| author | wenzelm |
| Sun, 21 Oct 2007 14:21:48 +0200 | |
| changeset 25131 | 2c8caac48ade |
| parent 19741 | f65265d71426 |
| child 27208 | 5fe899199f85 |
| permissions | -rw-r--r-- |
| 4559 | 1 |
(* Title: HOLCF/IOA/meta_theory/TLS.thy |
2 |
ID: $Id$ |
|
| 12218 | 3 |
Author: Olaf Müller |
| 17233 | 4 |
*) |
| 4559 | 5 |
|
| 17233 | 6 |
header {* A General Temporal Logic *}
|
| 4559 | 7 |
|
| 17233 | 8 |
theory TL |
9 |
imports Pred Sequence |
|
10 |
begin |
|
11 |
||
12 |
defaultsort type |
|
| 4559 | 13 |
|
14 |
types |
|
| 17233 | 15 |
'a temporal = "'a Seq predicate" |
| 4559 | 16 |
|
17 |
||
| 17233 | 18 |
consts |
| 4559 | 19 |
suffix :: "'a Seq => 'a Seq => bool" |
20 |
tsuffix :: "'a Seq => 'a Seq => bool" |
|
21 |
||
22 |
validT :: "'a Seq predicate => bool" |
|
23 |
||
24 |
unlift :: "'a lift => 'a" |
|
25 |
||
26 |
Init ::"'a predicate => 'a temporal" ("<_>" [0] 1000)
|
|
27 |
||
28 |
Box ::"'a temporal => 'a temporal" ("[] (_)" [80] 80)
|
|
29 |
Diamond ::"'a temporal => 'a temporal" ("<> (_)" [80] 80)
|
|
| 17233 | 30 |
Next ::"'a temporal => 'a temporal" |
| 4559 | 31 |
Leadsto ::"'a temporal => 'a temporal => 'a temporal" (infixr "~>" 22) |
32 |
||
|
25131
2c8caac48ade
modernized specifications ('definition', 'abbreviation', 'notation');
wenzelm
parents:
19741
diff
changeset
|
33 |
notation (xsymbols) |
|
2c8caac48ade
modernized specifications ('definition', 'abbreviation', 'notation');
wenzelm
parents:
19741
diff
changeset
|
34 |
Box ("\<box> (_)" [80] 80) and
|
|
2c8caac48ade
modernized specifications ('definition', 'abbreviation', 'notation');
wenzelm
parents:
19741
diff
changeset
|
35 |
Diamond ("\<diamond> (_)" [80] 80) and
|
|
2c8caac48ade
modernized specifications ('definition', 'abbreviation', 'notation');
wenzelm
parents:
19741
diff
changeset
|
36 |
Leadsto (infixr "\<leadsto>" 22) |
| 17233 | 37 |
|
| 4559 | 38 |
defs |
39 |
||
| 17233 | 40 |
unlift_def: |
41 |
"unlift x == (case x of |
|
| 12028 | 42 |
UU => arbitrary |
| 4559 | 43 |
| Def y => y)" |
44 |
||
45 |
(* this means that for nil and UU the effect is unpredictable *) |
|
| 17233 | 46 |
Init_def: |
47 |
"Init P s == (P (unlift (HD$s)))" |
|
| 4559 | 48 |
|
| 17233 | 49 |
suffix_def: |
50 |
"suffix s2 s == ? s1. (Finite s1 & s = s1 @@ s2)" |
|
| 4559 | 51 |
|
| 17233 | 52 |
tsuffix_def: |
| 4559 | 53 |
"tsuffix s2 s == s2 ~= nil & s2 ~= UU & suffix s2 s" |
54 |
||
| 17233 | 55 |
Box_def: |
| 4559 | 56 |
"([] P) s == ! s2. tsuffix s2 s --> P s2" |
57 |
||
| 17233 | 58 |
Next_def: |
| 10835 | 59 |
"(Next P) s == if (TL$s=UU | TL$s=nil) then (P s) else P (TL$s)" |
| 4559 | 60 |
|
| 17233 | 61 |
Diamond_def: |
| 4559 | 62 |
"<> P == .~ ([] (.~ P))" |
63 |
||
| 17233 | 64 |
Leadsto_def: |
65 |
"P ~> Q == ([] (P .--> (<> Q)))" |
|
| 4559 | 66 |
|
| 17233 | 67 |
validT_def: |
| 4559 | 68 |
"validT P == ! s. s~=UU & s~=nil --> (s |= P)" |
69 |
||
| 19741 | 70 |
|
71 |
lemma simple: "[] <> (.~ P) = (.~ <> [] P)" |
|
72 |
apply (rule ext) |
|
73 |
apply (simp add: Diamond_def NOT_def Box_def) |
|
74 |
done |
|
75 |
||
76 |
lemma Boxnil: "nil |= [] P" |
|
77 |
apply (simp add: satisfies_def Box_def tsuffix_def suffix_def nil_is_Conc) |
|
78 |
done |
|
79 |
||
80 |
lemma Diamondnil: "~(nil |= <> P)" |
|
81 |
apply (simp add: Diamond_def satisfies_def NOT_def) |
|
82 |
apply (cut_tac Boxnil) |
|
83 |
apply (simp add: satisfies_def) |
|
84 |
done |
|
85 |
||
86 |
lemma Diamond_def2: "(<> F) s = (? s2. tsuffix s2 s & F s2)" |
|
87 |
apply (simp add: Diamond_def NOT_def Box_def) |
|
88 |
done |
|
89 |
||
90 |
||
91 |
||
92 |
subsection "TLA Axiomatization by Merz" |
|
93 |
||
94 |
lemma suffix_refl: "suffix s s" |
|
95 |
apply (simp add: suffix_def) |
|
96 |
