| author | desharna | 
| Mon, 10 Jun 2024 13:44:46 +0200 | |
| changeset 80321 | 31b9dfbe534c | 
| parent 63146 | f1ecba0272f9 | 
| child 80914 | d97fdabd9e2b | 
| permissions | -rw-r--r-- | 
| 5597 | 1 | (* Title: HOL/UNITY/Comp.thy | 
| 2 | Author: Lawrence C Paulson, Cambridge University Computer Laboratory | |
| 32960 
69916a850301
eliminated hard tabulators, guessing at each author's individual tab-width;
 wenzelm parents: 
30952diff
changeset | 3 | Author: Sidi Ehmety | 
| 5597 | 4 | |
| 32960 
69916a850301
eliminated hard tabulators, guessing at each author's individual tab-width;
 wenzelm parents: 
30952diff
changeset | 5 | Composition. | 
| 
69916a850301
eliminated hard tabulators, guessing at each author's individual tab-width;
 wenzelm parents: 
30952diff
changeset | 6 | |
| 11190 | 7 | From Chandy and Sanders, "Reasoning About Program Composition", | 
| 8 | Technical Report 2000-003, University of Florida, 2000. | |
| 5597 | 9 | *) | 
| 10 | ||
| 63146 | 11 | section\<open>Composition: Basic Primitives\<close> | 
| 13798 | 12 | |
| 30952 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 13 | theory Comp | 
| 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 14 | imports Union | 
| 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 15 | begin | 
| 5597 | 16 | |
| 30952 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 17 | instantiation program :: (type) ord | 
| 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 18 | begin | 
| 5597 | 19 | |
| 61941 | 20 | definition component_def: "F \<le> H \<longleftrightarrow> (\<exists>G. F\<squnion>G = H)" | 
| 5612 
e981ca6f7332
Finished proofs to end of section 5.1 of Chandy and Sanders
 paulson parents: 
5597diff
changeset | 21 | |
| 61941 | 22 | definition strict_component_def: "F < (H::'a program) \<longleftrightarrow> (F \<le> H & F \<noteq> H)" | 
| 30952 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 23 | |
| 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 24 | instance .. | 
| 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 25 | |
| 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 26 | end | 
| 11190 | 27 | |
| 46912 | 28 | definition component_of :: "'a program =>'a program=> bool" (infixl "component'_of" 50) | 
| 29 | where "F component_of H == \<exists>G. F ok G & F\<squnion>G = H" | |
| 11190 | 30 | |
| 46912 | 31 | definition strict_component_of :: "'a program\<Rightarrow>'a program=> bool" (infixl "strict'_component'_of" 50) | 
| 32 | where "F strict_component_of H == F component_of H & F\<noteq>H" | |
| 13819 | 33 | |
| 46912 | 34 | definition preserves :: "('a=>'b) => 'a program set"
 | 
| 35 |   where "preserves v == \<Inter>z. stable {s. v s = z}"
 | |
| 8055 
bb15396278fb
abolition of localTo: instead "guarantees" has local vars as extra argument
 paulson parents: 
7399diff
changeset | 36 | |
| 35416 
d8d7d1b785af
replaced a couple of constsdefs by definitions (also some old primrecs by modern ones)
 haftmann parents: 
32960diff
changeset | 37 | definition localize :: "('a=>'b) => 'a program => 'a program" where
 | 
| 11190 | 38 | "localize v F == mk_program(Init F, Acts F, | 
| 32960 
69916a850301
eliminated hard tabulators, guessing at each author's individual tab-width;
 wenzelm parents: 
30952diff
changeset | 39 | AllowedActs F \<inter> (\<Union>G \<in> preserves v. Acts G))" | 
| 11190 | 40 | |
