   1.240 +
   1.241 +
   1.242 +
   1.243 +(** Conjoining Invariants **)
   1.244 +
   1.245 +Goal "[| Invariant prg A;  Invariant prg B |] ==> Invariant prg (A Int B)";
   1.246 +by (auto_tac (claset(),
   1.247 +	      simpset() addsimps [Invariant_def, Stable_Int]));
   1.248 +qed "Invariant_Int";
   1.249 +
   1.250 +(*Delete the nearest invariance assumption (which will be the second one
   1.251 +  used by Invariant_Int) *)
   1.252 +val Invariant_thin =
   1.253 +    read_instantiate_sg (sign_of thy)
   1.254 +                [("V", "Invariant ?Prg ?A")] thin_rl;
   1.255 +
   1.256 +(*Combines two invariance ASSUMPTIONS into one.  USEFUL??*)
   1.257 +val Invariant_Int_tac = dtac Invariant_Int THEN' 
   1.258 +                        assume_tac THEN'
   1.259 +			etac Invariant_thin;
   1.260 +
   1.261 +(*Combines two invariance THEOREMS into one.*)
   1.262 +val Invariant_Int_rule = foldr1 (fn (th1,th2) => [th1,th2] MRS Invariant_Int);
   1.263 +
   1.264 +
   1.265 +