isabelle: doc-src/TutorialI/Overview/LNCS/Sets.thy@7dee3396d8b0 (annotated)

13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	1	(<)theory Sets = Main:(>)
bbfc360db011 * empty log message * nipkow parents: diff changeset	2
bbfc360db011 * empty log message * nipkow parents: diff changeset	3	section{Sets, Functions and Relations}
bbfc360db011 * empty log message * nipkow parents: diff changeset	4
bbfc360db011 * empty log message * nipkow parents: diff changeset	5	subsection{Set Notation}
bbfc360db011 * empty log message * nipkow parents: diff changeset	6
bbfc360db011 * empty log message * nipkow parents: diff changeset	7	text{*
bbfc360db011 * empty log message * nipkow parents: diff changeset	8	\begin{center}
bbfc360db011 * empty log message * nipkow parents: diff changeset	9	\begin{tabular}{ccc}
bbfc360db011 * empty log message * nipkow parents: diff changeset	10	@{term "A \<union> B"} & @{term "A \<inter> B"} & @{term "A - B"} \\
bbfc360db011 * empty log message * nipkow parents: diff changeset	11	@{term "a \<in> A"} & @{term "b \<notin> A"} \\
bbfc360db011 * empty log message * nipkow parents: diff changeset	12	@{term "{a,b}"} & @{text "{x. P x}"} \\
bbfc360db011 * empty log message * nipkow parents: diff changeset	13	@{term "\<Union> M"} & @{text "\<Union>a \<in> A. F a"}
bbfc360db011 * empty log message * nipkow parents: diff changeset	14	\end{tabular}
bbfc360db011 * empty log message * nipkow parents: diff changeset	15	\end{center}*}
bbfc360db011 * empty log message * nipkow parents: diff changeset	16	(<)term "A \<union> B" term "A \<inter> B" term "A - B"
bbfc360db011 * empty log message * nipkow parents: diff changeset	17	term "a \<in> A" term "b \<notin> A"
bbfc360db011 * empty log message * nipkow parents: diff changeset	18	term "{a,b}" term "{x. P x}"
bbfc360db011 * empty log message * nipkow parents: diff changeset	19	term "\<Union> M" term "\<Union>a \<in> A. F a"(>)
bbfc360db011 * empty log message * nipkow parents: diff changeset	20
13489 79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	21
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	22	subsection{Some Functions}
bbfc360db011 * empty log message * nipkow parents: diff changeset	23
bbfc360db011 * empty log message * nipkow parents: diff changeset	24	text{*
bbfc360db011 * empty log message * nipkow parents: diff changeset	25	\begin{tabular}{l}
bbfc360db011 * empty log message * nipkow parents: diff changeset	26	@{thm id_def}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	27	@{thm o_def[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	28	@{thm image_def[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	29	@{thm vimage_def[no_vars]}
bbfc360db011 * empty log message * nipkow parents: diff changeset	30	\end{tabular}*}
bbfc360db011 * empty log message * nipkow parents: diff changeset	31	(<)thm id_def o_def[no_vars] image_def[no_vars] vimage_def[no_vars](>)
bbfc360db011 * empty log message * nipkow parents: diff changeset	32
13489 79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	33
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	34	subsection{Some Relations}
bbfc360db011 * empty log message * nipkow parents: diff changeset	35
bbfc360db011 * empty log message * nipkow parents: diff changeset	36	text{*
bbfc360db011 * empty log message * nipkow parents: diff changeset	37	\begin{tabular}{l}
bbfc360db011 * empty log message * nipkow parents: diff changeset	38	@{thm Id_def}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	39	@{thm converse_def[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	40	@{thm Image_def[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	41	@{thm rtrancl_refl[no_vars]}\\
14138 ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	42	@{thm rtrancl_into_rtrancl[no_vars]}
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	43	\end{tabular}*}
bbfc360db011 * empty log message * nipkow parents: diff changeset	44	(<)thm Id_def
14138 ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	45	thm converse_def[no_vars] Image_def[no_vars]
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	46	thm relpow.simps[no_vars]
