isabelle: src/ZF/UNITY/Union.thy@68da54626309 (annotated)

11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	1	(* Title: ZF/UNITY/Union.thy
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	2	ID: $Id$
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	3	Author: Sidi O Ehmety, Computer Laboratory
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	4	Copyright 2001 University of Cambridge
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	5
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	6	Unions of programs
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	7
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	8	Partly from Misra's Chapter 5: Asynchronous Compositions of Programs
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	9
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	10	Theory ported form HOL..
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	11
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	12	*)
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	13
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	14	theory Union = SubstAx + FP:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	15
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	16	declare Inter_0 [simp]
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	17
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	18	constdefs
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	19
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	20	(FIXME: conjoin Init(F) Int Init(G) \<noteq> 0 )
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	21	ok :: "[i, i] => o" (infixl "ok" 65)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	22	"F ok G == Acts(F) \<subseteq> AllowedActs(G) &
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	23	Acts(G) \<subseteq> AllowedActs(F)"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	24
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	25	(FIXME: conjoin (\<Inter>i \<in> I. Init(F(i))) \<noteq> 0 )
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	26	OK :: "[i, i=>i] => o"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	27	"OK(I,F) == (\<forall>i \<in> I. \<forall>j \<in> I-{i}. Acts(F(i)) \<subseteq> AllowedActs(F(j)))"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	28
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	29	JOIN :: "[i, i=>i] => i"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	30	"JOIN(I,F) == if I = 0 then SKIP else
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	31	mk_program(\<Inter>i \<in> I. Init(F(i)), \<Union>i \<in> I. Acts(F(i)),
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	32	\<Inter>i \<in> I. AllowedActs(F(i)))"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	33
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	34	Join :: "[i, i] => i" (infixl "Join" 65)
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	35	"F Join G == mk_program (Init(F) Int Init(G), Acts(F) Un Acts(G),
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	36	AllowedActs(F) Int AllowedActs(G))"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	37	(Characterizes safety properties. Used with specifying AllowedActs)
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	38	safety_prop :: "i => o"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	39	"safety_prop(X) == X\<subseteq>program &
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	40	SKIP \<in> X & (\<forall>G \<in> program. Acts(G) \<subseteq> (\<Union>F \<in> X. Acts(F)) --> G \<in> X)"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	41
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	42	syntax
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	43	"@JOIN1" :: "[pttrns, i] => i" ("(3JN _./ _)" 10)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	44	"@JOIN" :: "[pttrn, i, i] => i" ("(3JN _:_./ _)" 10)
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	45
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	46	translations
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	47	"JN x:A. B" == "JOIN(A, (%x. B))"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	48	"JN x y. B" == "JN x. JN y. B"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	49	"JN x. B" == "JOIN(state,(%x. B))"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	50
12195 ed2893765a08 * empty log message * ehmety parents: 12114 diff changeset	51	syntax (symbols)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	52	SKIP :: i ("\<bottom>")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	53	Join :: "[i, i] => i" (infixl "\<squnion>" 65)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	54	"@JOIN1" :: "[pttrns, i] => i" ("(3\<Squnion> _./ _)" 10)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	55	"@JOIN" :: "[pttrn, i, i] => i" ("(3\<Squnion> _ \<in> _./ _)" 10)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	56
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	57
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	58	subsection{SKIP}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	59
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	60	lemma reachable_SKIP [simp]: "reachable(SKIP) = state"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	61	by (force elim: reachable.induct intro: reachable.intros)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	62
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	63	text{Elimination programify from ok and Join}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	64
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	65	lemma ok_programify_left [iff]: "programify(F) ok G <-> F ok G"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	66	by (simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	67
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	68	lemma ok_programify_right [iff]: "F ok programify(G) <-> F ok G"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	69	by (simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	70
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	71	lemma Join_programify_left [simp]: "programify(F) Join G = F Join G"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	72	by (simp add: Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	73
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	74	lemma Join_programify_right [simp]: "F Join programify(G) = F Join G"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	75	by (simp add: Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	76
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	77	subsection{SKIP and safety properties}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	78
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	79	lemma SKIP_in_constrains_iff [iff]: "(SKIP \<in> A co B) <-> (A\<subseteq>B & st_set(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	80	by (unfold constrains_def st_set_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	81
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	82	lemma SKIP_in_Constrains_iff [iff]: "(SKIP \<in> A Co B)<-> (state Int A\<subseteq>B)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	83	by (unfold Constrains_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	84
