isabelle: src/HOL/TLA/TLA.ML@528f7489a403 (annotated)

3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1	(*
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	2	File: TLA/TLA.ML
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	3	Author: Stephan Merz
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	4	Copyright: 1998 University of Munich
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	5
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	6	Lemmas and tactics for temporal reasoning.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	7	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	8
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	9	(* Specialize intensional introduction/elimination rules for temporal formulas *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	10
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	11	val [prem] = goal thy "(!!sigma. sigma \|= (F::temporal)) ==> \|- F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	12	by (REPEAT (resolve_tac [prem,intI] 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	13	qed "tempI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	14
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	15	val [prem] = goal thy "\|- (F::temporal) ==> sigma \|= F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	16	by (rtac (prem RS intD) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	17	qed "tempD";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	18
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	19
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	20	(* ======== Functions to "unlift" temporal theorems ====== *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	21
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	22	(* The following functions are specialized versions of the corresponding
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	23	functions defined in Intensional.ML in that they introduce a
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	24	"world" parameter of type "behavior".
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	25	*)
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	26	fun temp_unlift th =
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	27	(rewrite_rule action_rews (th RS tempD))
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	28	handle _ => action_unlift th;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	29
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	30	(* Turn \|- F = G into meta-level rewrite rule F == G *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	31	val temp_rewrite = int_rewrite;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	32
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	33	fun temp_use th =
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	34	case (concl_of th) of
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	35	Const _ $ (Const ("Intensional.Valid", _) $ _) =>
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	36	((flatten (temp_unlift th)) handle _ => th)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	37	\| _ => th;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	38
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	39	(* Update classical reasoner---will be updated once more below! *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	40
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	41	AddSIs [tempI];
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	42	AddDs [tempD];
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	43
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	44	val temp_css = (claset(), simpset());
4651 70dd492a1698 changed wrapper mechanism of classical reasoner oheimb parents: 4477 diff changeset	45	val temp_cs = op addss temp_css;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	46
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	47	(* Modify the functions that add rules to simpsets, classical sets,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	48	and clasimpsets in order to accept "lifted" theorems
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	49	*)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	50
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	51	local
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	52	fun try_rewrite th =
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	53	(temp_rewrite th) handle _ => temp_use th
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	54	in
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	55	val op addsimps = fn (ss, ts) => ss addsimps (map try_rewrite ts)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	56	val op addsimps2 = fn (css, ts) => css addsimps2 (map try_rewrite ts)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	57	end;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	58
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	59	val op addSIs = fn (cs, ts) => cs addSIs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	60	val op addSEs = fn (cs, ts) => cs addSEs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	61	val op addSDs = fn (cs, ts) => cs addSDs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	62	val op addIs = fn (cs, ts) => cs addIs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	63	val op addEs = fn (cs, ts) => cs addEs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	64	val op addDs = fn (cs, ts) => cs addDs (map temp_use ts);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	65
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	66	val op addSIs2 = fn (css, ts) => css addSIs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	67	val op addSEs2 = fn (css, ts) => css addSEs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	68	val op addSDs2 = fn (css, ts) => css addSDs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	69	val op addIs2 = fn (css, ts) => css addIs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	70	val op addEs2 = fn (css, ts) => css addEs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	71	val op addDs2 = fn (css, ts) => css addDs2 (map temp_use ts);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	72
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	73
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	74	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	75	(* "Simple temporal logic": only [] and <> *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	76	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	77	section "Simple temporal logic";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	78
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	79	(* []~F == []~Init F *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	80	bind_thm("boxNotInit",
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	81	rewrite_rule Init_simps (read_instantiate [("F", "LIFT ~F")] boxInit));
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	82
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	83	Goalw [dmd_def] "TEMP <>F == TEMP <> Init F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	84	by (rewtac (read_instantiate [("F", "LIFT ~F")] boxInit));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	85	by (simp_tac (simpset() addsimps Init_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	86	qed "dmdInit";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	87
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	88	bind_thm("dmdNotInit",
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	89	rewrite_rule Init_simps (read_instantiate [("F", "LIFT ~F")] dmdInit));
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	90
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	91	(* boxInit and dmdInit cannot be used as rewrites, because they loop.
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	92	Non-looping instances for state predicates and actions are occasionally useful.
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	93	*)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	94	bind_thm("boxInit_stp", read_instantiate [("'a","state")] boxInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	95	bind_thm("boxInit_act", read_instantiate [("'a","state * state")] boxInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	96	bind_thm("dmdInit_stp", read_instantiate [("'a","state")] dmdInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	97	bind_thm("dmdInit_act", read_instantiate [("'a","state * state")] dmdInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	98
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	99	(* The symmetric equations can be used to get rid of Init *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	100	bind_thm("boxInitD", symmetric boxInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	101	bind_thm("dmdInitD", symmetric dmdInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	102	bind_thm("boxNotInitD", symmetric boxNotInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	103	bind_thm("dmdNotInitD", symmetric dmdNotInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	104
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	105	val Init_simps = Init_simps @ [boxInitD, dmdInitD, boxNotInitD, dmdNotInitD];
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	106
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	107	(* ------------------------ STL2 ------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	108	bind_thm("STL2", reflT);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	109
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	110	(* The "polymorphic" (generic) variant *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	111	Goal "\|- []F --> Init F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	112	by (rewtac (read_instantiate [("F", "F")] boxInit));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	113	by (rtac STL2 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	114	qed "STL2_gen";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	115
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	116	(* see also STL2_pr below: "\|- []P --> Init P & Init (P`)" *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	117
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	118
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	119	(* Dual versions for <> *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	120	Goalw [dmd_def] "\|- F --> <> F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	121	by (auto_tac (temp_css addSDs2 [STL2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	122	qed "InitDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	123
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	124	Goal "\|- Init F --> <>F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	125	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	126	by (dtac (temp_use InitDmd) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	127	by (asm_full_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	128	qed "InitDmd_gen";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	129
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	130
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	131	(* ------------------------ STL3 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	132	Goal "\|- ([][]F) = ([]F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	133	by (force_tac (temp_css addEs2 [transT,STL2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	134	qed "STL3";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	135
