author | wenzelm |
Wed, 05 Dec 2001 03:13:57 +0100 | |
changeset 12378 | 86c58273f8c0 |
parent 10231 | 178a272bceeb |
child 13187 | e5434b822a96 |
permissions | -rw-r--r-- |
3807 | 1 |
(* |
2 |
File: TLA/TLA.ML |
|
3 |
Author: Stephan Merz |
|
6255 | 4 |
Copyright: 1998 University of Munich |
3807 | 5 |
|
6 |
Lemmas and tactics for temporal reasoning. |
|
7 |
*) |
|
8 |
||
6255 | 9 |
(* Specialize intensional introduction/elimination rules for temporal formulas *) |
3807 | 10 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
11 |
val [prem] = goal thy "(!!sigma. sigma |= (F::temporal)) ==> |- F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
12 |
by (REPEAT (resolve_tac [prem,intI] 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
13 |
qed "tempI"; |
3807 | 14 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
15 |
val [prem] = goal thy "|- (F::temporal) ==> sigma |= F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
16 |
by (rtac (prem RS intD) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
17 |
qed "tempD"; |
3807 | 18 |
|
19 |
||
6255 | 20 |
(* ======== Functions to "unlift" temporal theorems ====== *) |
3807 | 21 |
|
6255 | 22 |
(* The following functions are specialized versions of the corresponding |
23 |
functions defined in Intensional.ML in that they introduce a |
|
24 |
"world" parameter of type "behavior". |
|
3807 | 25 |
*) |
6255 | 26 |
fun temp_unlift th = |
27 |
(rewrite_rule action_rews (th RS tempD)) |
|
28 |
handle _ => action_unlift th; |
|
3807 | 29 |
|
6255 | 30 |
(* Turn |- F = G into meta-level rewrite rule F == G *) |
31 |
val temp_rewrite = int_rewrite; |
|
3807 | 32 |
|
6255 | 33 |
fun temp_use th = |
34 |
case (concl_of th) of |
|
35 |
Const _ $ (Const ("Intensional.Valid", _) $ _) => |
|
36 |
((flatten (temp_unlift th)) handle _ => th) |
|
37 |
| _ => th; |
|
3807 | 38 |
|
39 |
(* Update classical reasoner---will be updated once more below! *) |
|
40 |
||
41 |
AddSIs [tempI]; |
|
42 |
AddDs [tempD]; |
|
43 |
||
6255 | 44 |
val temp_css = (claset(), simpset()); |
4651 | 45 |
val temp_cs = op addss temp_css; |
3807 | 46 |
|
6255 | 47 |
(* Modify the functions that add rules to simpsets, classical sets, |
48 |
and clasimpsets in order to accept "lifted" theorems |
|
49 |
*) |
|
3807 | 50 |
|
6255 | 51 |
local |
52 |
fun try_rewrite th = |
|
53 |
(temp_rewrite th) handle _ => temp_use th |
|
54 |
in |
|
55 |
val op addsimps = fn (ss, ts) => ss addsimps (map try_rewrite ts) |
|
56 |
val op addsimps2 = fn (css, ts) => css addsimps2 (map try_rewrite ts) |
|
57 |
end; |
|
3807 | 58 |
|
6255 | 59 |
val op addSIs = fn (cs, ts) => cs addSIs (map temp_use ts); |
60 |
val op addSEs = fn (cs, ts) => cs addSEs (map temp_use ts); |
|
61 |
val op addSDs = fn (cs, ts) => cs addSDs (map temp_use ts); |
|
62 |
val op addIs = fn (cs, ts) => cs addIs (map temp_use ts); |
|
63 |
val op addEs = fn (cs, ts) => cs addEs (map temp_use ts); |
|
64 |
val op addDs = fn (cs, ts) => cs addDs (map temp_use ts); |
|
3807 | 65 |
|
6255 | 66 |
val op addSIs2 = fn (css, ts) => css addSIs2 (map temp_use ts); |
67 |
val op addSEs2 = fn (css, ts) => css addSEs2 (map temp_use ts); |
|
68 |
val op addSDs2 = fn (css, ts) => css addSDs2 (map temp_use ts); |
|
69 |
val op addIs2 = fn (css, ts) => css addIs2 (map temp_use ts); |
|
70 |
val op addEs2 = fn (css, ts) => css addEs2 (map temp_use ts); |
|
71 |
val op addDs2 = fn (css, ts) => css addDs2 (map temp_use ts); |
|
3807 | 72 |
|
73 |
||
74 |
(* ------------------------------------------------------------------------- *) |
|
75 |
(*** "Simple temporal logic": only [] and <> ***) |
|
76 |
(* ------------------------------------------------------------------------- *) |
|
77 |
section "Simple temporal logic"; |
|
78 |
||
6255 | 79 |
(* []~F == []~Init F *) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
80 |
bind_thm("boxNotInit", |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
81 |
rewrite_rule Init_simps (read_instantiate [("F", "LIFT ~F")] boxInit)); |
6255 | 82 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
83 |
Goalw [dmd_def] "TEMP <>F == TEMP <> Init F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
84 |
by (rewtac (read_instantiate [("F", "LIFT ~F")] boxInit)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
85 |
by (simp_tac (simpset() addsimps Init_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
86 |
qed "dmdInit"; |
6255 | 87 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
88 |
bind_thm("dmdNotInit", |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
89 |
rewrite_rule Init_simps (read_instantiate [("F", "LIFT ~F")] dmdInit)); |
6255 | 90 |
|
91 |
(* boxInit and dmdInit cannot be used as rewrites, because they loop. |
|
92 |
Non-looping instances for state predicates and actions are occasionally useful. |
|
93 |
*) |
|
94 |
bind_thm("boxInit_stp", read_instantiate [("'a","state")] boxInit); |
|
95 |
bind_thm("boxInit_act", read_instantiate [("'a","state * state")] boxInit); |
|
96 |
bind_thm("dmdInit_stp", read_instantiate [("'a","state")] dmdInit); |