| 46912 | 41 | definition funPair :: "['a => 'b, 'a => 'c, 'a] => 'b * 'c" | 
| 42 | where "funPair f g == %x. (f x, g x)" | |
| 13792 | 43 | |
| 44 | ||
| 63146 | 45 | subsection\<open>The component relation\<close> | 
| 13819 | 46 | lemma componentI: "H \<le> F | H \<le> G ==> H \<le> (F\<squnion>G)" | 
| 13792 | 47 | apply (unfold component_def, auto) | 
| 13819 | 48 | apply (rule_tac x = "G\<squnion>Ga" in exI) | 
| 49 | apply (rule_tac [2] x = "G\<squnion>F" in exI) | |
| 13792 | 50 | apply (auto simp add: Join_ac) | 
| 51 | done | |
| 52 | ||
| 13819 | 53 | lemma component_eq_subset: | 
| 54 | "(F \<le> G) = | |
| 13805 | 55 | (Init G \<subseteq> Init F & Acts F \<subseteq> Acts G & AllowedActs G \<subseteq> AllowedActs F)" | 
| 13792 | 56 | apply (unfold component_def) | 
| 57 | apply (force intro!: exI program_equalityI) | |
| 58 | done | |
| 59 | ||
| 13805 | 60 | lemma component_SKIP [iff]: "SKIP \<le> F" | 
| 13792 | 61 | apply (unfold component_def) | 
| 62 | apply (force intro: Join_SKIP_left) | |
| 63 | done | |
| 64 | ||
| 13805 | 65 | lemma component_refl [iff]: "F \<le> (F :: 'a program)" | 
| 13792 | 66 | apply (unfold component_def) | 
| 67 | apply (blast intro: Join_SKIP_right) | |
| 68 | done | |
| 69 | ||
| 13805 | 70 | lemma SKIP_minimal: "F \<le> SKIP ==> F = SKIP" | 
| 13792 | 71 | by (auto intro!: program_equalityI simp add: component_eq_subset) | 
| 72 | ||
| 13819 | 73 | lemma component_Join1: "F \<le> (F\<squnion>G)" | 
| 13792 | 74 | by (unfold component_def, blast) | 
| 75 | ||
| 13819 | 76 | lemma component_Join2: "G \<le> (F\<squnion>G)" | 
| 13792 | 77 | apply (unfold component_def) | 
| 13798 | 78 | apply (simp add: Join_commute, blast) | 
| 13792 | 79 | done | 
| 80 | ||
| 13819 | 81 | lemma Join_absorb1: "F \<le> G ==> F\<squnion>G = G" | 
| 13792 | 82 | by (auto simp add: component_def Join_left_absorb) | 
| 83 | ||
| 13819 | 84 | lemma Join_absorb2: "G \<le> F ==> F\<squnion>G = F" | 
| 13792 | 85 | by (auto simp add: Join_ac component_def) | 
| 86 | ||
| 13805 | 87 | lemma JN_component_iff: "((JOIN I F) \<le> H) = (\<forall>i \<in> I. F i \<le> H)" | 
| 13798 | 88 | by (simp add: component_eq_subset, blast) | 
| 13792 | 89 | |
| 13805 | 90 | lemma component_JN: "i \<in> I ==> (F i) \<le> (\<Squnion>i \<in> I. (F i))" | 
| 13792 | 91 | apply (unfold component_def) | 
| 92 | apply (blast intro: JN_absorb) | |
| 93 | done | |
| 94 | ||
| 13805 | 95 | lemma component_trans: "[| F \<le> G; G \<le> H |] ==> F \<le> (H :: 'a program)" | 
| 13792 | 96 | apply (unfold component_def) | 
| 97 | apply (blast intro: Join_assoc [symmetric]) | |
| 98 | done | |
| 99 | ||
| 13805 | 100 | lemma component_antisym: "[| F \<le> G; G \<le> F |] ==> F = (G :: 'a program)" | 
| 13792 | 101 | apply (simp (no_asm_use) add: component_eq_subset) | 
| 102 | apply (blast intro!: program_equalityI) | |
| 103 | done | |
| 104 | ||
| 13819 | 105 | lemma Join_component_iff: "((F\<squnion>G) \<le> H) = (F \<le> H & G \<le> H)" | 
| 13798 | 106 | by (simp add: component_eq_subset, blast) | 
| 13792 | 107 | |
| 13805 | 108 | lemma component_constrains: "[| F \<le> G; G \<in> A co B |] ==> F \<in> A co B" | 
| 13792 | 109 | by (auto simp add: constrains_def component_eq_subset) | 
| 110 | ||
| 13874 | 111 | lemma component_stable: "[| F \<le> G; G \<in> stable A |] ==> F \<in> stable A" | 
| 112 | by (auto simp add: stable_def component_constrains) | |
| 113 | ||