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	85	lemma SKIP_in_stable [iff]: "SKIP \<in> stable(A) <-> st_set(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	86	by (auto simp add: stable_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	87
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	88	lemma SKIP_in_Stable [iff]: "SKIP \<in> Stable(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	89	by (unfold Stable_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	90
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	91	subsection{Join and JOIN types}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	92
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	93	lemma Join_in_program [iff,TC]: "F Join G \<in> program"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	94	by (unfold Join_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	95
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	96	lemma JOIN_in_program [iff,TC]: "JOIN(I,F) \<in> program"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	97	by (unfold JOIN_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	98
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	99	subsection{Init, Acts, and AllowedActs of Join and JOIN}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	100	lemma Init_Join [simp]: "Init(F Join G) = Init(F) Int Init(G)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	101	by (simp add: Int_assoc Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	102
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	103	lemma Acts_Join [simp]: "Acts(F Join G) = Acts(F) Un Acts(G)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	104	by (simp add: Int_Un_distrib2 cons_absorb Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	105
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	106	lemma AllowedActs_Join [simp]: "AllowedActs(F Join G) =
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	107	AllowedActs(F) Int AllowedActs(G)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	108	apply (simp add: Int_assoc cons_absorb Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	109	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	110
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	111	subsection{Join's algebraic laws}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	112
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	113	lemma Join_commute: "F Join G = G Join F"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	114	by (simp add: Join_def Un_commute Int_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	115
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	116	lemma Join_left_commute: "A Join (B Join C) = B Join (A Join C)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	117	apply (simp add: Join_def Int_Un_distrib2 cons_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	118	apply (simp add: Un_ac Int_ac Int_Un_distrib2 cons_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	119	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	120
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	121	lemma Join_assoc: "(F Join G) Join H = F Join (G Join H)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	122	by (simp add: Un_ac Join_def cons_absorb Int_assoc Int_Un_distrib2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	123
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	124	subsection{Needed below}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	125	lemma cons_id [simp]: "cons(id(state), Pow(state * state)) = Pow(state*state)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	126	by auto
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	127
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	128	lemma Join_SKIP_left [simp]: "SKIP Join F = programify(F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	129	apply (unfold Join_def SKIP_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	130	apply (auto simp add: Int_absorb cons_eq)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	131	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	132
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	133	lemma Join_SKIP_right [simp]: "F Join SKIP = programify(F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	134	apply (subst Join_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	135	apply (simp add: Join_SKIP_left)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	136	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	137
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	138	lemma Join_absorb [simp]: "F Join F = programify(F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	139	by (rule program_equalityI, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	140
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	141	lemma Join_left_absorb: "F Join (F Join G) = F Join G"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	142	by (simp add: Join_assoc [symmetric])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	143
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	144	subsection{Join is an AC-operator}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	145	lemmas Join_ac = Join_assoc Join_left_absorb Join_commute Join_left_commute
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	146
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	147	subsection{Eliminating programify form JN and OK expressions}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	148
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	149	lemma OK_programify [iff]: "OK(I, %x. programify(F(x))) <-> OK(I, F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	150	by (simp add: OK_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	151
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	152	lemma JN_programify [iff]: "JOIN(I, %x. programify(F(x))) = JOIN(I, F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	153	by (simp add: JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	154
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	155
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	156	subsection{JN}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	157
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	158	lemma JN_empty [simp]: "JOIN(0, F) = SKIP"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	159	by (unfold JOIN_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	160
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	161	lemma Init_JN [simp]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	162	"Init(\<Squnion>i \<in> I. F(i)) = (if I=0 then state else (\<Inter>i \<in> I. Init(F(i))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	163	apply (simp add: JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	164	apply (auto elim!: not_emptyE simp add: INT_extend_simps simp del: INT_simps)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	165	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	166
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	167	lemma Acts_JN [simp]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	168	"Acts(JOIN(I,F)) = cons(id(state), \<Union>i \<in> I. Acts(F(i)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	169	apply (unfold JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	170	apply (auto simp del: INT_simps UN_simps)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	171	apply (rule equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	172	apply (auto dest: Acts_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	173	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	174