|
97 |
bind_thm("dmdInit_act", read_instantiate [("'a","state * state")] dmdInit); |
|
98 |
||
99 |
(* The symmetric equations can be used to get rid of Init *) |
|
100 |
bind_thm("boxInitD", symmetric boxInit); |
|
101 |
bind_thm("dmdInitD", symmetric dmdInit); |
|
102 |
bind_thm("boxNotInitD", symmetric boxNotInit); |
|
103 |
bind_thm("dmdNotInitD", symmetric dmdNotInit); |
|
104 |
||
105 |
val Init_simps = Init_simps @ [boxInitD, dmdInitD, boxNotInitD, dmdNotInitD]; |
|
106 |
||
3807 | 107 |
(* ------------------------ STL2 ------------------------------------------- *) |
108 |
bind_thm("STL2", reflT); |
|
109 |
||
6255 | 110 |
(* The "polymorphic" (generic) variant *) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
111 |
Goal "|- []F --> Init F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
112 |
by (rewtac (read_instantiate [("F", "F")] boxInit)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
113 |
by (rtac STL2 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
114 |
qed "STL2_gen"; |
6255 | 115 |
|
116 |
(* see also STL2_pr below: "|- []P --> Init P & Init (P`)" *) |
|
117 |
||
3807 | 118 |
|
119 |
(* Dual versions for <> *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
120 |
Goalw [dmd_def] "|- F --> <> F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
121 |
by (auto_tac (temp_css addSDs2 [STL2])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
122 |
qed "InitDmd"; |
3807 | 123 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
124 |
Goal "|- Init F --> <>F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
125 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
126 |
by (dtac (temp_use InitDmd) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
127 |
by (asm_full_simp_tac (simpset() addsimps [dmdInitD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
128 |
qed "InitDmd_gen"; |
3807 | 129 |
|
130 |
||
131 |
(* ------------------------ STL3 ------------------------------------------- *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
132 |
Goal "|- ([][]F) = ([]F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
133 |
by (force_tac (temp_css addEs2 [transT,STL2]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
134 |
qed "STL3"; |
3807 | 135 |
|
136 |
(* corresponding elimination rule introduces double boxes: |
|
137 |
[| (sigma |= []F); (sigma |= [][]F) ==> PROP W |] ==> PROP W |
|
138 |
*) |
|
139 |
bind_thm("dup_boxE", make_elim((temp_unlift STL3) RS iffD2)); |
|
140 |
bind_thm("dup_boxD", (temp_unlift STL3) RS iffD1); |
|
141 |
||
142 |
(* dual versions for <> *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
143 |
Goal "|- (<><>F) = (<>F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
144 |
by (auto_tac (temp_css addsimps2 [dmd_def,STL3])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
145 |
qed "DmdDmd"; |
3807 | 146 |
bind_thm("dup_dmdE", make_elim((temp_unlift DmdDmd) RS iffD2)); |
147 |
bind_thm("dup_dmdD", (temp_unlift DmdDmd) RS iffD1); |
|
148 |
||
149 |
||
150 |
(* ------------------------ STL4 ------------------------------------------- *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
151 |
val [prem] = goal thy "|- F --> G ==> |- []F --> []G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
152 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
153 |
by (rtac (temp_use normalT) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
154 |
by (rtac (temp_use (prem RS necT)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
155 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
156 |
qed "STL4"; |
3807 | 157 |
|
6255 | 158 |
(* Unlifted version as an elimination rule *) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
159 |
val prems = goal thy "[| sigma |= []F; |- F --> G |] ==> sigma |= []G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
160 |
by (REPEAT (resolve_tac (prems @ [temp_use STL4]) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
161 |
qed "STL4E"; |
6255 | 162 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
163 |
val [prem] = goal thy "|- Init F --> Init G ==> |- []F --> []G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
164 |
by (rtac (rewrite_rule [boxInitD] (prem RS STL4)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
165 |
qed "STL4_gen"; |
6255 | 166 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
167 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
168 |
"[| sigma |= []F; |- Init F --> Init G |] ==> sigma |= []G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
169 |
by (REPEAT (resolve_tac (prems @ [temp_use STL4_gen]) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
170 |
qed "STL4E_gen"; |
3807 | 171 |
|
172 |
(* see also STL4Edup below, which allows an auxiliary boxed formula: |
|
173 |
[]A /\ F => G |
|
174 |
----------------- |
|
175 |
[]A /\ []F => []G |
|
176 |
*) |
|
177 |
||
178 |
(* The dual versions for <> *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
179 |
val [prem] = goalw thy [dmd_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
180 |
