Finished proofs to end of section 5.1 of Chandy and Sanders
Title:      HOL/UNITY/Comp.thy
ID:         $Id$
Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
Copyright   1998  University of Cambridge
```     5
Composition
```     7
From Chandy and Sanders, "Reasoning About Program Composition"
```     9 *)
```    10
Comp = Union +
```    12
constdefs
```    14
(*Existential and Universal properties.  I formalize the two-program
case, proving equivalence with Chandy and Sanders's n-ary definitions*)
```    17
ex_prop  :: 'a program set => bool
"ex_prop X == ALL F G. F:X | G: X --> (F Join G) : X"
```    20
strict_ex_prop  :: 'a program set => bool
"strict_ex_prop X == ALL F G. (F:X | G: X) = (F Join G : X)"
```    23
uv_prop  :: 'a program set => bool
"uv_prop X == SKIP: X & (ALL F G. F:X & G: X --> (F Join G) : X)"
```    26
strict_uv_prop  :: 'a program set => bool
"strict_uv_prop X == SKIP: X & (ALL F G. (F:X & G: X) = (F Join G : X))"
```    29
(*Ill-defined programs can arise through "Join"*)
welldef :: 'a program set
"welldef == {F. Init F ~= {}}"
```    33
component :: ['a program, 'a program] => bool
"component F H == EX G. F Join G = H"
```    36
guarantees :: ['a program set, 'a program set] => 'a program set (infixl 65)
"X guarantees Y == {F. ALL H. component F H --> H:X --> H:Y}"
```    39
refines :: ['a program, 'a program, 'a program set] => bool
			("(3_ refines _ wrt _)" [10,10,10] 10)
```    41 			("(3_ refines _ wrt _)" [10,10,10] 10)
```    42    "G refines F wrt X ==
```    43       ALL H. (F Join H) : welldef Int X --> G Join H : welldef Int X"
```    44
iso_refines :: ['a program, 'a program, 'a program set] => bool
			("(3_ iso'_refines _ wrt _)" [10,10,10] 10)
```    46 			("(3_ iso'_refines _ wrt _)" [10,10,10] 10)
```    47    "G iso_refines F wrt X ==
```    48       F : welldef Int X --> G : welldef Int X"
```    49
end
```