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	136	(* corresponding elimination rule introduces double boxes:
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	137	[\| (sigma \|= []F); (sigma \|= [][]F) ==> PROP W \|] ==> PROP W
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	138	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	139	bind_thm("dup_boxE", make_elim((temp_unlift STL3) RS iffD2));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	140	bind_thm("dup_boxD", (temp_unlift STL3) RS iffD1);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	141
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	142	(* dual versions for <> *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	143	Goal "\|- (<><>F) = (<>F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	144	by (auto_tac (temp_css addsimps2 [dmd_def,STL3]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	145	qed "DmdDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	146	bind_thm("dup_dmdE", make_elim((temp_unlift DmdDmd) RS iffD2));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	147	bind_thm("dup_dmdD", (temp_unlift DmdDmd) RS iffD1);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	148
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	149
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	150	(* ------------------------ STL4 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	151	val [prem] = goal thy "\|- F --> G ==> \|- []F --> []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	152	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	153	by (rtac (temp_use normalT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	154	by (rtac (temp_use (prem RS necT)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	155	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	156	qed "STL4";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	157
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	158	(* Unlifted version as an elimination rule *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	159	val prems = goal thy "[\| sigma \|= []F; \|- F --> G \|] ==> sigma \|= []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	160	by (REPEAT (resolve_tac (prems @ [temp_use STL4]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	161	qed "STL4E";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	162
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	163	val [prem] = goal thy "\|- Init F --> Init G ==> \|- []F --> []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	164	by (rtac (rewrite_rule [boxInitD] (prem RS STL4)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	165	qed "STL4_gen";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	166
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	167	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	168	"[\| sigma \|= []F; \|- Init F --> Init G \|] ==> sigma \|= []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	169	by (REPEAT (resolve_tac (prems @ [temp_use STL4_gen]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	170	qed "STL4E_gen";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	171
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	172	(* see also STL4Edup below, which allows an auxiliary boxed formula:
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	173	[]A /\ F => G
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	174	-----------------
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	175	[]A /\ []F => []G
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	176	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	177
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	178	(* The dual versions for <> *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	179	val [prem] = goalw thy [dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	180	"\|- F --> G ==> \|- <>F --> <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	181	by (fast_tac (temp_cs addSIs [prem] addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	182	qed "DmdImpl";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	183
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	184	val prems = goal thy "[\| sigma \|= <>F; \|- F --> G \|] ==> sigma \|= <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	185	by (REPEAT (resolve_tac (prems @ [temp_use DmdImpl]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	186	qed "DmdImplE";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	187
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	188
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	189	(* ------------------------ STL5 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	190	Goal "\|- ([]F & []G) = ([](F & G))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	191	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	192	by (subgoal_tac "sigma \|= [](G --> (F & G))" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	193	by (etac (temp_use normalT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	194	by (ALLGOALS (fast_tac (temp_cs addSEs [STL4E])));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	195	qed "STL5";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	196
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	197	(* rewrite rule to split conjunctions under boxes *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	198	bind_thm("split_box_conj", (temp_unlift STL5) RS sym);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	199
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	200	(* the corresponding elimination rule allows to combine boxes in the hypotheses
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	201	(NB: F and G must have the same type, i.e., both actions or temporals.)
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	202	Use "addSE2" etc. if you want to add this to a claset, otherwise it will loop!
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	203	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	204	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	205	"[\| sigma \|= []F; sigma \|= []G; sigma \|= [](F&G) ==> PROP R \|] ==> PROP R";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	206	by (REPEAT (resolve_tac (prems @ [(temp_unlift STL5) RS iffD1, conjI]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	207	qed "box_conjE";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	208
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	209	(* Instances of box_conjE for state predicates, actions, and temporals
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	210	in case the general rule is "too polymorphic".
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	211	*)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	212	bind_thm("box_conjE_temp", read_instantiate [("'a","behavior")] box_conjE);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	213	bind_thm("box_conjE_stp", read_instantiate [("'a","state")] box_conjE);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	214	bind_thm("box_conjE_act", read_instantiate [("'a","state * state")] box_conjE);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	215
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	216	(* Define a tactic that tries to merge all boxes in an antecedent. The definition is
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	217	a bit kludgy in order to simulate "double elim-resolution".
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	218	*)
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	219
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	220	Goal "[\| sigma \|= []F; PROP W \|] ==> PROP W";
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	221	by (atac 1);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	222	val box_thin = result();
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	223
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	224	fun merge_box_tac i =
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	225	REPEAT_DETERM (EVERY [etac box_conjE i, atac i, etac box_thin i]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	226
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	227	fun merge_temp_box_tac i =
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	228	REPEAT_DETERM (EVERY [etac box_conjE_temp i, atac i,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	229	eres_inst_tac [("'a","behavior")] box_thin i]);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	230
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	231	fun merge_stp_box_tac i =
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	232	REPEAT_DETERM (EVERY [etac box_conjE_stp i, atac i,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	233	eres_inst_tac [("'a","state")] box_thin i]);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	234
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	235	fun merge_act_box_tac i =
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	236	REPEAT_DETERM (EVERY [etac box_conjE_act i, atac i,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	237	eres_inst_tac [("'a","state * state")] box_thin i]);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	238
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	239
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	240	(* rewrite rule to push universal quantification through box:
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	241	(sigma \|= [](! x. F x)) = (! x. (sigma \|= []F x))
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	242	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	243	bind_thm("all_box", standard((temp_unlift allT) RS sym));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	244
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	245
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	246	Goal "\|- (<>(F \| G)) = (<>F \| <>G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	247	by (auto_tac (temp_css addsimps2 [dmd_def,split_box_conj]));
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	248	by (ALLGOALS (EVERY' [etac contrapos_np,
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	249	merge_box_tac,
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	250	fast_tac (temp_cs addSEs [STL4E])]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	251	qed "DmdOr";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	252
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	253	Goal "\|- (EX x. <>(F x)) = (<>(EX x. F x))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	254	by (auto_tac (temp_css addsimps2 [dmd_def,Not_Rex,all_box]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	255	qed "exT";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	256
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	257	bind_thm("ex_dmd", standard((temp_unlift exT) RS sym));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	258
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	259
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	260	Goal "!!sigma. [\| sigma \|= []A; sigma \|= []F; \|- F & []A --> G \|] ==> sigma \|= []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	261	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	262	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	263	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	264	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	265	qed "STL4Edup";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	266