"|- F --> G ==> |- <>F --> <>G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
181 |
by (fast_tac (temp_cs addSIs [prem] addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
182 |
qed "DmdImpl"; |
3807 | 183 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
184 |
val prems = goal thy "[| sigma |= <>F; |- F --> G |] ==> sigma |= <>G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
185 |
by (REPEAT (resolve_tac (prems @ [temp_use DmdImpl]) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
186 |
qed "DmdImplE"; |
3807 | 187 |
|
188 |
||
189 |
(* ------------------------ STL5 ------------------------------------------- *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
190 |
Goal "|- ([]F & []G) = ([](F & G))"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
191 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
192 |
by (subgoal_tac "sigma |= [](G --> (F & G))" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
193 |
by (etac (temp_use normalT) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
194 |
by (ALLGOALS (fast_tac (temp_cs addSEs [STL4E]))); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
195 |
qed "STL5"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
196 |
|
3807 | 197 |
(* rewrite rule to split conjunctions under boxes *) |
198 |
bind_thm("split_box_conj", (temp_unlift STL5) RS sym); |
|
199 |
||
200 |
(* the corresponding elimination rule allows to combine boxes in the hypotheses |
|
201 |
(NB: F and G must have the same type, i.e., both actions or temporals.) |
|
6255 | 202 |
Use "addSE2" etc. if you want to add this to a claset, otherwise it will loop! |
3807 | 203 |
*) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
204 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
205 |
"[| sigma |= []F; sigma |= []G; sigma |= [](F&G) ==> PROP R |] ==> PROP R"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
206 |
by (REPEAT (resolve_tac (prems @ [(temp_unlift STL5) RS iffD1, conjI]) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
207 |
qed "box_conjE"; |
3807 | 208 |
|
6255 | 209 |
(* Instances of box_conjE for state predicates, actions, and temporals |
210 |
in case the general rule is "too polymorphic". |
|
211 |
*) |
|
212 |
bind_thm("box_conjE_temp", read_instantiate [("'a","behavior")] box_conjE); |
|
213 |
bind_thm("box_conjE_stp", read_instantiate [("'a","state")] box_conjE); |
|
214 |
bind_thm("box_conjE_act", read_instantiate [("'a","state * state")] box_conjE); |
|
215 |
||
3807 | 216 |
(* Define a tactic that tries to merge all boxes in an antecedent. The definition is |
6255 | 217 |
a bit kludgy in order to simulate "double elim-resolution". |
3807 | 218 |
*) |
6255 | 219 |
|
220 |
Goal "[| sigma |= []F; PROP W |] ==> PROP W"; |
|
221 |
by (atac 1); |
|
222 |
val box_thin = result(); |
|
3807 | 223 |
|
224 |
fun merge_box_tac i = |
|
225 |
REPEAT_DETERM (EVERY [etac box_conjE i, atac i, etac box_thin i]); |
|
226 |
||
227 |
fun merge_temp_box_tac i = |
|
6255 | 228 |
REPEAT_DETERM (EVERY [etac box_conjE_temp i, atac i, |
229 |
eres_inst_tac [("'a","behavior")] box_thin i]); |
|
3807 | 230 |
|
6255 | 231 |
fun merge_stp_box_tac i = |
232 |
REPEAT_DETERM (EVERY [etac box_conjE_stp i, atac i, |
|
233 |
eres_inst_tac [("'a","state")] box_thin i]); |
|
234 |
||
3807 | 235 |
fun merge_act_box_tac i = |
6255 | 236 |
REPEAT_DETERM (EVERY [etac box_conjE_act i, atac i, |
237 |
eres_inst_tac [("'a","state * state")] box_thin i]); |
|
238 |
||
3807 | 239 |
|
240 |
(* rewrite rule to push universal quantification through box: |
|
6255 | 241 |
(sigma |= [](! x. F x)) = (! x. (sigma |= []F x)) |
3807 | 242 |
*) |
243 |
bind_thm("all_box", standard((temp_unlift allT) RS sym)); |
|
244 |
||
245 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
246 |
Goal "|- (<>(F | G)) = (<>F | <>G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
247 |
by (auto_tac (temp_css addsimps2 [dmd_def,split_box_conj])); |
10231 | 248 |
by (ALLGOALS (EVERY' [etac contrapos_np, |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
249 |
merge_box_tac, |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
250 |
fast_tac (temp_cs addSEs [STL4E])])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
251 |
qed "DmdOr"; |
3807 | 252 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
253 |
Goal "|- (EX x. <>(F x)) = (<>(EX x. F x))"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
254 |
by (auto_tac (temp_css addsimps2 [dmd_def,Not_Rex,all_box])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
255 |
qed "exT"; |
3807 | 256 |
|
257 |
bind_thm("ex_dmd", standard((temp_unlift exT) RS sym)); |
|
258 |
||
259 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
260 |
Goal "!!sigma. [| sigma |= []A; sigma |= []F; |- F & []A --> G |] ==> sigma |= []G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
261 |
by (etac dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
262 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
263 |
by (etac STL4E 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
