src/HOL/HOLCF/IOA/meta_theory/Automata.thy
author wenzelm
Sun Nov 09 17:04:14 2014 +0100 (2014-11-09)
changeset 58957 c9e744ea8a38
parent 58880 0baae4311a9f
child 59807 22bc39064290
permissions -rw-r--r--
proper context for match_tac etc.;
     1 (*  Title:      HOL/HOLCF/IOA/meta_theory/Automata.thy
     2     Author:     Olaf Müller, Konrad Slind, Tobias Nipkow
     3 *)
     4 
     5 section {* The I/O automata of Lynch and Tuttle in HOLCF *}
     6 
     7 theory Automata
     8 imports Asig
     9 begin
    10 
    11 default_sort type
    12 
    13 type_synonym
    14   ('a, 's) transition = "'s * 'a * 's"
    15 
    16 type_synonym
    17   ('a, 's) ioa = "'a signature * 's set * ('a,'s)transition set * ('a set set) * ('a set set)"
    18 
    19 consts
    20 
    21   (* IO automata *)
    22 
    23   asig_of        ::"('a,'s)ioa => 'a signature"
    24   starts_of      ::"('a,'s)ioa => 's set"
    25   trans_of       ::"('a,'s)ioa => ('a,'s)transition set"
    26   wfair_of       ::"('a,'s)ioa => ('a set) set"
    27   sfair_of       ::"('a,'s)ioa => ('a set) set"
    28 
    29   is_asig_of     ::"('a,'s)ioa => bool"
    30   is_starts_of   ::"('a,'s)ioa => bool"
    31   is_trans_of    ::"('a,'s)ioa => bool"
    32   input_enabled  ::"('a,'s)ioa => bool"
    33   IOA            ::"('a,'s)ioa => bool"
    34 
    35   (* constraints for fair IOA *)
    36 
    37   fairIOA        ::"('a,'s)ioa => bool"
    38   input_resistant::"('a,'s)ioa => bool"
    39 
    40   (* enabledness of actions and action sets *)
    41 
    42   enabled        ::"('a,'s)ioa => 'a => 's => bool"
    43   Enabled    ::"('a,'s)ioa => 'a set => 's => bool"
    44 
    45   (* action set keeps enabled until probably disabled by itself *)
    46 
    47   en_persistent  :: "('a,'s)ioa => 'a set => bool"
    48 
    49  (* post_conditions for actions and action sets *)
    50 
    51   was_enabled        ::"('a,'s)ioa => 'a => 's => bool"
    52   set_was_enabled    ::"('a,'s)ioa => 'a set => 's => bool"
    53 
    54   (* invariants *)
    55   invariant     :: "[('a,'s)ioa, 's=>bool] => bool"
    56 
    57   (* binary composition of action signatures and automata *)
    58   asig_comp    ::"['a signature, 'a signature] => 'a signature"
    59   compatible   ::"[('a,'s)ioa, ('a,'t)ioa] => bool"
    60   par          ::"[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa"  (infixr "||" 10)
    61 
    62   (* hiding and restricting *)
    63   hide_asig     :: "['a signature, 'a set] => 'a signature"
    64   hide          :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa"
    65   restrict_asig :: "['a signature, 'a set] => 'a signature"
    66   restrict      :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa"
    67 
    68   (* renaming *)
    69   rename_set    :: "'a set => ('c => 'a option) => 'c set"
    70   rename        :: "('a, 'b)ioa => ('c => 'a option) => ('c,'b)ioa"
    71 
    72 notation (xsymbols)
    73   par  (infixr "\<parallel>" 10)
    74 
    75 
    76 inductive
    77   reachable :: "('a, 's) ioa => 's => bool"
    78   for C :: "('a, 's) ioa"
    79   where
    80     reachable_0:  "s : starts_of C ==> reachable C s"
    81   | reachable_n:  "[| reachable C s; (s, a, t) : trans_of C |] ==> reachable C t"
    82 
    83 abbreviation
    84   trans_of_syn  ("_ -_--_-> _" [81,81,81,81] 100) where
    85   "s -a--A-> t == (s,a,t):trans_of A"
    86 
    87 notation (xsymbols)
    88   trans_of_syn  ("_ \<midarrow>_\<midarrow>_\<longrightarrow> _" [81,81,81,81] 100)
    89 
    90 abbreviation "act A == actions (asig_of A)"
    91 abbreviation "ext A == externals (asig_of A)"
    92 abbreviation int where "int A == internals (asig_of A)"
    93 abbreviation "inp A == inputs (asig_of A)"
    94 abbreviation "out A == outputs (asig_of A)"
    95 abbreviation "local A == locals (asig_of A)"
    96 
    97 defs
    98 
    99 (* --------------------------------- IOA ---------------------------------*)
   100 
   101 asig_of_def:   "asig_of == fst"
   102 starts_of_def: "starts_of == (fst o snd)"