14138 ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	47	thm rtrancl.intros[no_vars](>)
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	48
13489 79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	49
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	50	subsection{Wellfoundedness}
bbfc360db011 * empty log message * nipkow parents: diff changeset	51
bbfc360db011 * empty log message * nipkow parents: diff changeset	52	text{*
bbfc360db011 * empty log message * nipkow parents: diff changeset	53	\begin{tabular}{l}
bbfc360db011 * empty log message * nipkow parents: diff changeset	54	@{thm wf_def[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	55	@{thm wf_iff_no_infinite_down_chain[no_vars]}
bbfc360db011 * empty log message * nipkow parents: diff changeset	56	\end{tabular}*}
bbfc360db011 * empty log message * nipkow parents: diff changeset	57	(<)thm wf_def[no_vars]
bbfc360db011 * empty log message * nipkow parents: diff changeset	58	thm wf_iff_no_infinite_down_chain[no_vars](>)
bbfc360db011 * empty log message * nipkow parents: diff changeset	59
13489 79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	60
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	61	subsection{Fixed Point Operators}
bbfc360db011 * empty log message * nipkow parents: diff changeset	62
bbfc360db011 * empty log message * nipkow parents: diff changeset	63	text{*
bbfc360db011 * empty log message * nipkow parents: diff changeset	64	\begin{tabular}{l}
bbfc360db011 * empty log message * nipkow parents: diff changeset	65	@{thm lfp_def[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	66	@{thm lfp_unfold[no_vars]}\\
bbfc360db011 * empty log message * nipkow parents: diff changeset	67	@{thm lfp_induct[no_vars]}
bbfc360db011 * empty log message * nipkow parents: diff changeset	68	\end{tabular}*}
14138 ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	69	(<)thm lfp_def[no_vars] gfp_def[no_vars]
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	70	thm lfp_unfold[no_vars]
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	71	thm lfp_induct[no_vars](>)
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	72
13489 79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	73
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	74	subsection{Case Study: Verified Model Checking}
bbfc360db011 * empty log message * nipkow parents: diff changeset	75
bbfc360db011 * empty log message * nipkow parents: diff changeset	76	typedecl state
bbfc360db011 * empty log message * nipkow parents: diff changeset	77
bbfc360db011 * empty log message * nipkow parents: diff changeset	78	consts M :: "(state \<times> state)set"
bbfc360db011 * empty log message * nipkow parents: diff changeset	79
bbfc360db011 * empty log message * nipkow parents: diff changeset	80	typedecl atom
bbfc360db011 * empty log message * nipkow parents: diff changeset	81
bbfc360db011 * empty log message * nipkow parents: diff changeset	82	consts L :: "state \<Rightarrow> atom set"
bbfc360db011 * empty log message * nipkow parents: diff changeset	83
bbfc360db011 * empty log message * nipkow parents: diff changeset	84	datatype formula = Atom atom
13489 79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	85	\| Neg formula
79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	86	\| And formula formula
79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	87	\| AX formula
79d117a158bd * empty log message * nipkow parents: 13262 diff changeset	88	\| EF formula
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	89
bbfc360db011 * empty log message * nipkow parents: diff changeset	90	consts valid :: "state \<Rightarrow> formula \<Rightarrow> bool" ("(_ \<Turnstile> _)" [80,80] 80)
bbfc360db011 * empty log message * nipkow parents: diff changeset	91
bbfc360db011 * empty log message * nipkow parents: diff changeset	92	primrec
bbfc360db011 * empty log message * nipkow parents: diff changeset	93	"s \<Turnstile> Atom a = (a \<in> L s)"
bbfc360db011 * empty log message * nipkow parents: diff changeset	94	"s \<Turnstile> Neg f = (\<not>(s \<Turnstile> f))"