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	267	Goalw [dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	268	"!!sigma. [\| sigma \|= <>F; sigma \|= [](F --> G) \|] ==> sigma \|= <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	269	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	270	by (etac notE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	271	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	272	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	273	qed "DmdImpl2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	274
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	275	val [prem1,prem2,prem3] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	276	"[\| sigma \|= []<>F; sigma \|= []G; \|- F & G --> H \|] ==> sigma \|= []<>H";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	277	by (cut_facts_tac [prem1,prem2] 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	278	by (eres_inst_tac [("F","G")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	279	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	280	by (fast_tac (temp_cs addSEs [STL4E,DmdImpl2] addSIs [prem3]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	281	qed "InfImpl";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	282
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	283	(* ------------------------ STL6 ------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	284	(* Used in the proof of STL6, but useful in itself. *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	285	Goalw [dmd_def] "\|- []F & <>G --> <>([]F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	286	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	287	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	288	by (merge_box_tac 1);
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	289	by (etac contrapos_np 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	290	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	291	qed "BoxDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	292
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	293	(* weaker than BoxDmd, but more polymorphic (and often just right) *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	294	Goalw [dmd_def] "\|- []F & <>G --> <>(F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	295	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	296	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	297	by (fast_tac (temp_cs addSEs [notE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	298	qed "BoxDmd_simple";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	299
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	300	Goalw [dmd_def] "\|- []F & <>G --> <>(G & F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	301	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	302	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	303	by (fast_tac (temp_cs addSEs [notE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	304	qed "BoxDmd2_simple";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	305
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	306	val [p1,p2,p3] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	307	"[\| sigma \|= []A; sigma \|= <>F; \|- []A & F --> G \|] ==> sigma \|= <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	308	by (rtac ((p2 RS (p1 RS (temp_use BoxDmd))) RS DmdImplE) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	309	by (rtac p3 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	310	qed "DmdImpldup";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	311
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	312	Goal "\|- <>[]F & <>[]G --> <>[](F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	313	by (auto_tac (temp_css addsimps2 [symmetric (temp_rewrite STL5)]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	314	by (dtac (temp_use linT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	315	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	316	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	317	by (rtac ((temp_unlift DmdDmd) RS iffD1) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	318	by (etac disjE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	319	by (etac DmdImplE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	320	by (rtac BoxDmd 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	321	by (etac DmdImplE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	322	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	323	by (dtac (temp_use BoxDmd) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	324	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	325	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	326	by (fast_tac (temp_cs addSEs [DmdImplE]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	327	qed "STL6";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	328
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	329
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	330	(* ------------------------ True / False ----------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	331	section "Simplification of constants";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	332
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	333	Goal "\|- ([]#P) = #P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	334	by (rtac tempI 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	335	by (case_tac "P" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	336	by (auto_tac (temp_css addSIs2 [necT] addDs2 [STL2_gen]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	337	addsimps2 Init_simps));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	338	qed "BoxConst";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	339
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	340	Goalw [dmd_def] "\|- (<>#P) = #P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	341	by (case_tac "P" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	342	by (ALLGOALS (asm_full_simp_tac (simpset() addsimps [BoxConst])));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	343	qed "DmdConst";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	344
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	345	val temp_simps = map temp_rewrite [BoxConst, DmdConst];
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	346
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	347	(* Make these rewrites active by default *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	348	Addsimps temp_simps;
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	349	val temp_css = temp_css addsimps2 temp_simps;
4651 70dd492a1698 changed wrapper mechanism of classical reasoner oheimb parents: 4477 diff changeset	350	val temp_cs = op addss temp_css;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	351
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	352
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	353	(* ------------------------ Further rewrites ----------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	354	section "Further rewrites";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	355
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	356	Goalw [dmd_def] "\|- (~[]F) = (<>~F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	357	by (Simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	358	qed "NotBox";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	359
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	360	Goalw [dmd_def] "\|- (~<>F) = ([]~F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	361	by (Simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	362	qed "NotDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	363
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	364	(* These are not by default included in temp_css, because they could be harmful,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	365	e.g. []F & ~[]F becomes []F & <>~F !! *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	366	val more_temp_simps = (map temp_rewrite [STL3, DmdDmd, NotBox, NotDmd])
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	367	@ (map (fn th => (temp_unlift th) RS eq_reflection)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	368	[NotBox, NotDmd]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	369
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	370	Goal "\|- ([]<>[]F) = (<>[]F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	371	by (auto_tac (temp_css addSDs2 [STL2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	372	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	373	by (subgoal_tac "sigma \|= <>[][]F & <>[]~[]F" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	374	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	375	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	376	by (dtac (temp_use STL6) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	377	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	378	by (Asm_full_simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	379	by (ALLGOALS (asm_full_simp_tac (simpset() addsimps more_temp_simps)));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	380	qed "BoxDmdBox";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	381
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	382	Goalw [dmd_def] "\|- (<>[]<>F) = ([]<>F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	383	by (auto_tac (temp_css addsimps2 [rewrite_rule [dmd_def] BoxDmdBox]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	384	qed "DmdBoxDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	385
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	386	val more_temp_simps = more_temp_simps @ (map temp_rewrite [BoxDmdBox, DmdBoxDmd]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	387
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	388
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	389	(* ------------------------ Miscellaneous ----------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	390
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	391	Goal "!!sigma. [\| sigma \|= []F \| []G \|] ==> sigma \|= [](F \| G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	392	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	393	qed "BoxOr";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	394
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	395	(* "persistently implies infinitely often" *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	396	Goal "\|- <>[]F --> []<>F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	397	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	398	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	399	by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	400	by (dtac (temp_use STL6) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	401	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	402	by (Asm_full_simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	403	qed "DBImplBD";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	404