264 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
265 |
qed "STL4Edup"; |
3807 | 266 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
267 |
Goalw [dmd_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
268 |
"!!sigma. [| sigma |= <>F; sigma |= [](F --> G) |] ==> sigma |= <>G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
269 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
270 |
by (etac notE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
271 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
272 |
by (fast_tac (temp_cs addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
273 |
qed "DmdImpl2"; |
3807 | 274 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
275 |
val [prem1,prem2,prem3] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
276 |
"[| sigma |= []<>F; sigma |= []G; |- F & G --> H |] ==> sigma |= []<>H"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
277 |
by (cut_facts_tac [prem1,prem2] 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
278 |
by (eres_inst_tac [("F","G")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
279 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
280 |
by (fast_tac (temp_cs addSEs [STL4E,DmdImpl2] addSIs [prem3]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
281 |
qed "InfImpl"; |
3807 | 282 |
|
283 |
(* ------------------------ STL6 ------------------------------------------- *) |
|
284 |
(* Used in the proof of STL6, but useful in itself. *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
285 |
Goalw [dmd_def] "|- []F & <>G --> <>([]F & G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
286 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
287 |
by (etac dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
288 |
by (merge_box_tac 1); |
10231 | 289 |
by (etac contrapos_np 1); |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
290 |
by (fast_tac (temp_cs addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
291 |
qed "BoxDmd"; |
3807 | 292 |
|
293 |
(* weaker than BoxDmd, but more polymorphic (and often just right) *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
294 |
Goalw [dmd_def] "|- []F & <>G --> <>(F & G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
295 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
296 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
297 |
by (fast_tac (temp_cs addSEs [notE,STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
298 |
qed "BoxDmd_simple"; |
6255 | 299 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
300 |
Goalw [dmd_def] "|- []F & <>G --> <>(G & F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
301 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
302 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
303 |
by (fast_tac (temp_cs addSEs [notE,STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
304 |
qed "BoxDmd2_simple"; |
3807 | 305 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
306 |
val [p1,p2,p3] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
307 |
"[| sigma |= []A; sigma |= <>F; |- []A & F --> G |] ==> sigma |= <>G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
308 |
by (rtac ((p2 RS (p1 RS (temp_use BoxDmd))) RS DmdImplE) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
309 |
by (rtac p3 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
310 |
qed "DmdImpldup"; |
6255 | 311 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
312 |
Goal "|- <>[]F & <>[]G --> <>[](F & G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
313 |
by (auto_tac (temp_css addsimps2 [symmetric (temp_rewrite STL5)])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
314 |
by (dtac (temp_use linT) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
315 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
316 |
by (etac thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
317 |
by (rtac ((temp_unlift DmdDmd) RS iffD1) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
318 |
by (etac disjE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
319 |
by (etac DmdImplE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
320 |
by (rtac BoxDmd 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
321 |
by (etac DmdImplE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
322 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
323 |
by (dtac (temp_use BoxDmd) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
324 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
325 |
by (etac thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
326 |
by (fast_tac (temp_cs addSEs [DmdImplE]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
327 |
qed "STL6"; |
3807 | 328 |
|
329 |
||
330 |
(* ------------------------ True / False ----------------------------------------- *) |
|
331 |
section "Simplification of constants"; |
|
332 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
333 |
Goal "|- ([]#P) = #P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
334 |
by (rtac tempI 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
335 |