bbfc360db011 * empty log message * nipkow parents: diff changeset	95	"s \<Turnstile> And f g = (s \<Turnstile> f \<and> s \<Turnstile> g)"
bbfc360db011 * empty log message * nipkow parents: diff changeset	96	"s \<Turnstile> AX f = (\<forall>t. (s,t) \<in> M \<longrightarrow> t \<Turnstile> f)"
bbfc360db011 * empty log message * nipkow parents: diff changeset	97	"s \<Turnstile> EF f = (\<exists>t. (s,t) \<in> M\<^sup>* \<and> t \<Turnstile> f)"
bbfc360db011 * empty log message * nipkow parents: diff changeset	98
bbfc360db011 * empty log message * nipkow parents: diff changeset	99	consts mc :: "formula \<Rightarrow> state set"
bbfc360db011 * empty log message * nipkow parents: diff changeset	100	primrec
bbfc360db011 * empty log message * nipkow parents: diff changeset	101	"mc(Atom a) = {s. a \<in> L s}"
bbfc360db011 * empty log message * nipkow parents: diff changeset	102	"mc(Neg f) = -mc f"
bbfc360db011 * empty log message * nipkow parents: diff changeset	103	"mc(And f g) = mc f \<inter> mc g"
bbfc360db011 * empty log message * nipkow parents: diff changeset	104	"mc(AX f) = {s. \<forall>t. (s,t) \<in> M \<longrightarrow> t \<in> mc f}"
bbfc360db011 * empty log message * nipkow parents: diff changeset	105	"mc(EF f) = lfp(\<lambda>T. mc f \<union> (M\<inverse> `` T))"
bbfc360db011 * empty log message * nipkow parents: diff changeset	106
bbfc360db011 * empty log message * nipkow parents: diff changeset	107	lemma mono_ef: "mono(\<lambda>T. A \<union> (M\<inverse> `` T))"
bbfc360db011 * empty log message * nipkow parents: diff changeset	108	apply(rule monoI)
bbfc360db011 * empty log message * nipkow parents: diff changeset	109	apply blast
bbfc360db011 * empty log message * nipkow parents: diff changeset	110	done
bbfc360db011 * empty log message * nipkow parents: diff changeset	111
bbfc360db011 * empty log message * nipkow parents: diff changeset	112	lemma EF_lemma:
bbfc360db011 * empty log message * nipkow parents: diff changeset	113	"lfp(\<lambda>T. A \<union> (M\<inverse> `` T)) = {s. \<exists>t. (s,t) \<in> M\<^sup>* \<and> t \<in> A}"
bbfc360db011 * empty log message * nipkow parents: diff changeset	114	apply(rule equalityI)
bbfc360db011 * empty log message * nipkow parents: diff changeset	115	thm lfp_lowerbound
bbfc360db011 * empty log message * nipkow parents: diff changeset	116	apply(rule lfp_lowerbound)
bbfc360db011 * empty log message * nipkow parents: diff changeset	117	apply(blast intro: rtrancl_trans)
bbfc360db011 * empty log message * nipkow parents: diff changeset	118	apply(rule subsetI)
bbfc360db011 * empty log message * nipkow parents: diff changeset	119	apply clarsimp
bbfc360db011 * empty log message * nipkow parents: diff changeset	120	apply(erule converse_rtrancl_induct)
bbfc360db011 * empty log message * nipkow parents: diff changeset	121	thm lfp_unfold[OF mono_ef]
bbfc360db011 * empty log message * nipkow parents: diff changeset	122	apply(subst lfp_unfold[OF mono_ef])
bbfc360db011 * empty log message * nipkow parents: diff changeset	123	apply(blast)
bbfc360db011 * empty log message * nipkow parents: diff changeset	124	apply(subst lfp_unfold[OF mono_ef])
bbfc360db011 * empty log message * nipkow parents: diff changeset	125	apply(blast)
bbfc360db011 * empty log message * nipkow parents: diff changeset	126	done
bbfc360db011 * empty log message * nipkow parents: diff changeset	127
bbfc360db011 * empty log message * nipkow parents: diff changeset	128	theorem "mc f = {s. s \<Turnstile> f}"
bbfc360db011 * empty log message * nipkow parents: diff changeset	129	apply(induct_tac f)
bbfc360db011 * empty log message * nipkow parents: diff changeset	130	apply(auto simp add: EF_lemma)
bbfc360db011 * empty log message * nipkow parents: diff changeset	131	done
bbfc360db011 * empty log message * nipkow parents: diff changeset	132
14138 ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	133	text{*Preview of coming attractions: a structured proof of the
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	134	@{thm[source]EF_lemma}.*}
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	135	lemma EF_lemma:
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	136	"lfp(\<lambda>T. A \<union> (M\<inverse> `` T)) = {s. \<exists>t. (s,t) \<in> M\<^sup>* \<and> t \<in> A}"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	137	(is "lfp ?F = ?R")
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	138	proof
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	139	show "lfp ?F \<subseteq> ?R"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	140	proof (rule lfp_lowerbound)
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	141	show "?F ?R \<subseteq> ?R" by(blast intro: rtrancl_trans)
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	142	qed
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	143	next
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	144	show "?R \<subseteq> lfp ?F"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	145	proof
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	146	fix s assume "s \<in> ?R"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	147	then obtain t where st: "(s,t) \<in> M\<^sup>*" and tA: "t \<in> A" by blast
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	148	from st show "s \<in> lfp ?F"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	149	proof (rule converse_rtrancl_induct)
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	150	show "t \<in> lfp ?F"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	151	proof (subst lfp_unfold[OF mono_ef])
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	152	show "t \<in> ?F(lfp ?F)" using tA by blast
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	153	qed
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	154	next
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	155	fix s s'
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	156	assume ss': "(s,s') \<in> M" and s't: "(s',t) \<in> M\<^sup>*"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	157	and IH: "s' \<in> lfp ?F"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	158	show "s \<in> lfp ?F"
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	159	proof (subst lfp_unfold[OF mono_ef])
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	160	show "s \<in> ?F(lfp ?F)" using prems by blast
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	161	qed
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	162	qed
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	163	qed
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	164	qed
ca5029d391d1 * empty log message * nipkow parents: 13489 diff changeset	165
13262 bbfc360db011 * empty log message * nipkow parents: diff changeset	166	text{*
bbfc360db011 * empty log message * nipkow parents: diff changeset	167	\begin{exercise}
bbfc360db011 * empty log message * nipkow parents: diff changeset	168	@{term AX} has a dual operator @{term EN}\footnote{We cannot use the customary @{text EX}
bbfc360db011 * empty log message * nipkow parents: diff changeset	169	as that is the \textsc{ascii}-equivalent of @{text"\<exists>"}}
bbfc360db011 * empty log message * nipkow parents: diff changeset	170	(``there exists a next state such that'') with the intended semantics
bbfc360db011 * empty log message * nipkow parents: diff changeset	171	@{prop[display]"(s \<Turnstile> EN f) = (EX t. (s,t) : M & t \<Turnstile> f)"}
bbfc360db011 * empty log message * nipkow parents: diff changeset	172	Fortunately, @{term"EN f"} can already be expressed as a PDL formula. How?
bbfc360db011 * empty log message * nipkow parents: diff changeset	173
bbfc360db011 * empty log message * nipkow parents: diff changeset	174	Show that the semantics for @{term EF} satisfies the following recursion equation:
bbfc360db011 * empty log message * nipkow parents: diff changeset	175	@{prop[display]"(s \<Turnstile> EF f) = (s \<Turnstile> f \| s \<Turnstile> EN(EF f))"}
bbfc360db011 * empty log message * nipkow parents: diff changeset	176	\end{exercise}*}
bbfc360db011 * empty log message * nipkow parents: diff changeset	177	(<)end(>)

author	kleing
	Fri, 29 Apr 2005 13:12:38 +0200
changeset 15887	7dee3396d8b0
parent 14138	ca5029d391d1
child 21324	a5089fc012b5
permissions	-rw-r--r--