author  paulson 
Mon, 18 Oct 1999 15:18:24 +0200  
changeset 7878  43b03d412b82 
parent 7826  c6a8b73b6c2a 
child 7915  c7fd7eb3b0ef 
permissions  rwrr 
5252  1 
(* Title: HOL/UNITY/Union.thy 
2 
ID: $Id$ 

3 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 

4 
Copyright 1998 University of Cambridge 

5 

6 
Unions of programs 

7 

5804
8e0a4c4fd67b
Revising the Client proof as suggested by Michel Charpentier. New lemmas
paulson
parents:
5648
diff
changeset

8 
Partly from Misra's Chapter 5: Asynchronous Compositions of Programs 
7359  9 

10 
Do we need a Meet operator? (Aka Intersection) 

5252  11 
*) 
12 

13 
Union = SubstAx + FP + 

14 

15 
constdefs 

5648  16 
JOIN :: ['a set, 'a => 'b program] => 'b program 
6295
351b3c2b0d83
removed the infernal States, eqStates, compatible, etc.
paulson
parents:
6012
diff
changeset

17 
"JOIN I F == mk_program (INT i:I. Init (F i), UN i:I. Acts (F i))" 
5252  18 

5648  19 
Join :: ['a program, 'a program] => 'a program (infixl 65) 
6295
351b3c2b0d83
removed the infernal States, eqStates, compatible, etc.
paulson
parents:
6012
diff
changeset

20 
"F Join G == mk_program (Init F Int Init G, Acts F Un Acts G)" 
5252  21 

6295
351b3c2b0d83
removed the infernal States, eqStates, compatible, etc.
paulson
parents:
6012
diff
changeset

22 
SKIP :: 'a program 
351b3c2b0d83
removed the infernal States, eqStates, compatible, etc.
paulson
parents:
6012
diff
changeset

23 
"SKIP == mk_program (UNIV, {})" 
5259  24 

7878
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

25 
Diff :: "['a set, 'a program, ('a * 'a)set set] => 'a program" 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

26 
"Diff C G acts == 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

27 
mk_program (Init G, (Restrict C `` Acts G)  (Restrict C `` acts))" 
5648  28 

5804
8e0a4c4fd67b
Revising the Client proof as suggested by Michel Charpentier. New lemmas
paulson
parents:
5648
diff
changeset

29 
(*The set of systems that regard "v" as local to F*) 
7878
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

30 
LOCALTO :: ['a => 'b, 'a set, 'a program] => 'a program set 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

31 
("(_/ localTo[_]/ _)" [80,0,80] 80) 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

32 
"v localTo[C] F == {G. ALL z. Diff C G (Acts F) : stable {s. v s = z}}" 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

33 

43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

34 
(*The weak version of localTo, considering only G's reachable states*) 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

35 
LocalTo :: ['a => 'b, 'a program] => 'a program set (infixl 80) 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

36 
"v LocalTo F == {G. G : v localTo[reachable G] F}" 
5804
8e0a4c4fd67b
Revising the Client proof as suggested by Michel Charpentier. New lemmas
paulson
parents:
5648
diff
changeset

37 

7826
c6a8b73b6c2a
working shapshot with "projecting" and "extending"
paulson
parents:
7359
diff
changeset

38 
(*Two programs with disjoint actions, except for identity actions. 
c6a8b73b6c2a
working shapshot with "projecting" and "extending"
paulson
parents:
7359
diff
changeset

39 
It's a weak property but still useful.*) 
7878
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

40 
Disjoint :: ['a set, 'a program, 'a program] => bool 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

41 
"Disjoint C F G == 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

42 
(Restrict C `` (Acts F  {Id})) Int (Restrict C `` (Acts G  {Id})) 
43b03d412b82
working version with localTo[C] instead of localTo
paulson
parents:
7826
diff
changeset

43 
<= {}" 
5648  44 

5313
1861a564d7e2
Constrains, Stable, Invariant...more of the substitution axiom, but Union
paulson
parents:
5259
diff
changeset

45 
syntax 
7359  46 
"@JOIN1" :: [pttrns, 'b set] => 'b set ("(3JN _./ _)" 10) 
5313
1861a564d7e2
Constrains, Stable, Invariant...more of the substitution axiom, but Union
paulson
parents:
5259
diff
changeset

47 
"@JOIN" :: [pttrn, 'a set, 'b set] => 'b set ("(3JN _:_./ _)" 10) 
1861a564d7e2
Constrains, Stable, Invariant...more of the substitution axiom, but Union
paulson
parents:
5259
diff
changeset

48 

1861a564d7e2
Constrains, Stable, Invariant...more of the substitution axiom, but Union
paulson
parents:
5259
diff
changeset

49 
translations 
1861a564d7e2
Constrains, Stable, Invariant...more of the substitution axiom, but Union
paulson
parents:
5259
diff
changeset

50 
"JN x:A. B" == "JOIN A (%x. B)" 
7359  51 
"JN x y. B" == "JN x. JN y. B" 
52 
"JN x. B" == "JOIN UNIV (%x. B)" 

5313
1861a564d7e2
Constrains, Stable, Invariant...more of the substitution axiom, but Union
paulson
parents:
5259
diff
changeset

53 

5252  54 
end 