by (case_tac "P" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
336 |
by (auto_tac (temp_css addSIs2 [necT] addDs2 [STL2_gen] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
337 |
addsimps2 Init_simps)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
338 |
qed "BoxConst"; |
3807 | 339 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
340 |
Goalw [dmd_def] "|- (<>#P) = #P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
341 |
by (case_tac "P" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
342 |
by (ALLGOALS (asm_full_simp_tac (simpset() addsimps [BoxConst]))); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
343 |
qed "DmdConst"; |
3807 | 344 |
|
6255 | 345 |
val temp_simps = map temp_rewrite [BoxConst, DmdConst]; |
3807 | 346 |
|
347 |
(* Make these rewrites active by default *) |
|
348 |
Addsimps temp_simps; |
|
349 |
val temp_css = temp_css addsimps2 temp_simps; |
|
4651 | 350 |
val temp_cs = op addss temp_css; |
3807 | 351 |
|
352 |
||
353 |
(* ------------------------ Further rewrites ----------------------------------------- *) |
|
354 |
section "Further rewrites"; |
|
355 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
356 |
Goalw [dmd_def] "|- (~[]F) = (<>~F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
357 |
by (Simp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
358 |
qed "NotBox"; |
3807 | 359 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
360 |
Goalw [dmd_def] "|- (~<>F) = ([]~F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
361 |
by (Simp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
362 |
qed "NotDmd"; |
3807 | 363 |
|
364 |
(* These are not by default included in temp_css, because they could be harmful, |
|
6255 | 365 |
e.g. []F & ~[]F becomes []F & <>~F !! *) |
3807 | 366 |
val more_temp_simps = (map temp_rewrite [STL3, DmdDmd, NotBox, NotDmd]) |
367 |
@ (map (fn th => (temp_unlift th) RS eq_reflection) |
|
368 |
[NotBox, NotDmd]); |
|
369 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
370 |
Goal "|- ([]<>[]F) = (<>[]F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
371 |
by (auto_tac (temp_css addSDs2 [STL2])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
372 |
by (rtac ccontr 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
373 |
by (subgoal_tac "sigma |= <>[][]F & <>[]~[]F" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
374 |
by (etac thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
375 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
376 |
by (dtac (temp_use STL6) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
377 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
378 |
by (Asm_full_simp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
379 |
by (ALLGOALS (asm_full_simp_tac (simpset() addsimps more_temp_simps))); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
380 |
qed "BoxDmdBox"; |
3807 | 381 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
382 |
Goalw [dmd_def] "|- (<>[]<>F) = ([]<>F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
383 |
by (auto_tac (temp_css addsimps2 [rewrite_rule [dmd_def] BoxDmdBox])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
384 |
qed "DmdBoxDmd"; |
3807 | 385 |
|
386 |
val more_temp_simps = more_temp_simps @ (map temp_rewrite [BoxDmdBox, DmdBoxDmd]); |
|
387 |
||
388 |
||
389 |
(* ------------------------ Miscellaneous ----------------------------------- *) |
|
390 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
391 |
Goal "!!sigma. [| sigma |= []F | []G |] ==> sigma |= [](F | G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
392 |
by (fast_tac (temp_cs addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
393 |
qed "BoxOr"; |
3807 | 394 |
|
6255 | 395 |
(* "persistently implies infinitely often" *) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
396 |
Goal "|- <>[]F --> []<>F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
397 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
398 |
by (rtac ccontr 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
399 |
by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
400 |
by (dtac (temp_use STL6) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
401 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
402 |
by (Asm_full_simp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
403 |
qed "DBImplBD"; |
3807 | 404 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
405 |
Goal "|- []<>F & <>[]G --> []<>(F & G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
406 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
407 |
by (rtac ccontr 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
408 |
by (rewrite_goals_tac more_temp_simps); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
409 |
by (dtac (temp_use STL6) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
410 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
411 |
by (subgoal_tac "sigma |= <>[]~F" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
412 |
by (force_tac (temp_css addsimps2 [dmd_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