   103 trans_of_def:  "trans_of == (fst o snd o snd)"
   104 wfair_of_def:  "wfair_of == (fst o snd o snd o snd)"
   105 sfair_of_def:  "sfair_of == (snd o snd o snd o snd)"
   106 
   107 is_asig_of_def:
   108   "is_asig_of A == is_asig (asig_of A)"
   109 
   110 is_starts_of_def:
   111   "is_starts_of A ==  (~ starts_of A = {})"
   112 
   113 is_trans_of_def:
   114   "is_trans_of A ==
   115     (!triple. triple:(trans_of A) --> fst(snd(triple)):actions(asig_of A))"
   116 
   117 input_enabled_def:
   118   "input_enabled A ==
   119     (!a. (a:inputs(asig_of A)) --> (!s1. ? s2. (s1,a,s2):(trans_of A)))"
   120 
   121 
   122 ioa_def:
   123   "IOA A == (is_asig_of A    &
   124              is_starts_of A  &
   125              is_trans_of A   &
   126              input_enabled A)"
   127 
   128 
   129 invariant_def: "invariant A P == (!s. reachable A s --> P(s))"
   130 
   131 
   132 (* ------------------------- parallel composition --------------------------*)
   133 
   134 
   135 compatible_def:
   136   "compatible A B ==
   137   (((out A Int out B) = {}) &
   138    ((int A Int act B) = {}) &
   139    ((int B Int act A) = {}))"
   140 
   141 asig_comp_def:
   142   "asig_comp a1 a2 ==
   143      (((inputs(a1) Un inputs(a2)) - (outputs(a1) Un outputs(a2)),
   144        (outputs(a1) Un outputs(a2)),
   145        (internals(a1) Un internals(a2))))"
   146 
   147 par_def:
   148   "(A || B) ==
   149       (asig_comp (asig_of A) (asig_of B),
   150        {pr. fst(pr):starts_of(A) & snd(pr):starts_of(B)},
   151        {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr))
   152             in (a:act A | a:act B) &
   153                (if a:act A then
   154                   (fst(s),a,fst(t)):trans_of(A)
   155                 else fst(t) = fst(s))
   156                &
   157                (if a:act B then
   158                   (snd(s),a,snd(t)):trans_of(B)
   159                 else snd(t) = snd(s))},
   160         wfair_of A Un wfair_of B,
   161         sfair_of A Un sfair_of B)"
   162 
   163 
   164 (* ------------------------ hiding -------------------------------------------- *)
   165 
   166 restrict_asig_def:
   167   "restrict_asig asig actns ==
   168     (inputs(asig) Int actns,
   169      outputs(asig) Int actns,
   170      internals(asig) Un (externals(asig) - actns))"
   171 
   172 (* Notice that for wfair_of and sfair_of nothing has to be changed, as
   173    changes from the outputs to the internals does not touch the locals as
   174    a whole, which is of importance for fairness only *)
   175 
   176 restrict_def:
   177   "restrict A actns ==
   178     (restrict_asig (asig_of A) actns,
   179      starts_of A,
   180      trans_of A,
   181      wfair_of A,
   182      sfair_of A)"
   183 
   184 hide_asig_def:
   185   "hide_asig asig actns ==
   186     (inputs(asig) - actns,
   187      outputs(asig) - actns,
   188      internals(asig) Un actns)"
   189 
   190 hide_def:
   191   "hide A actns ==
   192     (hide_asig (asig_of A) actns,
   193      starts_of A,
   194      trans_of A,
   195      wfair_of A,
   196      sfair_of A)"
   197 
   198 (* ------------------------- renaming ------------------------------------------- *)
   199 
   200 rename_set_def:
   201   "rename_set A ren == {b. ? x. Some x = ren b & x : A}"
   202 
   203 rename_def:
   204 "rename ioa ren ==
   205   ((rename_set (inp ioa) ren,
   206     rename_set (out ioa) ren,
   207     rename_set (int ioa) ren),
   208    starts_of ioa,
   209    {tr. let s = fst(tr); a = fst(snd(tr));  t = snd(snd(tr))
   210         in
   211         ? x. Some(x) = ren(a) & (s,x,t):trans_of ioa},
   212    {rename_set s ren | s. s: wfair_of ioa},
   213    {rename_set s ren | s. s: sfair_of ioa})"
   214 
   215 (* ------------------------- fairness ----------------------------- *)
   216 
   217 fairIOA_def:
   218   "fairIOA A == (! S : wfair_of A. S<= local A) &
   219                 (! S : sfair_of A. S<= local A)"
   220 
   221 input_resistant_def:
   222   "input_resistant A == ! W : sfair_of A. ! s a t.