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	175	lemma AllowedActs_JN [simp]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	176	"AllowedActs(\<Squnion>i \<in> I. F(i)) =
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	177	(if I=0 then Pow(state*state) else (\<Inter>i \<in> I. AllowedActs(F(i))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	178	apply (unfold JOIN_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	179	apply (rule equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	180	apply (auto elim!: not_emptyE dest: AllowedActs_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	181	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	182
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	183	lemma JN_cons [simp]: "(\<Squnion>i \<in> cons(a,I). F(i)) = F(a) Join (\<Squnion>i \<in> I. F(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	184	by (rule program_equalityI, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	185
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	186	lemma JN_cong [cong]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	187	"[\| I=J; !!i. i \<in> J ==> F(i) = G(i) \|] ==>
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	188	(\<Squnion>i \<in> I. F(i)) = (\<Squnion>i \<in> J. G(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	189	by (simp add: JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	190
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	191
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	192
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	193	subsection{JN laws}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	194	lemma JN_absorb: "k \<in> I ==>F(k) Join (\<Squnion>i \<in> I. F(i)) = (\<Squnion>i \<in> I. F(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	195	apply (subst JN_cons [symmetric])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	196	apply (auto simp add: cons_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	197	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	198
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	199	lemma JN_Un: "(\<Squnion>i \<in> I Un J. F(i)) = ((\<Squnion>i \<in> I. F(i)) Join (\<Squnion>i \<in> J. F(i)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	200	apply (rule program_equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	201	apply (simp_all add: UN_Un INT_Un)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	202	apply (simp_all del: INT_simps add: INT_extend_simps, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	203	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	204
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	205	lemma JN_constant: "(\<Squnion>i \<in> I. c) = (if I=0 then SKIP else programify(c))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	206	by (rule program_equalityI, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	207
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	208	lemma JN_Join_distrib:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	209	"(\<Squnion>i \<in> I. F(i) Join G(i)) = (\<Squnion>i \<in> I. F(i)) Join (\<Squnion>i \<in> I. G(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	210	apply (rule program_equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	211	apply (simp_all add: Int_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	212	apply (safe elim!: not_emptyE)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	213	apply (simp_all add: INT_Int_distrib Int_absorb, force)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	214	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	215
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	216	lemma JN_Join_miniscope: "(\<Squnion>i \<in> I. F(i) Join G) = ((\<Squnion>i \<in> I. F(i) Join G))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	217	by (simp add: JN_Join_distrib JN_constant)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	218
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	219	text{Used to prove guarantees_JN_I}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	220	lemma JN_Join_diff: "i \<in> I==>F(i) Join JOIN(I - {i}, F) = JOIN(I, F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	221	apply (rule program_equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	222	apply (auto elim!: not_emptyE)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	223	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	224
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	225	subsection{Safety: co, stable, FP}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	226
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	227
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	228	(*Fails if I=0 because it collapses to SKIP \<in> A co B, i.e. to A\<subseteq>B. So an
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	229	alternative precondition is A\<subseteq>B, but most proofs using this rule require
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	230	I to be nonempty for other reasons anyway.*)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	231
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	232	lemma JN_constrains:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	233	"i \<in> I==>(\<Squnion>i \<in> I. F(i)) \<in> A co B <-> (\<forall>i \<in> I. programify(F(i)) \<in> A co B)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	234
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	235	apply (unfold constrains_def JOIN_def st_set_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	236	prefer 2 apply blast
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	237	apply (rename_tac j act y z)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	238	apply (cut_tac F = "F (j) " in Acts_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	239	apply (drule_tac x = act in bspec, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	240	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	241
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	242	lemma Join_constrains [iff]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	243	"(F Join G \<in> A co B) <-> (programify(F) \<in> A co B & programify(G) \<in> A co B)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	244	by (auto simp add: constrains_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	245
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	246	lemma Join_unless [iff]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	247	"(F Join G \<in> A unless B) <->
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	248	(programify(F) \<in> A unless B & programify(G) \<in> A unless B)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	249	by (simp add: Join_constrains unless_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	250
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	251
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	252	(*Analogous weak versions FAIL; see Misra [1994] 5.4.1, Substitution Axiom.