413 |
by (fast_tac (temp_cs addEs [DmdImplE,STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
414 |
qed "BoxDmdDmdBox"; |
3807 | 415 |
|
416 |
||
417 |
(* ------------------------------------------------------------------------- *) |
|
418 |
(*** TLA-specific theorems: primed formulas ***) |
|
419 |
(* ------------------------------------------------------------------------- *) |
|
420 |
section "priming"; |
|
421 |
||
422 |
(* ------------------------ TLA2 ------------------------------------------- *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
423 |
Goal "|- []P --> Init P & Init P`"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
424 |
by (fast_tac (temp_cs addSIs [primeI, STL2_gen]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
425 |
qed "STL2_pr"; |
3807 | 426 |
|
427 |
(* Auxiliary lemma allows priming of boxed actions *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
428 |
Goal "|- []P --> []($P & P$)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
429 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
430 |
by (etac dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
431 |
by (rewtac boxInit_act); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
432 |
by (etac STL4E 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
433 |
by (auto_tac (temp_css addsimps2 Init_simps addSDs2 [STL2_pr])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
434 |
qed "BoxPrime"; |
3807 | 435 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
436 |
val prems = goal thy "|- $P & P$ --> A ==> |- []P --> []A"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
437 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
438 |
by (dtac (temp_use BoxPrime) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
439 |
by (auto_tac (temp_css addsimps2 [Init_stp_act_rev] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
440 |
addSIs2 prems addSEs2 [STL4E])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
441 |
qed "TLA2"; |
3807 | 442 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
443 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
444 |
"[| sigma |= []P; |- $P & P$ --> A |] ==> sigma |= []A"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
445 |
by (REPEAT (resolve_tac (prems @ (prems RL [temp_use TLA2])) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
446 |
qed "TLA2E"; |
3807 | 447 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
448 |
Goalw [dmd_def] "|- (<>P`) --> (<>P)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
449 |
by (fast_tac (temp_cs addSEs [TLA2E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
450 |
qed "DmdPrime"; |
3807 | 451 |
|
6255 | 452 |
bind_thm("PrimeDmd", (temp_use InitDmd_gen) RS (temp_use DmdPrime)); |
3807 | 453 |
|
454 |
(* ------------------------ INV1, stable --------------------------------------- *) |
|
455 |
section "stable, invariant"; |
|
456 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
457 |
val prems = goal thy |
6255 | 458 |
"[| sigma |= []H; sigma |= Init P; |- H --> (Init P & ~[]F --> Init(P`) & F) |] \ |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
459 |
\ ==> sigma |= []F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
460 |
by (rtac (temp_use indT) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
461 |
by (REPEAT (resolve_tac (prems @ (prems RL [STL4E])) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
462 |
qed "ind_rule"; |
6255 | 463 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
464 |
Goalw [boxInit_act] "|- ([]$P) = ([]P)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
465 |
by (simp_tac (simpset() addsimps Init_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
466 |
qed "box_stp_act"; |
6255 | 467 |
bind_thm("box_stp_actI", zero_var_indexes ((temp_use box_stp_act) RS iffD2)); |
468 |
bind_thm("box_stp_actD", zero_var_indexes ((temp_use box_stp_act) RS iffD1)); |
|
3807 | 469 |
|
6255 | 470 |
val more_temp_simps = (temp_rewrite box_stp_act)::more_temp_simps; |
3807 | 471 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
472 |
Goalw [stable_def,boxInit_stp,boxInit_act] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
473 |
"|- (Init P) --> (stable P) --> []P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
474 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
475 |
by (etac ind_rule 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
476 |
by (auto_tac (temp_css addsimps2 Init_simps addEs2 [ind_rule])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
477 |
qed "INV1"; |
6255 | 478 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
479 |
Goalw [stable_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
480 |
"!!P. |- $P & A --> P` ==> |- []A --> stable P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
481 |
by (fast_tac (temp_cs addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
482 |
qed "StableT"; |
3807 | 483 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
484 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