   223                         reachable A s & reachable A t & a:inp A &
   224                         Enabled A W s & s -a--A-> t
   225                         --> Enabled A W t"
   226 
   227 enabled_def:
   228   "enabled A a s == ? t. s-a--A-> t"
   229 
   230 Enabled_def:
   231   "Enabled A W s == ? w:W. enabled A w s"
   232 
   233 en_persistent_def:
   234   "en_persistent A W == ! s a t. Enabled A W s &
   235                                  a ~:W &
   236                                  s -a--A-> t
   237                                  --> Enabled A W t"
   238 was_enabled_def:
   239   "was_enabled A a t == ? s. s-a--A-> t"
   240 
   241 set_was_enabled_def:
   242   "set_was_enabled A W t == ? w:W. was_enabled A w t"
   243 
   244 
   245 declare split_paired_Ex [simp del]
   246 
   247 lemmas ioa_projections = asig_of_def starts_of_def trans_of_def wfair_of_def sfair_of_def
   248 
   249 
   250 subsection "asig_of, starts_of, trans_of"
   251 
   252 lemma ioa_triple_proj: 
   253  "((asig_of (x,y,z,w,s)) = x)   &  
   254   ((starts_of (x,y,z,w,s)) = y) &  
   255   ((trans_of (x,y,z,w,s)) = z)  &  
   256   ((wfair_of (x,y,z,w,s)) = w) &  
   257   ((sfair_of (x,y,z,w,s)) = s)"
   258   apply (simp add: ioa_projections)
   259   done
   260 
   261 lemma trans_in_actions: 
   262   "[| is_trans_of A; (s1,a,s2):trans_of(A) |] ==> a:act A"
   263 apply (unfold is_trans_of_def actions_def is_asig_def)
   264   apply (erule allE, erule impE, assumption)
   265   apply simp
   266 done
   267 
   268 lemma starts_of_par: 
   269 "starts_of(A || B) = {p. fst(p):starts_of(A) & snd(p):starts_of(B)}"
   270   apply (simp add: par_def ioa_projections)
   271 done
   272 
   273 lemma trans_of_par: 
   274 "trans_of(A || B) = {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr))  
   275              in (a:act A | a:act B) &  
   276                 (if a:act A then        
   277                    (fst(s),a,fst(t)):trans_of(A)  
   278                  else fst(t) = fst(s))             
   279                 &                                   
   280                 (if a:act B then                     
   281                    (snd(s),a,snd(t)):trans_of(B)      
   282                  else snd(t) = snd(s))}"
   283 
   284 apply (simp add: par_def ioa_projections)
   285 done
   286 
   287 
   288 subsection "actions and par"
   289 
   290 lemma actions_asig_comp: 
   291   "actions(asig_comp a b) = actions(a) Un actions(b)"
   292   apply (simp (no_asm) add: actions_def asig_comp_def asig_projections)
   293   apply blast
   294   done
   295 
   296 lemma asig_of_par: "asig_of(A || B) = asig_comp (asig_of A) (asig_of B)"
   297   apply (simp add: par_def ioa_projections)
   298   done
   299 
   300 
   301 lemma externals_of_par: "ext (A1||A2) =     
   302    (ext A1) Un (ext A2)"
   303 apply (simp add: externals_def asig_of_par asig_comp_def
   304   asig_inputs_def asig_outputs_def Un_def set_diff_eq)
   305 apply blast
   306 done
   307 
   308 lemma actions_of_par: "act (A1||A2) =     
   309    (act A1) Un (act A2)"