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	253	reachable (F Join G) could be much bigger than reachable F, reachable G
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	254	*)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	255
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	256	lemma Join_constrains_weaken:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	257	"[\| F \<in> A co A'; G \<in> B co B' \|]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	258	==> F Join G \<in> (A Int B) co (A' Un B')"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	259	apply (subgoal_tac "st_set (A) & st_set (B) & F \<in> program & G \<in> program")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	260	prefer 2 apply (blast dest: constrainsD2, simp)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	261	apply (blast intro: constrains_weaken)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	262	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	263
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	264	(If I=0, it degenerates to SKIP \<in> state co 0, which is false.)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	265	lemma JN_constrains_weaken:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	266	assumes major: "(!!i. i \<in> I ==> F(i) \<in> A(i) co A'(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	267	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	268	shows "(\<Squnion>i \<in> I. F(i)) \<in> (\<Inter>i \<in> I. A(i)) co (\<Union>i \<in> I. A'(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	269	apply (cut_tac minor)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	270	apply (simp (no_asm_simp) add: JN_constrains)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	271	apply clarify
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	272	apply (rename_tac "j")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	273	apply (frule_tac i = j in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	274	apply (frule constrainsD2, simp)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	275	apply (blast intro: constrains_weaken)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	276	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	277
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	278	lemma JN_stable:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	279	"(\<Squnion>i \<in> I. F(i)) \<in> stable(A) <-> ((\<forall>i \<in> I. programify(F(i)) \<in> stable(A)) & st_set(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	280	apply (auto simp add: stable_def constrains_def JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	281	apply (cut_tac F = "F (i) " in Acts_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	282	apply (drule_tac x = act in bspec, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	283	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	284
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	285	lemma initially_JN_I:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	286	assumes major: "(!!i. i \<in> I ==>F(i) \<in> initially(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	287	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	288	shows "(\<Squnion>i \<in> I. F(i)) \<in> initially(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	289	apply (cut_tac minor)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	290	apply (auto elim!: not_emptyE simp add: Inter_iff initially_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	291	apply (frule_tac i = x in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	292	apply (auto simp add: initially_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	293	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	294
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	295	lemma invariant_JN_I:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	296	assumes major: "(!!i. i \<in> I ==> F(i) \<in> invariant(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	297	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	298	shows "(\<Squnion>i \<in> I. F(i)) \<in> invariant(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	299	apply (cut_tac minor)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	300	apply (auto intro!: initially_JN_I dest: major simp add: invariant_def JN_stable)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	301	apply (erule_tac V = "i \<in> I" in thin_rl)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	302	apply (frule major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	303	apply (drule_tac [2] major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	304	apply (auto simp add: invariant_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	305	apply (frule stableD2, force)+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	306	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	307
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	308	lemma Join_stable [iff]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	309	" (F Join G \<in> stable(A)) <->
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	310	(programify(F) \<in> stable(A) & programify(G) \<in> stable(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	311	by (simp add: stable_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	312
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	313	lemma initially_JoinI [intro!]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	314	"[\| F \<in> initially(A); G \<in> initially(A) \|] ==> F Join G \<in> initially(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	315	by (unfold initially_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	316
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	317	lemma invariant_JoinI:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	318	"[\| F \<in> invariant(A); G \<in> invariant(A) \|]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	319	==> F Join G \<in> invariant(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	320	apply (subgoal_tac "F \<in> program&G \<in> program")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	321	prefer 2 apply (blast dest: invariantD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	322	apply (simp add: invariant_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	323	apply (auto intro: Join_in_program)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	324	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	325
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	326
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	327	(* Fails if I=0 because \<Inter>i \<in> 0. A(i) = 0 *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	328	lemma FP_JN: "i \<in> I ==> FP(\<Squnion>i \<in> I. F(i)) = (\<Inter>i \<in> I. FP (programify(F(i))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	329	by (auto simp add: FP_def Inter_def st_set_def JN_stable)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	330
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	331	subsection{Progress: transient, ensures}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	332
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	333	lemma JN_transient:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	334	"i \<in> I ==>
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	335	(\<Squnion>i \<in> I. F(i)) \<in> transient(A) <-> (\<exists>i \<in> I. programify(F(i)) \<in> transient(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	336	apply (auto simp add: transient_def JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	337	apply (unfold st_set_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	338	apply (drule_tac [2] x = act in bspec)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	339	apply (auto dest: Acts_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	340	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	341