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	405	Goal "\|- []<>F & <>[]G --> []<>(F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	406	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	407	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	408	by (rewrite_goals_tac more_temp_simps);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	409	by (dtac (temp_use STL6) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	410	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	411	by (subgoal_tac "sigma \|= <>[]~F" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	412	by (force_tac (temp_css addsimps2 [dmd_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	413	by (fast_tac (temp_cs addEs [DmdImplE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	414	qed "BoxDmdDmdBox";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	415
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	416
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	417	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	418	(* TLA-specific theorems: primed formulas *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	419	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	420	section "priming";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	421
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	422	(* ------------------------ TLA2 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	423	Goal "\|- []P --> Init P & Init P`";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	424	by (fast_tac (temp_cs addSIs [primeI, STL2_gen]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	425	qed "STL2_pr";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	426
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	427	(* Auxiliary lemma allows priming of boxed actions *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	428	Goal "\|- []P --> []($P & P$)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	429	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	430	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	431	by (rewtac boxInit_act);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	432	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	433	by (auto_tac (temp_css addsimps2 Init_simps addSDs2 [STL2_pr]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	434	qed "BoxPrime";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	435
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	436	val prems = goal thy "\|- $P & P$ --> A ==> \|- []P --> []A";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	437	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	438	by (dtac (temp_use BoxPrime) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	439	by (auto_tac (temp_css addsimps2 [Init_stp_act_rev]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	440	addSIs2 prems addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	441	qed "TLA2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	442
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	443	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	444	"[\| sigma \|= []P; \|- $P & P$ --> A \|] ==> sigma \|= []A";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	445	by (REPEAT (resolve_tac (prems @ (prems RL [temp_use TLA2])) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	446	qed "TLA2E";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	447
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	448	Goalw [dmd_def] "\|- (<>P`) --> (<>P)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	449	by (fast_tac (temp_cs addSEs [TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	450	qed "DmdPrime";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	451
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	452	bind_thm("PrimeDmd", (temp_use InitDmd_gen) RS (temp_use DmdPrime));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	453
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	454	(* ------------------------ INV1, stable --------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	455	section "stable, invariant";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	456
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	457	val prems = goal thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	458	"[\| sigma \|= []H; sigma \|= Init P; \|- H --> (Init P & ~[]F --> Init(P`) & F) \|] \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	459	\ ==> sigma \|= []F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	460	by (rtac (temp_use indT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	461	by (REPEAT (resolve_tac (prems @ (prems RL [STL4E])) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	462	qed "ind_rule";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	463
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	464	Goalw [boxInit_act] "\|- ([]$P) = ([]P)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	465	by (simp_tac (simpset() addsimps Init_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	466	qed "box_stp_act";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	467	bind_thm("box_stp_actI", zero_var_indexes ((temp_use box_stp_act) RS iffD2));
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	468	bind_thm("box_stp_actD", zero_var_indexes ((temp_use box_stp_act) RS iffD1));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	469
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	470	val more_temp_simps = (temp_rewrite box_stp_act)::more_temp_simps;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	471
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	472	Goalw [stable_def,boxInit_stp,boxInit_act]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	473	"\|- (Init P) --> (stable P) --> []P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	474	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	475	by (etac ind_rule 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	476	by (auto_tac (temp_css addsimps2 Init_simps addEs2 [ind_rule]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	477	qed "INV1";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	478
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	479	Goalw [stable_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	480	"!!P. \|- $P & A --> P` ==> \|- []A --> stable P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	481	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	482	qed "StableT";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	483
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	484	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	485	"[\| sigma \|= []A; \|- $P & A --> P` \|] ==> sigma \|= stable P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	486	by (REPEAT (resolve_tac (prems @ [temp_use StableT]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	487	qed "Stable";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	488
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	489	(* Generalization of INV1 *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	490	Goalw [stable_def] "\|- (stable P) --> [](Init P --> []P)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	491	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	492	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	493	by (force_tac (temp_css addsimps2 [stable_def] addEs2 [STL4E, INV1]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	494	qed "StableBox";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	495
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	496	Goal "\|- (stable P) & <>P --> <>[]P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	497	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	498	by (rtac DmdImpl2 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	499	by (etac (temp_use StableBox) 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	500	by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	501	qed "DmdStable";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	502
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	503	(* ---------------- (Semi-)automatic invariant tactics ---------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	504
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	505	(* inv_tac reduces goals of the form ... ==> sigma \|= []P *)
5755 22081de41254 corrected auto_tac (applications of unsafe wrappers) oheimb parents: 5525 diff changeset	506	fun inv_tac css = SELECT_GOAL
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	507	(EVERY [auto_tac css,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	508	TRY (merge_box_tac 1),
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	509	rtac (temp_use INV1) 1, (* fail if the goal is not a box *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	510	TRYALL (etac Stable)]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	511
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	512	(* auto_inv_tac applies inv_tac and then tries to attack the subgoals;
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	513	in simple cases it may be able to handle goals like \|- MyProg --> []Inv.
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	514	In these simple cases the simplifier seems to be more useful than the
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	515	auto-tactic, which applies too much propositional logic and simplifies
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	516	too late.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	517	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	518
5755 22081de41254 corrected auto_tac (applications of unsafe wrappers) oheimb parents: 5525 diff changeset	519	fun auto_inv_tac ss = SELECT_GOAL
4089 96fba19bcbe2 isatool fixclasimp; wenzelm parents: 3807 diff changeset	520	((inv_tac (claset(),ss) 1) THEN
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	521	(TRYALL (action_simp_tac (ss addsimps [Init_stp,Init_act]) [] [squareE])));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	522
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	523
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	524	Goalw [dmd_def] "\|- []($P --> P` \| Q`) --> (stable P) \| <>Q";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	525	by (clarsimp_tac (temp_css addSDs2 [BoxPrime]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	526	by (merge_box_tac 1);
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	527	by (etac contrapos_np 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	528	by (fast_tac (temp_cs addSEs [Stable]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	529	qed "unless";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	530
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	531
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	532	(* --------------------- Recursive expansions --------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	533	section "recursive expansions";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	534
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	535	(* Recursive expansions of [] and <> for state predicates *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	536	Goal "\|- ([]P) = (Init P & []P`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	537	by (auto_tac (temp_css addSIs2 [STL2_gen]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	538	by (fast_tac (temp_cs addSEs [TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	539	by (auto_tac (temp_css addsimps2 [stable_def] addSEs2 [INV1,STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	540	qed "BoxRec";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	541