   310 apply (simp add: actions_def asig_of_par asig_comp_def
   311   asig_inputs_def asig_outputs_def asig_internals_def Un_def set_diff_eq)
   312 apply blast
   313 done
   314 
   315 lemma inputs_of_par: "inp (A1||A2) = 
   316           ((inp A1) Un (inp A2)) - ((out A1) Un (out A2))"
   317 apply (simp add: actions_def asig_of_par asig_comp_def
   318   asig_inputs_def asig_outputs_def Un_def set_diff_eq)
   319 done
   320 
   321 lemma outputs_of_par: "out (A1||A2) = 
   322           (out A1) Un (out A2)"
   323 apply (simp add: actions_def asig_of_par asig_comp_def
   324   asig_outputs_def Un_def set_diff_eq)
   325 done
   326 
   327 lemma internals_of_par: "int (A1||A2) = 
   328           (int A1) Un (int A2)"
   329 apply (simp add: actions_def asig_of_par asig_comp_def
   330   asig_inputs_def asig_outputs_def asig_internals_def Un_def set_diff_eq)
   331 done
   332 
   333 
   334 subsection "actions and compatibility"
   335 
   336 lemma compat_commute: "compatible A B = compatible B A"
   337 apply (simp add: compatible_def Int_commute)
   338 apply auto
   339 done
   340 
   341 lemma ext1_is_not_int2: 
   342  "[| compatible A1 A2; a:ext A1|] ==> a~:int A2"
   343 apply (unfold externals_def actions_def compatible_def)
   344 apply simp
   345 apply blast
   346 done
   347 
   348 (* just commuting the previous one: better commute compatible *)
   349 lemma ext2_is_not_int1: 
   350  "[| compatible A2 A1 ; a:ext A1|] ==> a~:int A2"
   351 apply (unfold externals_def actions_def compatible_def)
   352 apply simp
   353 apply blast
   354 done
   355 
   356 lemmas ext1_ext2_is_not_act2 = ext1_is_not_int2 [THEN int_and_ext_is_act]
   357 lemmas ext1_ext2_is_not_act1 = ext2_is_not_int1 [THEN int_and_ext_is_act]
   358 
   359 lemma intA_is_not_extB: 
   360  "[| compatible A B; x:int A |] ==> x~:ext B"
   361 apply (unfold externals_def actions_def compatible_def)
   362 apply simp
   363 apply blast
   364 done
   365 
   366 lemma intA_is_not_actB: 
   367 "[| compatible A B; a:int A |] ==> a ~: act B"
   368 apply (unfold externals_def actions_def compatible_def is_asig_def asig_of_def)
   369 apply simp
   370 apply blast
   371 done
   372 
   373 (* the only one that needs disjointness of outputs and of internals and _all_ acts *)
   374 lemma outAactB_is_inpB: 
   375 "[| compatible A B; a:out A ;a:act B|] ==> a : inp B"
   376 apply (unfold asig_outputs_def asig_internals_def actions_def asig_inputs_def 
   377     compatible_def is_asig_def asig_of_def)
   378 apply simp
   379 apply blast
   380 done
   381 
   382 (* needed for propagation of input_enabledness from A,B to A||B *)
   383 lemma inpAAactB_is_inpBoroutB: 
   384 "[| compatible A B; a:inp A ;a:act B|] ==> a : inp B | a: out B"
   385 apply (unfold asig_outputs_def asig_internals_def actions_def asig_inputs_def 
   386     compatible_def is_asig_def asig_of_def)
   387 apply simp
   388 apply blast
   389 done
   390 
   391 
   392 subsection "input_enabledness and par"
   393 
   394 (* ugly case distinctions. Heart of proof:
   395      1. inpAAactB_is_inpBoroutB ie. internals are really hidden.