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	342	lemma Join_transient [iff]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	343	"F Join G \<in> transient(A) <->
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	344	(programify(F) \<in> transient(A) \| programify(G) \<in> transient(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	345	apply (auto simp add: transient_def Join_def Int_Un_distrib2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	346	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	347
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	348	lemma Join_transient_I1: "F \<in> transient(A) ==> F Join G \<in> transient(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	349	by (simp add: Join_transient transientD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	350
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	351
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	352	lemma Join_transient_I2: "G \<in> transient(A) ==> F Join G \<in> transient(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	353	by (simp add: Join_transient transientD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	354
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	355	(If I=0 it degenerates to (SKIP \<in> A ensures B) = False, i.e. to ~(A\<subseteq>B) )
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	356	lemma JN_ensures:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	357	"i \<in> I ==>
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	358	(\<Squnion>i \<in> I. F(i)) \<in> A ensures B <->
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	359	((\<forall>i \<in> I. programify(F(i)) \<in> (A-B) co (A Un B)) &
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	360	(\<exists>i \<in> I. programify(F(i)) \<in> A ensures B))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	361	by (auto simp add: ensures_def JN_constrains JN_transient)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	362
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	363
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	364	lemma Join_ensures:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	365	"F Join G \<in> A ensures B <->
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	366	(programify(F) \<in> (A-B) co (A Un B) & programify(G) \<in> (A-B) co (A Un B) &
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	367	(programify(F) \<in> transient (A-B) \| programify(G) \<in> transient (A-B)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	368
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	369	apply (unfold ensures_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	370	apply (auto simp add: Join_transient)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	371	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	372
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	373	lemma stable_Join_constrains:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	374	"[\| F \<in> stable(A); G \<in> A co A' \|]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	375	==> F Join G \<in> A co A'"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	376	apply (unfold stable_def constrains_def Join_def st_set_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	377	apply (cut_tac F = F in Acts_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	378	apply (cut_tac F = G in Acts_type, force)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	379	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	380
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	381	(*Premise for G cannot use Always because F \<in> Stable A is
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	382	weaker than G \<in> stable A *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	383	lemma stable_Join_Always1:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	384	"[\| F \<in> stable(A); G \<in> invariant(A) \|] ==> F Join G \<in> Always(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	385	apply (subgoal_tac "F \<in> program & G \<in> program & st_set (A) ")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	386	prefer 2 apply (blast dest: invariantD2 stableD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	387	apply (simp add: Always_def invariant_def initially_def Stable_eq_stable)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	388	apply (force intro: stable_Int)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	389	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	390
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	391	(As above, but exchanging the roles of F and G)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	392	lemma stable_Join_Always2:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	393	"[\| F \<in> invariant(A); G \<in> stable(A) \|] ==> F Join G \<in> Always(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	394	apply (subst Join_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	395	apply (blast intro: stable_Join_Always1)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	396	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	397
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	398
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	399
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	400	lemma stable_Join_ensures1:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	401	"[\| F \<in> stable(A); G \<in> A ensures B \|] ==> F Join G \<in> A ensures B"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	402	apply (subgoal_tac "F \<in> program & G \<in> program & st_set (A) ")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	403	prefer 2 apply (blast dest: stableD2 ensures_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	404	apply (simp (no_asm_simp) add: Join_ensures)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	405	apply (simp add: stable_def ensures_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	406	apply (erule constrains_weaken, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	407	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	408
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	409
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	410	(As above, but exchanging the roles of F and G)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	411	lemma stable_Join_ensures2:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	412	"[\| F \<in> A ensures B; G \<in> stable(A) \|] ==> F Join G \<in> A ensures B"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	413	apply (subst Join_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	414	apply (blast intro: stable_Join_ensures1)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	415	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	416
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	417	subsection{The ok and OK relations}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	418
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	419	lemma ok_SKIP1 [iff]: "SKIP ok F"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	420	by (auto dest: Acts_type [THEN subsetD] simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	421
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	422	lemma ok_SKIP2 [iff]: "F ok SKIP"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	423	by (auto dest: Acts_type [THEN subsetD] simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	424