| 13792 | 114 | (*Used in Guar.thy to show that programs are partially ordered*) | 
| 30952 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 115 | lemmas program_less_le = strict_component_def | 
| 13792 | 116 | |
| 117 | ||
| 63146 | 118 | subsection\<open>The preserves property\<close> | 
| 13792 | 119 | |
| 13805 | 120 | lemma preservesI: "(!!z. F \<in> stable {s. v s = z}) ==> F \<in> preserves v"
 | 
| 13792 | 121 | by (unfold preserves_def, blast) | 
| 122 | ||
| 13819 | 123 | lemma preserves_imp_eq: | 
| 13805 | 124 | "[| F \<in> preserves v; act \<in> Acts F; (s,s') \<in> act |] ==> v s = v s'" | 
| 13819 | 125 | by (unfold preserves_def stable_def constrains_def, force) | 
| 13792 | 126 | |
| 13819 | 127 | lemma Join_preserves [iff]: | 
| 128 | "(F\<squnion>G \<in> preserves v) = (F \<in> preserves v & G \<in> preserves v)" | |
| 129 | by (unfold preserves_def, auto) | |
| 13792 | 130 | |
| 131 | lemma JN_preserves [iff]: | |
| 13805 | 132 | "(JOIN I F \<in> preserves v) = (\<forall>i \<in> I. F i \<in> preserves v)" | 
| 13819 | 133 | by (simp add: JN_stable preserves_def, blast) | 
| 13792 | 134 | |
| 13805 | 135 | lemma SKIP_preserves [iff]: "SKIP \<in> preserves v" | 
| 13792 | 136 | by (auto simp add: preserves_def) | 
| 137 | ||
| 138 | lemma funPair_apply [simp]: "(funPair f g) x = (f x, g x)" | |
| 139 | by (simp add: funPair_def) | |
| 140 | ||
| 13805 | 141 | lemma preserves_funPair: "preserves (funPair v w) = preserves v \<inter> preserves w" | 
| 13792 | 142 | by (auto simp add: preserves_def stable_def constrains_def, blast) | 
| 143 | ||
| 13805 | 144 | (* (F \<in> preserves (funPair v w)) = (F \<in> preserves v \<inter> preserves w) *) | 
| 13792 | 145 | declare preserves_funPair [THEN eqset_imp_iff, iff] | 
| 146 | ||
| 147 | ||
| 148 | lemma funPair_o_distrib: "(funPair f g) o h = funPair (f o h) (g o h)" | |
| 13798 | 149 | by (simp add: funPair_def o_def) | 
| 13792 | 150 | |
| 151 | lemma fst_o_funPair [simp]: "fst o (funPair f g) = f" | |
| 13798 | 152 | by (simp add: funPair_def o_def) | 
| 13792 | 153 | |
| 154 | lemma snd_o_funPair [simp]: "snd o (funPair f g) = g" | |
| 13798 | 155 | by (simp add: funPair_def o_def) | 
| 13792 | 156 | |
| 13805 | 157 | lemma subset_preserves_o: "preserves v \<subseteq> preserves (w o v)" | 
| 13792 | 158 | by (force simp add: preserves_def stable_def constrains_def) | 
| 159 | ||
| 13805 | 160 | lemma preserves_subset_stable: "preserves v \<subseteq> stable {s. P (v s)}"
 | 
| 13792 | 161 | apply (auto simp add: preserves_def stable_def constrains_def) | 
| 162 | apply (rename_tac s' s) | |
| 163 | apply (subgoal_tac "v s = v s'") | |
| 164 | apply (force+) | |
| 165 | done | |
| 166 | ||
| 13805 | 167 | lemma preserves_subset_increasing: "preserves v \<subseteq> increasing v" | 
| 13792 | 168 | by (auto simp add: preserves_subset_stable [THEN subsetD] increasing_def) | 
| 169 | ||
| 13805 | 170 | lemma preserves_id_subset_stable: "preserves id \<subseteq> stable A" | 
| 13792 | 171 | by (force simp add: preserves_def stable_def constrains_def) | 
| 172 | ||
| 173 | ||
| 174 | (** For use with def_UNION_ok_iff **) | |
| 175 | ||
| 176 | lemma safety_prop_preserves [iff]: "safety_prop (preserves v)" | |
| 177 | by (auto intro: safety_prop_INTER1 simp add: preserves_def) | |
| 178 | ||
| 179 | ||
| 24147 | 180 | (** Some lemmas used only in Client.thy **) | 
| 13792 | 181 | |