   396      2. inputs_of_par: outputs are no longer inputs of par. This is important here *)
   397 lemma input_enabled_par: 
   398 "[| compatible A B; input_enabled A; input_enabled B|]  
   399       ==> input_enabled (A||B)"
   400 apply (unfold input_enabled_def)
   401 apply (simp add: Let_def inputs_of_par trans_of_par)
   402 apply (tactic "safe_tac (Context.raw_transfer @{theory} @{theory_context Fun})")
   403 apply (simp add: inp_is_act)
   404 prefer 2
   405 apply (simp add: inp_is_act)
   406 (* a: inp A *)
   407 apply (case_tac "a:act B")
   408 (* a:act B *)
   409 apply (erule_tac x = "a" in allE)
   410 apply simp
   411 apply (drule inpAAactB_is_inpBoroutB)
   412 apply assumption
   413 apply assumption
   414 apply (erule_tac x = "a" in allE)
   415 apply simp
   416 apply (erule_tac x = "aa" in allE)
   417 apply (erule_tac x = "b" in allE)
   418 apply (erule exE)
   419 apply (erule exE)
   420 apply (rule_tac x = " (s2,s2a) " in exI)
   421 apply (simp add: inp_is_act)
   422 (* a~: act B*)
   423 apply (simp add: inp_is_act)
   424 apply (erule_tac x = "a" in allE)
   425 apply simp
   426 apply (erule_tac x = "aa" in allE)
   427 apply (erule exE)
   428 apply (rule_tac x = " (s2,b) " in exI)
   429 apply simp
   430 
   431 (* a:inp B *)
   432 apply (case_tac "a:act A")
   433 (* a:act A *)
   434 apply (erule_tac x = "a" in allE)
   435 apply (erule_tac x = "a" in allE)
   436 apply (simp add: inp_is_act)
   437 apply (frule_tac A1 = "A" in compat_commute [THEN iffD1])
   438 apply (drule inpAAactB_is_inpBoroutB)
   439 back
   440 apply assumption
   441 apply assumption
   442 apply simp
   443 apply (erule_tac x = "aa" in allE)
   444 apply (erule_tac x = "b" in allE)
   445 apply (erule exE)
   446 apply (erule exE)
   447 apply (rule_tac x = " (s2,s2a) " in exI)
   448 apply (simp add: inp_is_act)
   449 (* a~: act B*)
   450 apply (simp add: inp_is_act)
   451 apply (erule_tac x = "a" in allE)
   452 apply (erule_tac x = "a" in allE)
   453 apply simp
   454 apply (erule_tac x = "b" in allE)
   455 apply (erule exE)
   456 apply (rule_tac x = " (aa,s2) " in exI)
   457 apply simp
   458 done
   459 
   460 
   461 subsection "invariants"
   462 
   463 lemma invariantI:
   464   "[| !!s. s:starts_of(A) ==> P(s);      
   465       !!s t a. [|reachable A s; P(s)|] ==> (s,a,t): trans_of(A) --> P(t) |]  
   466    ==> invariant A P"
   467 apply (unfold invariant_def)
   468 apply (rule allI)
   469 apply (rule impI)
   470 apply (rule_tac x = "s" in reachable.induct)
   471 apply assumption
   472 apply blast
   473 apply blast
   474 done
   475 
   476 lemma invariantI1:
   477  "[| !!s. s : starts_of(A) ==> P(s);  
   478      !!s t a. reachable A s ==> P(s) --> (s,a,t):trans_of(A) --> P(t)  
   479   |] ==> invariant A P"
   480   apply (blast intro: invariantI)
   481   done
   482 
   483 lemma invariantE: "[| invariant A P; reachable A s |] ==> P(s)"
   484   apply (unfold invariant_def)
   485   apply blast
   486   done
   487 
   488 
   489 subsection "restrict"
   490 
   491 
   492 lemmas reachable_0 = reachable.reachable_0
   493   and reachable_n = reachable.reachable_n
   494 
   495 lemma cancel_restrict_a: "starts_of(restrict ioa acts) = starts_of(ioa) &      
   496           trans_of(restrict ioa acts) = trans_of(ioa)"
   497 apply (simp add: restrict_def ioa_projections)
   498 done
   499 
   500 lemma cancel_restrict_b: "reachable (restrict ioa acts) s = reachable ioa s"
   501 apply (rule iffI)
   502 apply (erule reachable.induct)
   503 apply (simp add: cancel_restrict_a reachable_0)
   504 apply (erule reachable_n)
   505 apply (simp add: cancel_restrict_a)
   506 (* <--  *)
   507 apply (erule reachable.induct)