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	425	lemma ok_Join_commute:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	426	"(F ok G & (F Join G) ok H) <-> (G ok H & F ok (G Join H))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	427	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	428
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	429	lemma ok_commute: "(F ok G) <->(G ok F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	430	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	431
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	432	lemmas ok_sym = ok_commute [THEN iffD1, standard]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	433
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	434	lemma ok_iff_OK: "OK({<0,F>,<1,G>,<2,H>}, snd) <-> (F ok G & (F Join G) ok H)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	435	by (simp add: ok_def Join_def OK_def Int_assoc cons_absorb
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	436	Int_Un_distrib2 Ball_def, safe, force+)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	437
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	438	lemma ok_Join_iff1 [iff]: "F ok (G Join H) <-> (F ok G & F ok H)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	439	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	440
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	441	lemma ok_Join_iff2 [iff]: "(G Join H) ok F <-> (G ok F & H ok F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	442	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	443
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	444	(useful? Not with the previous two around)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	445	lemma ok_Join_commute_I: "[\| F ok G; (F Join G) ok H \|] ==> F ok (G Join H)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	446	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	447
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	448	lemma ok_JN_iff1 [iff]: "F ok JOIN(I,G) <-> (\<forall>i \<in> I. F ok G(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	449	by (force dest: Acts_type [THEN subsetD] elim!: not_emptyE simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	450
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	451	lemma ok_JN_iff2 [iff]: "JOIN(I,G) ok F <-> (\<forall>i \<in> I. G(i) ok F)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	452	apply (auto elim!: not_emptyE simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	453	apply (blast dest: Acts_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	454	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	455
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	456	lemma OK_iff_ok: "OK(I,F) <-> (\<forall>i \<in> I. \<forall>j \<in> I-{i}. F(i) ok (F(j)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	457	by (auto simp add: ok_def OK_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	458
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	459	lemma OK_imp_ok: "[\| OK(I,F); i \<in> I; j \<in> I; i\<noteq>j\|] ==> F(i) ok F(j)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	460	by (auto simp add: OK_iff_ok)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	461
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	462
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	463	subsection{Allowed}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	464
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	465	lemma Allowed_SKIP [simp]: "Allowed(SKIP) = program"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	466	by (auto dest: Acts_type [THEN subsetD] simp add: Allowed_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	467
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	468	lemma Allowed_Join [simp]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	469	"Allowed(F Join G) =
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	470	Allowed(programify(F)) Int Allowed(programify(G))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	471	apply (auto simp add: Allowed_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	472	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	473
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	474	lemma Allowed_JN [simp]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	475	"i \<in> I ==>
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	476	Allowed(JOIN(I,F)) = (\<Inter>i \<in> I. Allowed(programify(F(i))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	477	apply (auto simp add: Allowed_def, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	478	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	479
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	480	lemma ok_iff_Allowed:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	481	"F ok G <-> (programify(F) \<in> Allowed(programify(G)) &
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	482	programify(G) \<in> Allowed(programify(F)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	483	by (simp add: ok_def Allowed_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	484
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	485
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	486	lemma OK_iff_Allowed:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	487	"OK(I,F) <->
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	488	(\<forall>i \<in> I. \<forall>j \<in> I-{i}. programify(F(i)) \<in> Allowed(programify(F(j))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	489	apply (auto simp add: OK_iff_ok ok_iff_Allowed)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	490	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	491
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	492	subsection{safety_prop, for reasoning about given instances of "ok"}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	493
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	494	lemma safety_prop_Acts_iff:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	495	"safety_prop(X) ==> (Acts(G) \<subseteq> cons(id(state), (\<Union>F \<in> X. Acts(F)))) <-> (programify(G) \<in> X)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	496	apply (simp (no_asm_use) add: safety_prop_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	497	apply clarify
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	498	apply (case_tac "G \<in> program", simp_all, blast, safe)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	499	prefer 2 apply force
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	500	apply (force simp add: programify_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	501	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	502
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	503	lemma safety_prop_AllowedActs_iff_Allowed:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	504	"safety_prop(X) ==>
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	505	(\<Union>G \<in> X. Acts(G)) \<subseteq> AllowedActs(F) <-> (X \<subseteq> Allowed(programify(F)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	506	apply (simp add: Allowed_def safety_prop_Acts_iff [THEN iff_sym]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	507	safety_prop_def, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	508	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	509
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	510