apply (rule_tac x = "nil" in exI) |
|
97 |
apply auto |
|
98 |
done |
|
99 |
||
100 |
lemma reflT: "s~=UU & s~=nil --> (s |= [] F .--> F)" |
|
101 |
apply (simp add: satisfies_def IMPLIES_def Box_def) |
|
102 |
apply (rule impI)+ |
|
103 |
apply (erule_tac x = "s" in allE) |
|
104 |
apply (simp add: tsuffix_def suffix_refl) |
|
105 |
done |
|
106 |
||
107 |
||
108 |
lemma suffix_trans: "[| suffix y x ; suffix z y |] ==> suffix z x" |
|
109 |
apply (simp add: suffix_def) |
|
110 |
apply auto |
|
111 |
apply (rule_tac x = "s1 @@ s1a" in exI) |
|
112 |
apply auto |
|
113 |
apply (simp (no_asm) add: Conc_assoc) |
|
114 |
done |
|
115 |
||
116 |
lemma transT: "s |= [] F .--> [] [] F" |
|
117 |
apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def tsuffix_def) |
|
118 |
apply auto |
|
119 |
apply (drule suffix_trans) |
|
120 |
apply assumption |
|
121 |
apply (erule_tac x = "s2a" in allE) |
|
122 |
apply auto |
|
123 |
done |
|
124 |
||
125 |
||
126 |
lemma normalT: "s |= [] (F .--> G) .--> [] F .--> [] G" |
|
127 |
apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def) |
|
128 |
done |
|
129 |
||
130 |
||
131 |
subsection "TLA Rules by Lamport" |
|
132 |
||
133 |
lemma STL1a: "validT P ==> validT ([] P)" |
|
134 |
apply (simp add: validT_def satisfies_def Box_def tsuffix_def) |
|
135 |
done |
|
136 |
||
137 |
lemma STL1b: "valid P ==> validT (Init P)" |
|
138 |
apply (simp add: valid_def validT_def satisfies_def Init_def) |
|
139 |
done |
|
140 |
||
141 |
lemma STL1: "valid P ==> validT ([] (Init P))" |
|
142 |
apply (rule STL1a) |
|
143 |
apply (erule STL1b) |
|
144 |
done |
|
145 |
||
146 |
(* Note that unlift and HD is not at all used !!! *) |
|
147 |
lemma STL4: "valid (P .--> Q) ==> validT ([] (Init P) .--> [] (Init Q))" |
|
148 |
apply (simp add: valid_def validT_def satisfies_def IMPLIES_def Box_def Init_def) |
|
149 |
done |
|
150 |
||
151 |
||
152 |
subsection "LTL Axioms by Manna/Pnueli" |
|
153 |
||
154 |
lemma tsuffix_TL [rule_format (no_asm)]: |
|
155 |
"s~=UU & s~=nil --> tsuffix s2 (TL$s) --> tsuffix s2 s" |
|
156 |
apply (unfold tsuffix_def suffix_def) |
|
157 |
apply auto |
|
158 |
apply (tactic {* Seq_case_simp_tac "s" 1 *})
|
|
159 |
apply (rule_tac x = "a>>s1" in exI) |
|
160 |
apply auto |
|
161 |
done |
|
162 |
||
163 |
lemmas tsuffix_TL2 = conjI [THEN tsuffix_TL] |
|
164 |
||
165 |
declare split_if [split del] |
|
166 |
lemma LTL1: |
|
167 |
"s~=UU & s~=nil --> (s |= [] F .--> (F .& (Next ([] F))))" |
|
168 |
apply (unfold Next_def satisfies_def NOT_def IMPLIES_def AND_def Box_def) |
|
169 |
apply auto |
|
170 |
(* []F .--> F *) |
|
171 |
apply (erule_tac x = "s" in allE) |
|
172 |
apply (simp add: tsuffix_def suffix_refl) |
|
173 |
(* []F .--> Next [] F *) |
|
174 |
apply (simp split add: split_if) |
|
175 |
apply auto |
|
176 |
apply (drule tsuffix_TL2) |
|
177 |
apply assumption+ |
|
178 |
apply auto |
|
179 |
done |
|
180 |
declare split_if [split] |
|
181 |
||
182 |
||
183 |
lemma LTL2a: |
|
184 |
"s |= .~ (Next F) .--> (Next (.~ F))" |
|
185 |
apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
|
186 |
apply simp |
|
187 |
done |
|
188 |
||
189 |
lemma LTL2b: |
|
190 |
"s |= (Next (.~ F)) .--> (.~ (Next F))" |
|
191 |
apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
|
192 |
apply simp |
|
193 |
done |
|
194 |
||
195 |
lemma LTL3: |
|
196 |
"ex |= (Next (F .--> G)) .--> (Next F) .--> (Next G)" |
|
197 |
apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
|
198 |
apply simp |
|
199 |
done |
|
200 |
||
201 |
||
202 |
lemma ModusPonens: "[| validT (P .--> Q); validT P |] ==> validT Q" |
|
203 |
apply (simp add: validT_def satisfies_def IMPLIES_def) |
|
204 |
done |
|
| 17233 | 205 |
|
206 |
end |