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	542	Goalw [dmd_def, temp_rewrite BoxRec] "\|- (<>P) = (Init P \| <>P`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	543	by (auto_tac (temp_css addsimps2 Init_simps));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	544	qed "DmdRec";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	545
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	546	Goal "!!sigma. [\| sigma \|= <>P; sigma \|= []~P` \|] ==> sigma \|= Init P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	547	by (force_tac (temp_css addsimps2 [DmdRec,dmd_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	548	qed "DmdRec2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	549
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	550	Goal "\|- ([]<>P) = ([]<>P`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	551	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	552	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	553	by (rtac (temp_use DBImplBD) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	554	by (subgoal_tac "sigma \|= <>[]P" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	555	by (fast_tac (temp_cs addSEs [DmdImplE,TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	556	by (subgoal_tac "sigma \|= <>[](<>P & []~P`)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	557	by (force_tac (temp_css addsimps2 [boxInit_stp]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	558	addSEs2 [DmdImplE,STL4E,DmdRec2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	559	by (force_tac (temp_css addSIs2 [STL6] addsimps2 more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	560	by (fast_tac (temp_cs addIs [DmdPrime] addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	561	qed "InfinitePrime";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	562
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	563	val prems = goalw thy [temp_rewrite InfinitePrime]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	564	"[\| sigma \|= []N; sigma \|= []<>A; \|- A & N --> P` \|] ==> sigma \|= []<>P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	565	by (rtac InfImpl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	566	by (REPEAT (resolve_tac prems 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	567	qed "InfiniteEnsures";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	568
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	569	(* ------------------------ fairness ------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	570	section "fairness";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	571
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	572	(* alternative definitions of fairness *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	573	Goalw [WF_def,dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	574	"\|- WF(A)_v = ([]<>~Enabled(<A>_v) \| []<><A>_v)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	575	by (fast_tac temp_cs 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	576	qed "WF_alt";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	577
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	578	Goalw [SF_def,dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	579	"\|- SF(A)_v = (<>[]~Enabled(<A>_v) \| []<><A>_v)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	580	by (fast_tac temp_cs 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	581	qed "SF_alt";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	582
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	583	(* theorems to "box" fairness conditions *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	584	Goal "\|- WF(A)_v --> []WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	585	by (auto_tac (temp_css addsimps2 (WF_alt::more_temp_simps)
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	586	addSIs2 [BoxOr]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	587	qed "BoxWFI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	588
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	589	Goal "\|- ([]WF(A)_v) = WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	590	by (fast_tac (temp_cs addSIs [BoxWFI] addSDs [STL2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	591	qed "WF_Box";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	592
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	593	Goal "\|- SF(A)_v --> []SF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	594	by (auto_tac (temp_css addsimps2 (SF_alt::more_temp_simps)
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	595	addSIs2 [BoxOr]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	596	qed "BoxSFI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	597
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	598	Goal "\|- ([]SF(A)_v) = SF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	599	by (fast_tac (temp_cs addSIs [BoxSFI] addSDs [STL2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	600	qed "SF_Box";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	601
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	602	val more_temp_simps = more_temp_simps @ (map temp_rewrite [WF_Box, SF_Box]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	603
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	604	Goalw [SF_def,WF_def] "\|- SF(A)_v --> WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	605	by (fast_tac (temp_cs addSDs [DBImplBD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	606	qed "SFImplWF";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	607
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	608	(* A tactic that "boxes" all fairness conditions. Apply more_temp_simps to "unbox". *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	609	val box_fair_tac = SELECT_GOAL (REPEAT (dresolve_tac [BoxWFI,BoxSFI] 1));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	610
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	611
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	612	(* ------------------------------ leads-to ------------------------------ *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	613
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	614	section "~>";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	615
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	616	Goalw [leadsto_def] "\|- (Init F) & (F ~> G) --> <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	617	by (auto_tac (temp_css addSDs2 [STL2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	618	qed "leadsto_init";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	619
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	620	(* \|- F & (F ~> G) --> <>G *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	621	bind_thm("leadsto_init_temp",
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	622	rewrite_rule Init_simps (read_instantiate [("'a","behavior")] leadsto_init));
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	623
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	624	Goalw [leadsto_def] "\|- ([]<>Init F --> []<>G) = (<>(F ~> G))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	625	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	626	by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	627	by (fast_tac (temp_cs addSEs [DmdImplE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	628	by (fast_tac (temp_cs addSIs [InitDmd] addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	629	by (subgoal_tac "sigma \|= []<><>G" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	630	by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	631	by (dtac (temp_use BoxDmdDmdBox) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	632	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	633	by (fast_tac (temp_cs addSEs [DmdImplE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	634	qed "streett_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	635
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	636	Goal "\|- []<>F & (F ~> G) --> []<>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	637	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	638	by (etac ((temp_use InitDmd) RS
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	639	((temp_unlift streett_leadsto) RS iffD2 RS mp)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	640	by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	641	qed "leadsto_infinite";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	642
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	643	(* In particular, strong fairness is a Streett condition. The following
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	644	rules are sometimes easier to use than WF2 or SF2 below.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	645	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	646	Goalw [SF_def] "\|- (Enabled(<A>_v) ~> <A>_v) --> SF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	647	by (clarsimp_tac (temp_css addSEs2 [leadsto_infinite]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	648	qed "leadsto_SF";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	649
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	650	Goal "\|- (Enabled(<A>_v) ~> <A>_v) --> WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	651	by (clarsimp_tac (temp_css addSIs2 [SFImplWF, leadsto_SF]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	652	qed "leadsto_WF";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	653
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	654	(* introduce an invariant into the proof of a leadsto assertion.
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	655	[]I --> ((P ~> Q) = (P /\ I ~> Q))
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	656	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	657	Goalw [leadsto_def] "\|- []I & (P & I ~> Q) --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	658	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	659	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	660	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	661	by (auto_tac (temp_css addsimps2 Init_simps addSDs2 [STL2_gen]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	662	qed "INV_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	663
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	664	Goalw [leadsto_def,dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	665	"\|- (Init F & []~G ~> G) --> (F ~> G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	666	by (force_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	667	qed "leadsto_classical";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	668
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	669	Goalw [leadsto_def] "\|- (F ~> #False) = ([]~F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	670	by (simp_tac (simpset() addsimps [boxNotInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	671	qed "leadsto_false";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	672
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	673	Goalw [leadsto_def] "\|- ((EX x. F x) ~> G) = (ALL x. (F x ~> G))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	674	by (auto_tac (temp_css addsimps2 allT::Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	675	qed "leadsto_exists";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	676
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	677	(* basic leadsto properties, cf. Unity *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	678