   508 apply (rule reachable_0)
   509 apply (simp add: cancel_restrict_a)
   510 apply (erule reachable_n)
   511 apply (simp add: cancel_restrict_a)
   512 done
   513 
   514 lemma acts_restrict: "act (restrict A acts) = act A"
   515 apply (simp (no_asm) add: actions_def asig_internals_def
   516   asig_outputs_def asig_inputs_def externals_def asig_of_def restrict_def restrict_asig_def)
   517 apply auto
   518 done
   519 
   520 lemma cancel_restrict: "starts_of(restrict ioa acts) = starts_of(ioa) &      
   521           trans_of(restrict ioa acts) = trans_of(ioa) &  
   522           reachable (restrict ioa acts) s = reachable ioa s &  
   523           act (restrict A acts) = act A"
   524   apply (simp (no_asm) add: cancel_restrict_a cancel_restrict_b acts_restrict)
   525   done
   526 
   527 
   528 subsection "rename"
   529 
   530 lemma trans_rename: "s -a--(rename C f)-> t ==> (? x. Some(x) = f(a) & s -x--C-> t)"
   531 apply (simp add: Let_def rename_def trans_of_def)
   532 done
   533 
   534 
   535 lemma reachable_rename: "[| reachable (rename C g) s |] ==> reachable C s"
   536 apply (erule reachable.induct)
   537 apply (rule reachable_0)
   538 apply (simp add: rename_def ioa_projections)
   539 apply (drule trans_rename)
   540 apply (erule exE)
   541 apply (erule conjE)
   542 apply (erule reachable_n)
   543 apply assumption
   544 done
   545 
   546 
   547 subsection "trans_of(A||B)"
   548 
   549 
   550 lemma trans_A_proj: "[|(s,a,t):trans_of (A||B); a:act A|]  
   551               ==> (fst s,a,fst t):trans_of A"
   552 apply (simp add: Let_def par_def trans_of_def)
   553 done
   554 
   555 lemma trans_B_proj: "[|(s,a,t):trans_of (A||B); a:act B|]  
   556               ==> (snd s,a,snd t):trans_of B"
   557 apply (simp add: Let_def par_def trans_of_def)
   558 done
   559 
   560 lemma trans_A_proj2: "[|(s,a,t):trans_of (A||B); a~:act A|] 
   561               ==> fst s = fst t"
   562 apply (simp add: Let_def par_def trans_of_def)
   563 done
   564 
   565 lemma trans_B_proj2: "[|(s,a,t):trans_of (A||B); a~:act B|] 
   566               ==> snd s = snd t"
   567 apply (simp add: Let_def par_def trans_of_def)
   568 done
   569 
   570 lemma trans_AB_proj: "(s,a,t):trans_of (A||B)  
   571                ==> a :act A | a :act B"
   572 apply (simp add: Let_def par_def trans_of_def)
   573 done
   574 
   575 lemma trans_AB: "[|a:act A;a:act B; 
   576        (fst s,a,fst t):trans_of A;(snd s,a,snd t):trans_of B|] 
   577    ==> (s,a,t):trans_of (A||B)"
   578 apply (simp add: Let_def par_def trans_of_def)
   579 done
   580 
   581 lemma trans_A_notB: "[|a:act A;a~:act B; 
   582        (fst s,a,fst t):trans_of A;snd s=snd t|] 
   583    ==> (s,a,t):trans_of (A||B)"
   584 apply (simp add: Let_def par_def trans_of_def)
   585 done
   586 
   587 lemma trans_notA_B: "[|a~:act A;a:act B; 
   588        (snd s,a,snd t):trans_of B;fst s=fst t|] 
   589    ==> (s,a,t):trans_of (A||B)"
   590 apply (simp add: Let_def par_def trans_of_def)
   591 done
   592 
   593 lemmas trans_of_defs1 = trans_AB trans_A_notB trans_notA_B
   594   and trans_of_defs2 = trans_A_proj trans_B_proj trans_A_proj2 trans_B_proj2 trans_AB_proj
   595 
   596 
   597 lemma trans_of_par4: 
   598 "((s,a,t) : trans_of(A || B || C || D)) =                                     
   599   ((a:actions(asig_of(A)) | a:actions(asig_of(B)) | a:actions(asig_of(C)) |   
   600     a:actions(asig_of(D))) &                                                  
   601    (if a:actions(asig_of(A)) then (fst(s),a,fst(t)):trans_of(A)               
   602     else fst t=fst s) &                                                       
   603    (if a:actions(asig_of(B)) then (fst(snd(s)),a,fst(snd(t))):trans_of(B)     