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	511	lemma Allowed_eq:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	512	"safety_prop(X) ==> Allowed(mk_program(init, acts, \<Union>F \<in> X. Acts(F))) = X"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	513	apply (subgoal_tac "cons (id (state), Union (RepFun (X, Acts)) Int Pow (state * state)) = Union (RepFun (X, Acts))")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	514	apply (rule_tac [2] equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	515	apply (simp del: UN_simps add: Allowed_def safety_prop_Acts_iff safety_prop_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	516	apply (force dest: Acts_type [THEN subsetD] simp add: safety_prop_def)+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	517	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	518
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	519	lemma def_prg_Allowed:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	520	"[\| F == mk_program (init, acts, \<Union>F \<in> X. Acts(F)); safety_prop(X) \|]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	521	==> Allowed(F) = X"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	522	by (simp add: Allowed_eq)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	523
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	524	(For safety_prop to hold, the property must be satisfiable!)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	525	lemma safety_prop_constrains [iff]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	526	"safety_prop(A co B) <-> (A \<subseteq> B & st_set(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	527	by (simp add: safety_prop_def constrains_def st_set_def, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	528
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	529	(* To be used with resolution *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	530	lemma safety_prop_constrainsI [iff]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	531	"[\| A\<subseteq>B; st_set(A) \|] ==>safety_prop(A co B)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	532	by auto
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	533
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	534	lemma safety_prop_stable [iff]: "safety_prop(stable(A)) <-> st_set(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	535	by (simp add: stable_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	536
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	537	lemma safety_prop_stableI: "st_set(A) ==> safety_prop(stable(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	538	by auto
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	539
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	540	lemma safety_prop_Int [simp]:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	541	"[\| safety_prop(X) ; safety_prop(Y) \|] ==> safety_prop(X Int Y)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	542	apply (simp add: safety_prop_def, safe, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	543	apply (drule_tac [2] B = "Union (RepFun (X Int Y, Acts))" and C = "Union (RepFun (Y, Acts))" in subset_trans)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	544	apply (drule_tac B = "Union (RepFun (X Int Y, Acts))" and C = "Union (RepFun (X, Acts))" in subset_trans)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	545	apply blast+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	546	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	547
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	548	(* If I=0 the conclusion becomes safety_prop(0) which is false *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	549	lemma safety_prop_Inter:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	550	assumes major: "(!!i. i \<in> I ==>safety_prop(X(i)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	551	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	552	shows "safety_prop(\<Inter>i \<in> I. X(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	553	apply (simp add: safety_prop_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	554	apply (cut_tac minor, safe)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	555	apply (simp (no_asm_use) add: Inter_iff)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	556	apply clarify
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	557	apply (frule major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	558	apply (drule_tac [2] i = xa in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	559	apply (frule_tac [4] i = xa in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	560	apply (auto simp add: safety_prop_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	561	apply (drule_tac B = "Union (RepFun (Inter (RepFun (I, X)), Acts))" and C = "Union (RepFun (X (xa), Acts))" in subset_trans)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	562	apply blast+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	563	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	564
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	565	lemma def_UNION_ok_iff:
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	566	"[\| F == mk_program(init,acts, \<Union>G \<in> X. Acts(G)); safety_prop(X) \|]
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	567	==> F ok G <-> (programify(G) \<in> X & acts Int Pow(state*state) \<subseteq> AllowedActs(G))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	568	apply (unfold ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	569	apply (drule_tac G = G in safety_prop_Acts_iff)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	570	apply (cut_tac F = G in AllowedActs_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	571	apply (cut_tac F = G in Acts_type, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	572	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	573
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	574
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	575	ML
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	576	{*
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	577	val safety_prop_def = thm "safety_prop_def";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	578
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	579	val reachable_SKIP = thm "reachable_SKIP";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	580	val ok_programify_left = thm "ok_programify_left";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	581	val ok_programify_right = thm "ok_programify_right";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	582	val Join_programify_left = thm "Join_programify_left";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	583	val Join_programify_right = thm "Join_programify_right";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	584	val SKIP_in_constrains_iff = thm "SKIP_in_constrains_iff";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	585	val SKIP_in_Constrains_iff = thm "SKIP_in_Constrains_iff";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	586	val SKIP_in_stable = thm "SKIP_in_stable";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	587	val SKIP_in_Stable = thm "SKIP_in_Stable";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	588	val Join_in_program = thm "Join_in_program";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	589	val JOIN_in_program = thm "JOIN_in_program";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	590	val Init_Join = thm "Init_Join";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	591	val Acts_Join = thm "Acts_Join";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	592	val AllowedActs_Join = thm "AllowedActs_Join";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	593	val Join_commute = thm "Join_commute";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	594	val Join_left_commute = thm "Join_left_commute";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	595	val Join_assoc = thm "Join_assoc";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	596	val cons_id = thm "cons_id";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	597	val Join_SKIP_left = thm "Join_SKIP_left";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	598	val Join_SKIP_right = thm "Join_SKIP_right";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	599	val Join_absorb = thm "Join_absorb";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	600	val Join_left_absorb = thm "Join_left_absorb";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	601	val OK_programify = thm "OK_programify";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	602	val JN_programify = thm "JN_programify";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	603	val JN_empty = thm "JN_empty";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	604	val Init_JN = thm "Init_JN";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	605	val Acts_JN = thm "Acts_JN";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	606	val AllowedActs_JN = thm "AllowedActs_JN";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	607	val JN_cons = thm "JN_cons";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	608	val JN_cong = thm "JN_cong";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	609	val JN_absorb = thm "JN_absorb";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	610	val JN_Un = thm "JN_Un";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	611	val JN_constant = thm "JN_constant";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	612	val JN_Join_distrib = thm "JN_Join_distrib";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	613	val JN_Join_miniscope = thm "JN_Join_miniscope";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	614	val JN_Join_diff = thm "JN_Join_diff";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	615	val JN_constrains = thm "JN_constrains";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	616	val Join_constrains = thm "Join_constrains";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	617	val Join_unless = thm "Join_unless";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	618	val Join_constrains_weaken = thm "Join_constrains_weaken";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	619	val JN_constrains_weaken = thm "JN_constrains_weaken";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	620	val JN_stable = thm "JN_stable";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	621	val initially_JN_I = thm "initially_JN_I";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	622	val invariant_JN_I = thm "invariant_JN_I";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	623	val Join_stable = thm "Join_stable";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	624	val initially_JoinI = thm "initially_JoinI";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	625	val invariant_JoinI = thm "invariant_JoinI";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	626	val FP_JN = thm "FP_JN";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	627	val JN_transient = thm "JN_transient";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	628	val Join_transient = thm "Join_transient";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	629	val Join_transient_I1 = thm "Join_transient_I1";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	630	val Join_transient_I2 = thm "Join_transient_I2";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	631	val JN_ensures = thm "JN_ensures";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	632	val Join_ensures = thm "Join_ensures";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	633	val stable_Join_constrains = thm "stable_Join_constrains";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	634	val stable_Join_Always1 = thm "stable_Join_Always1";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	635	val stable_Join_Always2 = thm "stable_Join_Always2";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	636	val stable_Join_ensures1 = thm "stable_Join_ensures1";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	637	val stable_Join_ensures2 = thm "stable_Join_ensures2";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	638	val ok_SKIP1 = thm "ok_SKIP1";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	639	val ok_SKIP2 = thm "ok_SKIP2";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	640	val ok_Join_commute = thm "ok_Join_commute";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	641	val ok_commute = thm "ok_commute";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	642	val ok_sym = thm "ok_sym";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	643	val ok_iff_OK = thm "ok_iff_OK";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	644	val ok_Join_iff1 = thm "ok_Join_iff1";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	645	val ok_Join_iff2 = thm "ok_Join_iff2";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	646	val ok_Join_commute_I = thm "ok_Join_commute_I";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	647	val ok_JN_iff1 = thm "ok_JN_iff1";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	648	val ok_JN_iff2 = thm "ok_JN_iff2";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	649	val OK_iff_ok = thm "OK_iff_ok";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	650	val OK_imp_ok = thm "OK_imp_ok";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	651	val Allowed_SKIP = thm "Allowed_SKIP";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	652	val Allowed_Join = thm "Allowed_Join";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	653	val Allowed_JN = thm "Allowed_JN";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	654	val ok_iff_Allowed = thm "ok_iff_Allowed";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	655	val OK_iff_Allowed = thm "OK_iff_Allowed";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	656	val safety_prop_Acts_iff = thm "safety_prop_Acts_iff";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	657	val safety_prop_AllowedActs_iff_Allowed = thm "safety_prop_AllowedActs_iff_Allowed";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	658	val Allowed_eq = thm "Allowed_eq";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	659	val def_prg_Allowed = thm "def_prg_Allowed";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	660	val safety_prop_constrains = thm "safety_prop_constrains";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	661	val safety_prop_constrainsI = thm "safety_prop_constrainsI";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	662	val safety_prop_stable = thm "safety_prop_stable";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	663	val safety_prop_stableI = thm "safety_prop_stableI";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	664	val safety_prop_Int = thm "safety_prop_Int";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	665	val safety_prop_Inter = thm "safety_prop_Inter";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	666	val def_UNION_ok_iff = thm "def_UNION_ok_iff";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	667
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	668	val Join_ac = thms "Join_ac";
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	669	*}
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	670
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	671
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	672	end

author	paulson
	Tue, 08 Jul 2003 11:44:30 +0200
changeset 14092	68da54626309
parent 12195	ed2893765a08
child 14093	24382760fd89
permissions	-rw-r--r--