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	679	Goalw [leadsto_def] "\|- [](Init F --> Init G) --> (F ~> G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	680	by (auto_tac (temp_css addSIs2 [InitDmd_gen] addSEs2 [STL4E_gen]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	681	addsimps2 Init_simps));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	682	qed "ImplLeadsto_gen";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	683
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	684	bind_thm("ImplLeadsto",
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	685	rewrite_rule Init_simps
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	686	(read_instantiate [("'a","behavior"), ("'b","behavior")] ImplLeadsto_gen));
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	687
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	688	Goal "!!F G. \|- F --> G ==> \|- F ~> G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	689	by (auto_tac (temp_css addsimps2 [Init_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	690	addSIs2 [ImplLeadsto_gen,necT]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	691	qed "ImplLeadsto_simple";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	692
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	693	val [prem] = goalw thy [leadsto_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	694	"\|- A & $P --> Q` ==> \|- []A --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	695	by (clarsimp_tac (temp_css addSEs2 [INV_leadsto]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	696	by (etac STL4E_gen 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	697	by (auto_tac (temp_css addsimps2 Init_defs addSIs2 [PrimeDmd,prem]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	698	qed "EnsuresLeadsto";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	699
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	700	Goalw [leadsto_def] "\|- []($P --> Q`) --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	701	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	702	by (etac STL4E_gen 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	703	by (auto_tac (temp_css addsimps2 Init_simps addSIs2 [PrimeDmd]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	704	qed "EnsuresLeadsto2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	705
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	706	val [p1,p2] = goalw thy [leadsto_def]
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	707	"[\| \|- $P & N --> P` \| Q`; \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	708	\ \|- ($P & N) & A --> Q` \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	709	\ \|] ==> \|- []N & []([]P --> <>A) --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	710	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	711	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	712	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	713	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	714	by (subgoal_tac "sigmaa \|= []($P --> P` \| Q`)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	715	by (dtac (temp_use unless) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	716	by (clarsimp_tac (temp_css addSDs2 [INV1]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	717	by (rtac ((temp_use (p2 RS DmdImpl)) RS (temp_use DmdPrime)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	718	by (force_tac (temp_css addSIs2 [BoxDmd_simple]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	719	addsimps2 [split_box_conj,box_stp_act]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	720	by (force_tac (temp_css addEs2 [STL4E] addDs2 [p1]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	721	qed "ensures";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	722
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	723	val prems = goal thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	724	"[\| \|- $P & N --> P` \| Q`; \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	725	\ \|- ($P & N) & A --> Q` \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	726	\ \|] ==> \|- []N & []<>A --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	727	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	728	by (rtac (temp_use ensures) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	729	by (TRYALL (ares_tac prems));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	730	by (force_tac (temp_css addSEs2 [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	731	qed "ensures_simple";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	732
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	733	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	734	"[\| sigma \|= []<>P; sigma \|= []A; \|- A & $P --> Q` \|] ==> sigma \|= []<>Q";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	735	by (REPEAT (resolve_tac (prems @
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	736	(map temp_use [leadsto_infinite, EnsuresLeadsto])) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	737	qed "EnsuresInfinite";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	738
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	739
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	740	(* Gronning's lattice rules (taken from TLP) *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	741	section "Lattice rules";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	742
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	743	Goalw [leadsto_def] "\|- F ~> F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	744	by (REPEAT (resolve_tac [necT,InitDmd_gen] 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	745	qed "LatticeReflexivity";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	746
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	747	Goalw [leadsto_def] "\|- (G ~> H) & (F ~> G) --> (F ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	748	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	749	by (etac dup_boxE 1); (* [][](Init G --> H) *)
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	750	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	751	by (clarsimp_tac (temp_css addSEs2 [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	752	by (rtac dup_dmdD 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	753	by (subgoal_tac "sigmaa \|= <>Init G" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	754	by (etac DmdImpl2 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	755	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	756	by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	757	qed "LatticeTransitivity";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	758
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	759	Goalw [leadsto_def] "\|- (F \| G ~> H) --> (F ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	760	by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	761	qed "LatticeDisjunctionElim1";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	762
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	763	Goalw [leadsto_def] "\|- (F \| G ~> H) --> (G ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	764	by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	765	qed "LatticeDisjunctionElim2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	766
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	767	Goalw [leadsto_def] "\|- (F ~> H) & (G ~> H) --> (F \| G ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	768	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	769	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	770	by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	771	qed "LatticeDisjunctionIntro";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	772
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	773	Goal "\|- (F \| G ~> H) = ((F ~> H) & (G ~> H))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	774	by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	775	LatticeDisjunctionElim1, LatticeDisjunctionElim2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	776	qed "LatticeDisjunction";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	777
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	778	Goal "\|- (A ~> B \| C) & (B ~> D) & (C ~> D) --> (A ~> D)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	779	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	780	by (subgoal_tac "sigma \|= (B \| C) ~> D" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	781	by (eres_inst_tac [("G", "LIFT (B \| C)")] (temp_use LatticeTransitivity) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	782	by (ALLGOALS (fast_tac (temp_cs addSIs [LatticeDisjunctionIntro])));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	783	qed "LatticeDiamond";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	784
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	785	Goal "\|- (A ~> D \| B) & (B ~> D) --> (A ~> D)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	786	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	787	by (subgoal_tac "sigma \|= (D \| B) ~> D" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	788	by (eres_inst_tac [("G", "LIFT (D \| B)")] (temp_use LatticeTransitivity) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	789	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	790	by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,LatticeReflexivity]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	791	qed "LatticeTriangle";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	792
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	793	Goal "\|- (A ~> B \| D) & (B ~> D) --> (A ~> D)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	794	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	795	by (subgoal_tac "sigma \|= B \| D ~> D" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	796	by (eres_inst_tac [("G", "LIFT (B \| D)")] (temp_use LatticeTransitivity) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	797	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	798	by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,LatticeReflexivity]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	799	qed "LatticeTriangle2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	800
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	801	(* Lamport's fairness rules *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	802	section "Fairness rules";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	803
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	804	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	805	"[\| \|- $P & N --> P` \| Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	806	\ \|- ($P & N) & <A>_v --> Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	807	\ \|- $P & N --> $(Enabled(<A>_v)) \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	808	\ ==> \|- []N & WF(A)_v --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	809	by (clarsimp_tac (temp_css addSDs2 [BoxWFI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	810	by (rtac (temp_use ensures) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	811	by (TRYALL (ares_tac prems));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	812	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	813	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	814	by (clarsimp_tac (temp_css addsimps2 [WF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	815	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	816	by (clarsimp_tac (temp_css addSEs2 [mp] addSIs2 [InitDmd]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	817	by (resolve_tac ((map temp_use (prems RL [STL4])) RL [box_stp_actD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	818	by (asm_simp_tac (simpset() addsimps [split_box_conj,box_stp_actI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	819	qed "WF1";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	820