| 182 | lemma stable_localTo_stable2: | |
| 13819 | 183 |      "[| F \<in> stable {s. P (v s) (w s)};
 | 
| 184 | G \<in> preserves v; G \<in> preserves w |] | |
| 185 |       ==> F\<squnion>G \<in> stable {s. P (v s) (w s)}"
 | |
| 13812 
91713a1915ee
converting HOL/UNITY to use unconditional fairness
 paulson parents: 
13805diff
changeset | 186 | apply simp | 
| 13805 | 187 | apply (subgoal_tac "G \<in> preserves (funPair v w) ") | 
| 13819 | 188 | prefer 2 apply simp | 
| 61424 
c3658c18b7bc
prod_case as canonical name for product type eliminator
 haftmann parents: 
59807diff
changeset | 189 | apply (drule_tac P1 = "case_prod Q" for Q in preserves_subset_stable [THEN subsetD], | 
| 13819 | 190 | auto) | 
| 13792 | 191 | done | 
| 192 | ||
| 193 | lemma Increasing_preserves_Stable: | |
| 13819 | 194 |      "[| F \<in> stable {s. v s \<le> w s};  G \<in> preserves v; F\<squnion>G \<in> Increasing w |]
 | 
| 195 |       ==> F\<squnion>G \<in> Stable {s. v s \<le> w s}"
 | |
| 13792 | 196 | apply (auto simp add: stable_def Stable_def Increasing_def Constrains_def all_conj_distrib) | 
| 197 | apply (blast intro: constrains_weaken) | |
| 198 | (*The G case remains*) | |
| 199 | apply (auto simp add: preserves_def stable_def constrains_def) | |
| 200 | (*We have a G-action, so delete assumptions about F-actions*) | |
| 59807 | 201 | apply (erule_tac V = "\<forall>act \<in> Acts F. P act" for P in thin_rl) | 
| 202 | apply (erule_tac V = "\<forall>z. \<forall>act \<in> Acts F. P z act" for P in thin_rl) | |
| 13792 | 203 | apply (subgoal_tac "v x = v xa") | 
| 13819 | 204 | apply auto | 
| 13792 | 205 | apply (erule order_trans, blast) | 
| 206 | done | |
| 207 | ||
| 208 | (** component_of **) | |
| 209 | ||
| 13805 | 210 | (* component_of is stronger than \<le> *) | 
| 211 | lemma component_of_imp_component: "F component_of H ==> F \<le> H" | |
| 13792 | 212 | by (unfold component_def component_of_def, blast) | 
| 213 | ||
| 214 | ||
| 13805 | 215 | (* component_of satisfies many of the same properties as \<le> *) | 
| 13792 | 216 | lemma component_of_refl [simp]: "F component_of F" | 
| 217 | apply (unfold component_of_def) | |
| 218 | apply (rule_tac x = SKIP in exI, auto) | |
| 219 | done | |
| 220 | ||
| 221 | lemma component_of_SKIP [simp]: "SKIP component_of F" | |
| 222 | by (unfold component_of_def, auto) | |
| 223 | ||
| 13819 | 224 | lemma component_of_trans: | 
| 13792 | 225 | "[| F component_of G; G component_of H |] ==> F component_of H" | 
| 226 | apply (unfold component_of_def) | |
| 227 | apply (blast intro: Join_assoc [symmetric]) | |
| 228 | done | |
| 229 | ||
| 30952 
7ab2716dd93b
power operation on functions with syntax o^; power operation on relations with syntax ^^
 haftmann parents: 
24147diff
changeset | 230 | lemmas strict_component_of_eq = strict_component_of_def | 
| 13792 | 231 | |
| 232 | (** localize **) | |
| 233 | lemma localize_Init_eq [simp]: "Init (localize v F) = Init F" | |
| 13798 | 234 | by (simp add: localize_def) | 
| 13792 | 235 | |
| 236 | lemma localize_Acts_eq [simp]: "Acts (localize v F) = Acts F" | |
| 13798 | 237 | by (simp add: localize_def) | 
| 13792 | 238 | |
| 13819 | 239 | lemma localize_AllowedActs_eq [simp]: | 
| 240 | "AllowedActs (localize v F) = AllowedActs F \<inter> (\<Union>G \<in> preserves v. Acts G)" | |
| 13798 | 241 | by (unfold localize_def, auto) | 
| 13792 | 242 | |
| 5597 | 243 | end |