485 |
"[| sigma |= []A; |- $P & A --> P` |] ==> sigma |= stable P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
486 |
by (REPEAT (resolve_tac (prems @ [temp_use StableT]) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
487 |
qed "Stable"; |
3807 | 488 |
|
489 |
(* Generalization of INV1 *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
490 |
Goalw [stable_def] "|- (stable P) --> [](Init P --> []P)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
491 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
492 |
by (etac dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
493 |
by (force_tac (temp_css addsimps2 [stable_def] addEs2 [STL4E, INV1]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
494 |
qed "StableBox"; |
6255 | 495 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
496 |
Goal "|- (stable P) & <>P --> <>[]P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
497 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
498 |
by (rtac DmdImpl2 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
499 |
by (etac (temp_use StableBox) 2); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
500 |
by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
501 |
qed "DmdStable"; |
3807 | 502 |
|
503 |
(* ---------------- (Semi-)automatic invariant tactics ---------------------- *) |
|
504 |
||
505 |
(* inv_tac reduces goals of the form ... ==> sigma |= []P *) |
|
5755
22081de41254
corrected auto_tac (applications of unsafe wrappers)
oheimb
parents:
5525
diff
changeset
|
506 |
fun inv_tac css = SELECT_GOAL |
3807 | 507 |
(EVERY [auto_tac css, |
508 |
TRY (merge_box_tac 1), |
|
6255 | 509 |
rtac (temp_use INV1) 1, (* fail if the goal is not a box *) |
3807 | 510 |
TRYALL (etac Stable)]); |
511 |
||
512 |
(* auto_inv_tac applies inv_tac and then tries to attack the subgoals; |
|
6255 | 513 |
in simple cases it may be able to handle goals like |- MyProg --> []Inv. |
3807 | 514 |
In these simple cases the simplifier seems to be more useful than the |
515 |
auto-tactic, which applies too much propositional logic and simplifies |
|
516 |
too late. |
|
517 |
*) |
|
518 |
||
5755
22081de41254
corrected auto_tac (applications of unsafe wrappers)
oheimb
parents:
5525
diff
changeset
|
519 |
fun auto_inv_tac ss = SELECT_GOAL |
4089 | 520 |
((inv_tac (claset(),ss) 1) THEN |
6255 | 521 |
(TRYALL (action_simp_tac (ss addsimps [Init_stp,Init_act]) [] [squareE]))); |
3807 | 522 |
|
523 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
524 |
Goalw [dmd_def] "|- []($P --> P` | Q`) --> (stable P) | <>Q"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
525 |
by (clarsimp_tac (temp_css addSDs2 [BoxPrime]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
526 |
by (merge_box_tac 1); |
10231 | 527 |
by (etac contrapos_np 1); |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
528 |
by (fast_tac (temp_cs addSEs [Stable]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
529 |
qed "unless"; |
3807 | 530 |
|
531 |
||
532 |
(* --------------------- Recursive expansions --------------------------------------- *) |
|
533 |
section "recursive expansions"; |
|
534 |
||
6255 | 535 |
(* Recursive expansions of [] and <> for state predicates *) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
536 |
Goal "|- ([]P) = (Init P & []P`)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
537 |
by (auto_tac (temp_css addSIs2 [STL2_gen])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
538 |
by (fast_tac (temp_cs addSEs [TLA2E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
539 |
by (auto_tac (temp_css addsimps2 [stable_def] addSEs2 [INV1,STL4E])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
540 |
qed "BoxRec"; |
3807 | 541 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
542 |
Goalw [dmd_def, temp_rewrite BoxRec] "|- (<>P) = (Init P | <>P`)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
543 |
by (auto_tac (temp_css addsimps2 Init_simps)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
544 |
qed "DmdRec"; |
3807 | 545 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
546 |
Goal "!!sigma. [| sigma |= <>P; sigma |= []~P` |] ==> sigma |= Init P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
547 |
by (force_tac (temp_css addsimps2 [DmdRec,dmd_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
548 |
qed "DmdRec2"; |
3807 | 549 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
550 |
Goal "|- ([]<>P) = ([]<>P`)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
551 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
552 |
by (rtac classical 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
553 |
by (rtac (temp_use DBImplBD) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
554 |
by (subgoal_tac "sigma |= <>[]P" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
555 |
by (fast_tac (temp_cs addSEs [DmdImplE,TLA2E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
556 |
by (subgoal_tac "sigma |= <>[](<>P & []~P`)" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
557 |