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	821	(* Sometimes easier to use; designed for action B rather than state predicate Q *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	822	val [prem1,prem2,prem3] = goalw thy [leadsto_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	823	"[\| \|- N & $P --> $Enabled (<A>_v); \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	824	\ \|- N & <A>_v --> B; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	825	\ \|- [](N & [~A]_v) --> stable P \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	826	\ ==> \|- []N & WF(A)_v --> (P ~> B)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	827	by (clarsimp_tac (temp_css addSDs2 [BoxWFI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	828	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	829	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	830	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	831	by (rtac (temp_use (prem2 RS DmdImpl)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	832	by (rtac (temp_use BoxDmd_simple) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	833	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	834	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	835	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	836	by (clarsimp_tac (temp_css addsimps2 [WF_def] addSEs2 [mp] addSIs2 [InitDmd]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	837	by (rtac ((temp_use (prem1 RS STL4)) RS box_stp_actD) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	838	by (asm_simp_tac (simpset() addsimps [split_box_conj,box_stp_act]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	839	by (etac (temp_use INV1) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	840	by (rtac (temp_use prem3) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	841	by (asm_full_simp_tac (simpset() addsimps [split_box_conj,temp_use NotDmd,not_angle]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	842	qed "WF_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	843
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	844	val prems = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	845	"[\| \|- $P & N --> P` \| Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	846	\ \|- ($P & N) & <A>_v --> Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	847	\ \|- []P & []N & []F --> <>Enabled(<A>_v) \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	848	\ ==> \|- []N & SF(A)_v & []F --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	849	by (clarsimp_tac (temp_css addSDs2 [BoxSFI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	850	by (rtac (temp_use ensures) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	851	by (TRYALL (ares_tac prems));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	852	by (eres_inst_tac [("F","F")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	853	by (merge_temp_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	854	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	855	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	856	by (clarsimp_tac (temp_css addsimps2 [SF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	857	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	858	by (etac mp 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	859	by (resolve_tac (map temp_use (prems RL [STL4])) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	860	by (asm_simp_tac (simpset() addsimps [split_box_conj, STL3]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	861	qed "SF1";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	862
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	863	val [prem1,prem2,prem3,prem4] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	864	"[\| \|- N & <B>_f --> <M>_g; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	865	\ \|- $P & P` & <N & A>_f --> B; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	866	\ \|- P & Enabled(<M>_g) --> Enabled(<A>_f); \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	867	\ \|- [](N & [~B]_f) & WF(A)_f & []F & <>[]Enabled(<M>_g) --> <>[]P \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	868	\ ==> \|- []N & WF(A)_f & []F --> WF(M)_g";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	869	by (clarsimp_tac (temp_css addSDs2 [BoxWFI, (temp_use BoxDmdBox) RS iffD2]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	870	addsimps2 [read_instantiate [("A","M")] WF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	871	by (eres_inst_tac [("F","F")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	872	by (merge_temp_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	873	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	874	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	875	by (clarsimp_tac (temp_css addSIs2
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	876	[(temp_use BoxDmd_simple) RS (temp_use (prem1 RS DmdImpl))]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	877	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	878	by (subgoal_tac "sigmaa \|= <>(($P & P` & N) & <A>_f)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	879	by (force_tac (temp_css addsimps2 [angle_def] addSIs2 [prem2] addSEs2 [DmdImplE]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	880	by (rtac (temp_use (rewrite_rule [temp_rewrite DmdDmd] (BoxDmd_simple RS DmdImpl))) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	881	by (asm_full_simp_tac (simpset() addsimps [temp_use NotDmd, not_angle]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	882	by (merge_act_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	883	by (forward_tac [temp_use prem4] 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	884	by (TRYALL atac);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	885	by (dtac (temp_use STL6) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	886	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	887	by (eres_inst_tac [("V","sigmaa \|= <>[]P")] thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	888	by (eres_inst_tac [("V","sigmaa \|= []F")] thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	889	by (dtac (temp_use BoxWFI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	890	by (eres_inst_tac [("F", "ACT N & [~B]_f")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	891	by (merge_temp_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	892	by (etac DmdImpldup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	893	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	894	by (auto_tac (temp_css addsimps2 [split_box_conj,STL3,WF_Box,box_stp_act]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	895	by (force_tac (temp_css addSEs2 [read_instantiate [("P","P")] TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	896	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	897	by (force_tac (temp_css addsimps2 [WF_def,split_box_conj] addSEs2 [mp]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	898	addSIs2 [InitDmd, prem3 RS STL4]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	899	qed "WF2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	900
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	901	val [prem1,prem2,prem3,prem4] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	902	"[\| \|- N & <B>_f --> <M>_g; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	903	\ \|- $P & P` & <N & A>_f --> B; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	904	\ \|- P & Enabled(<M>_g) --> Enabled(<A>_f); \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	905	\ \|- [](N & [~B]_f) & SF(A)_f & []F & []<>Enabled(<M>_g) --> <>[]P \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	906	\ ==> \|- []N & SF(A)_f & []F --> SF(M)_g";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	907	by (clarsimp_tac (temp_css addSDs2 [BoxSFI]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	908	addsimps2 [read_instantiate [("A","M")] SF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	909	by (eres_inst_tac [("F","F")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	910	by (eres_inst_tac [("F","TEMP <>Enabled(<M>_g)")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	911	by (merge_temp_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	912	by (etac STL4Edup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	913	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	914	by (clarsimp_tac (temp_css addSIs2
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	915	[(temp_use BoxDmd_simple) RS (temp_use (prem1 RS DmdImpl))]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	916	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	917	by (subgoal_tac "sigmaa \|= <>(($P & P` & N) & <A>_f)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	918	by (force_tac (temp_css addsimps2 [angle_def] addSIs2 [prem2] addSEs2 [DmdImplE]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	919	by (rtac (temp_use (rewrite_rule [temp_rewrite DmdDmd] (BoxDmd_simple RS DmdImpl))) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	920	by (asm_full_simp_tac (simpset() addsimps [temp_use NotDmd, not_angle]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	921	by (merge_act_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	922	by (forward_tac [temp_use prem4] 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	923	by (TRYALL atac);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	924	by (eres_inst_tac [("V","sigmaa \|= []F")] thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	925	by (dtac (temp_use BoxSFI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	926	by (eres_inst_tac [("F","TEMP <>Enabled(<M>_g)")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	927	by (eres_inst_tac [("F", "ACT N & [~B]_f")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	928	by (merge_temp_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	929	by (etac DmdImpldup 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	930	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	931	by (auto_tac (temp_css addsimps2 [split_box_conj,STL3,SF_Box,box_stp_act]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	932	by (force_tac (temp_css addSEs2 [read_instantiate [("P","P")] TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	933	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	934	by (force_tac (temp_css addsimps2 [SF_def,split_box_conj] addSEs2 [mp,InfImpl]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	935	addSIs2 [prem3]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	936	qed "SF2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	937
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	938	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	939	(* Liveness proofs by well-founded orderings *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	940	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	941	section "Well-founded orderings";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	942