   604     else fst(snd(t))=fst(snd(s))) &                                           
   605    (if a:actions(asig_of(C)) then                                             
   606       (fst(snd(snd(s))),a,fst(snd(snd(t)))):trans_of(C)                       
   607     else fst(snd(snd(t)))=fst(snd(snd(s)))) &                                 
   608    (if a:actions(asig_of(D)) then                                             
   609       (snd(snd(snd(s))),a,snd(snd(snd(t)))):trans_of(D)                       
   610     else snd(snd(snd(t)))=snd(snd(snd(s)))))"
   611   apply (simp (no_asm) add: par_def actions_asig_comp prod_eq_iff Let_def ioa_projections)
   612   done
   613 
   614 
   615 subsection "proof obligation generator for IOA requirements"
   616 
   617 (* without assumptions on A and B because is_trans_of is also incorporated in ||def *)
   618 lemma is_trans_of_par: "is_trans_of (A||B)"
   619 apply (unfold is_trans_of_def)
   620 apply (simp add: Let_def actions_of_par trans_of_par)
   621 done
   622 
   623 lemma is_trans_of_restrict: 
   624 "is_trans_of A ==> is_trans_of (restrict A acts)"
   625 apply (unfold is_trans_of_def)
   626 apply (simp add: cancel_restrict acts_restrict)
   627 done
   628 
   629 lemma is_trans_of_rename: 
   630 "is_trans_of A ==> is_trans_of (rename A f)"
   631 apply (unfold is_trans_of_def restrict_def restrict_asig_def)
   632 apply (simp add: Let_def actions_def trans_of_def asig_internals_def
   633   asig_outputs_def asig_inputs_def externals_def asig_of_def rename_def rename_set_def)
   634 apply blast
   635 done
   636 
   637 lemma is_asig_of_par: "[| is_asig_of A; is_asig_of B; compatible A B|]   
   638           ==> is_asig_of (A||B)"
   639 apply (simp add: is_asig_of_def asig_of_par asig_comp_def compatible_def
   640   asig_internals_def asig_outputs_def asig_inputs_def actions_def is_asig_def)
   641 apply (simp add: asig_of_def)
   642 apply auto
   643 done
   644 
   645 lemma is_asig_of_restrict: 
   646 "is_asig_of A ==> is_asig_of (restrict A f)"
   647 apply (unfold is_asig_of_def is_asig_def asig_of_def restrict_def restrict_asig_def 
   648            asig_internals_def asig_outputs_def asig_inputs_def externals_def o_def)
   649 apply simp
   650 apply auto
   651 done
   652 
   653 lemma is_asig_of_rename: "is_asig_of A ==> is_asig_of (rename A f)"
   654 apply (simp add: is_asig_of_def rename_def rename_set_def asig_internals_def
   655   asig_outputs_def asig_inputs_def actions_def is_asig_def asig_of_def)
   656 apply auto
   657 apply (drule_tac [!] s = "Some ?x" in sym)
   658 apply auto
   659 done
   660 
   661 lemmas [simp] = is_asig_of_par is_asig_of_restrict
   662   is_asig_of_rename is_trans_of_par is_trans_of_restrict is_trans_of_rename
   663 
   664 
   665 lemma compatible_par: 
   666 "[|compatible A B; compatible A C |]==> compatible A (B||C)"
   667 apply (unfold compatible_def)
   668 apply (simp add: internals_of_par outputs_of_par actions_of_par)
   669 apply auto
   670 done
   671 
   672 (*  better derive by previous one and compat_commute *)
   673 lemma compatible_par2: 
   674 "[|compatible A C; compatible B C |]==> compatible (A||B) C"
   675 apply (unfold compatible_def)
   676 apply (simp add: internals_of_par outputs_of_par actions_of_par)
   677 apply auto
   678 done
   679 
   680 lemma compatible_restrict: 
   681 "[| compatible A B; (ext B - S) Int ext A = {}|]  
   682       ==> compatible A (restrict B S)"
   683 apply (unfold compatible_def)
   684 apply (simp add: ioa_triple_proj asig_triple_proj externals_def
   685   restrict_def restrict_asig_def actions_def)
   686 apply auto
   687 done
   688 
   689 
   690 declare split_paired_Ex [simp]
   691 
   692 end