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	943	val p1::prems = goal thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	944	"[\| wf r; \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	945	\ !!x. sigma \|= F x ~> (G \| (EX y. #((y,x):r) & F y)) \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	946	\ \|] ==> sigma \|= F x ~> G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	947	by (rtac (p1 RS wf_induct) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	948	by (rtac (temp_use LatticeTriangle) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	949	by (resolve_tac prems 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	950	by (auto_tac (temp_css addsimps2 [leadsto_exists]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	951	by (case_tac "(y,x):r" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	952	by (Force_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	953	by (force_tac (temp_css addsimps2 leadsto_def::Init_simps addSIs2 [necT]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	954	qed "wf_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	955
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	956	(* If r is well-founded, state function v cannot decrease forever *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	957	Goal "!!r. wf r ==> \|- [][ (v`, $v) : #r ]_v --> <>[][#False]_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	958	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	959	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	960	by (subgoal_tac "sigma \|= (EX x. v=#x) ~> #False" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	961	by (dtac ((temp_use leadsto_false) RS iffD1 RS (temp_use STL2_gen)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	962	by (force_tac (temp_css addsimps2 Init_defs) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	963	by (clarsimp_tac (temp_css addsimps2 [leadsto_exists,not_square]@more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	964	by (etac wf_leadsto 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	965	by (rtac (temp_use ensures_simple) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	966	by (TRYALL atac);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	967	by (auto_tac (temp_css addsimps2 [square_def,angle_def]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	968	qed "wf_not_box_decrease";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	969
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	970	(* "wf r ==> \|- <>[][ (v`, $v) : #r ]_v --> <>[][#False]_v" *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	971	bind_thm("wf_not_dmd_box_decrease",
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	972	standard(rewrite_rule more_temp_simps (wf_not_box_decrease RS DmdImpl)));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	973
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	974	(* If there are infinitely many steps where v decreases, then there
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	975	have to be infinitely many non-stuttering steps where v doesn't decrease.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	976	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	977	val [prem] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	978	"wf r ==> \|- []<>((v`, $v) : #r) --> []<><(v`, $v) ~: #r>_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	979	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	980	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	981	by (asm_full_simp_tac (simpset() addsimps not_angle::more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	982	by (dtac (prem RS (temp_use wf_not_dmd_box_decrease)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	983	by (dtac (temp_use BoxDmdDmdBox) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	984	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	985	by (subgoal_tac "sigma \|= []<>((#False)::action)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	986	by (Force_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	987	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	988	by (rtac DmdImpl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	989	by (force_tac (temp_css addIs2 [prem RS wf_irrefl]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	990	qed "wf_box_dmd_decrease";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	991
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	992	(* In particular, for natural numbers, if n decreases infinitely often
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	993	then it has to increase infinitely often.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	994	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	995	Goal "!!n::nat stfun. \|- []<>(n` < $n) --> []<>($n < n`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	996	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	997	by (subgoal_tac "sigma \|= []<><~( (n`,$n) : #less_than )>_n" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	998	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	999	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1000	by (rtac DmdImpl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1001	by (clarsimp_tac (temp_css addsimps2 [angle_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1002	by (rtac (temp_use wf_box_dmd_decrease) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1003	by (auto_tac (temp_css addSEs2 [STL4E,DmdImplE]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1004	qed "nat_box_dmd_decrease";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1005
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1006
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1007	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1008	(* Flexible quantification over state variables *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1009	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1010	section "Flexible quantification";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1011
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1012	val [prem1,prem2] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1013	"[\| basevars vs; (!!x. basevars (x,vs) ==> sigma \|= F x) \|]\
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1014	\ ==> sigma \|= (AALL x. F x)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1015	by (auto_tac (temp_css addsimps2 [aall_def] addSEs2 [eexE]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1016	addSIs2 [prem1] addSDs2 [prem2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1017	qed "aallI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1018
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1019	Goalw [aall_def] "\|- (AALL x. F x) --> F x";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1020	by (Clarsimp_tac 1);
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	1021	by (etac contrapos_np 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1022	by (force_tac (temp_css addSIs2 [eexI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1023	qed "aallE";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1024
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1025	(* monotonicity of quantification *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1026	val [min,maj] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1027	"[\| sigma \|= EEX x. F x; !!x. sigma \|= F x --> G x \|] ==> sigma \|= EEX x. G x";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1028	by (rtac (unit_base RS (min RS eexE)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1029	by (rtac (temp_use eexI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1030	by (etac ((rewrite_rule intensional_rews maj) RS mp) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1031	qed "eex_mono";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1032
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1033	val [min,maj] = goal thy
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1034	"[\| sigma \|= AALL x. F(x); !!x. sigma \|= F(x) --> G(x) \|] ==> sigma \|= AALL x. G(x)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1035	by (rtac (unit_base RS aallI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1036	by (rtac ((rewrite_rule intensional_rews maj) RS mp) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1037	by (rtac (min RS (temp_use aallE)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1038	qed "aall_mono";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1039
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1040	(* Derived history introduction rule *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1041	val [p1,p2,p3,p4,p5] = goal thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1042	"[\| sigma \|= Init I; sigma \|= []N; basevars vs; \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1043	\ (!!h. basevars(h,vs) ==> \|- I & h = ha --> HI h); \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1044	\ (!!h s t. [\| basevars(h,vs); N (s,t); h t = hb (h s) (s,t) \|] ==> HN h (s,t)) \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1045	\ \|] ==> sigma \|= EEX h. Init (HI h) & [](HN h)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1046	by (rtac ((temp_use history) RS eexE) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1047	by (rtac p3 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1048	by (rtac (temp_use eexI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1049	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1050	by (rtac conjI 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1051	by (cut_facts_tac [p2] 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1052	by (merge_box_tac 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1053	by (force_tac (temp_css addSEs2 [STL4E,p5]) 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1054	by (cut_facts_tac [p1] 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1055	by (force_tac (temp_css addsimps2 Init_defs addSEs2 [p4]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1056	qed "historyI";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1057
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1058	(* ----------------------------------------------------------------------
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1059	example of a history variable: existence of a clock
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1060
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1061	Goal "\|- EEX h. Init(h = #True) & [](h` = (~$h))";
4423 a129b817b58a expandshort; wenzelm parents: 4089 diff changeset	1062	by (rtac tempI 1);
a129b817b58a expandshort; wenzelm parents: 4089 diff changeset	1063	by (rtac historyI 1);
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1064	by (REPEAT (force_tac (temp_css addsimps2 Init_defs addIs2 [unit_base, necT]) 1));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1065	( solved )
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1066
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1067	---------------------------------------------------------------------- *)

author	berghofe
	Mon, 30 Sep 2002 16:36:57 +0200
changeset 13605	528f7489a403
parent 13187	e5434b822a96
child 15531	08c8dad8e399
permissions	-rw-r--r--