by (force_tac (temp_css addsimps2 [boxInit_stp] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
558 |
addSEs2 [DmdImplE,STL4E,DmdRec2]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
559 |
by (force_tac (temp_css addSIs2 [STL6] addsimps2 more_temp_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
560 |
by (fast_tac (temp_cs addIs [DmdPrime] addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
561 |
qed "InfinitePrime"; |
3807 | 562 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
563 |
val prems = goalw thy [temp_rewrite InfinitePrime] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
564 |
"[| sigma |= []N; sigma |= []<>A; |- A & N --> P` |] ==> sigma |= []<>P"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
565 |
by (rtac InfImpl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
566 |
by (REPEAT (resolve_tac prems 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
567 |
qed "InfiniteEnsures"; |
6255 | 568 |
|
3807 | 569 |
(* ------------------------ fairness ------------------------------------------- *) |
570 |
section "fairness"; |
|
571 |
||
572 |
(* alternative definitions of fairness *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
573 |
Goalw [WF_def,dmd_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
574 |
"|- WF(A)_v = ([]<>~Enabled(<A>_v) | []<><A>_v)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
575 |
by (fast_tac temp_cs 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
576 |
qed "WF_alt"; |
3807 | 577 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
578 |
Goalw [SF_def,dmd_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
579 |
"|- SF(A)_v = (<>[]~Enabled(<A>_v) | []<><A>_v)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
580 |
by (fast_tac temp_cs 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
581 |
qed "SF_alt"; |
3807 | 582 |
|
583 |
(* theorems to "box" fairness conditions *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
584 |
Goal "|- WF(A)_v --> []WF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
585 |
by (auto_tac (temp_css addsimps2 (WF_alt::more_temp_simps) |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
586 |
addSIs2 [BoxOr])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
587 |
qed "BoxWFI"; |
3807 | 588 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
589 |
Goal "|- ([]WF(A)_v) = WF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
590 |
by (fast_tac (temp_cs addSIs [BoxWFI] addSDs [STL2]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
591 |
qed "WF_Box"; |
3807 | 592 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
593 |
Goal "|- SF(A)_v --> []SF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
594 |
by (auto_tac (temp_css addsimps2 (SF_alt::more_temp_simps) |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
595 |
addSIs2 [BoxOr])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
596 |
qed "BoxSFI"; |
3807 | 597 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
598 |
Goal "|- ([]SF(A)_v) = SF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
599 |
by (fast_tac (temp_cs addSIs [BoxSFI] addSDs [STL2]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
600 |
qed "SF_Box"; |
3807 | 601 |
|
602 |
val more_temp_simps = more_temp_simps @ (map temp_rewrite [WF_Box, SF_Box]); |
|
603 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
604 |
Goalw [SF_def,WF_def] "|- SF(A)_v --> WF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
605 |
by (fast_tac (temp_cs addSDs [DBImplBD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
606 |
qed "SFImplWF"; |
3807 | 607 |
|
608 |
(* A tactic that "boxes" all fairness conditions. Apply more_temp_simps to "unbox". *) |
|
609 |
val box_fair_tac = SELECT_GOAL (REPEAT (dresolve_tac [BoxWFI,BoxSFI] 1)); |
|
610 |
||
611 |
||
612 |
(* ------------------------------ leads-to ------------------------------ *) |
|
613 |
||
614 |
section "~>"; |
|
615 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
616 |
Goalw [leadsto_def] "|- (Init F) & (F ~> G) --> <>G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
617 |
by (auto_tac (temp_css addSDs2 [STL2])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
618 |
qed "leadsto_init"; |
3807 | 619 |
|
6255 | 620 |
(* |- F & (F ~> G) --> <>G *) |
621 |
bind_thm("leadsto_init_temp", |
|
622 |
rewrite_rule Init_simps (read_instantiate [("'a","behavior")] leadsto_init)); |
|
623 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
624 |
Goalw [leadsto_def] "|- ([]<>Init F --> []<>G) = (<>(F ~> G))"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
625 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
626 |
by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
627 |
by (fast_tac (temp_cs addSEs [DmdImplE,STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
628 |
by (fast_tac (temp_cs addSIs [InitDmd] addSEs [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
629 |
by (subgoal_tac "sigma |= []<><>G" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
630 |
by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
631 |
by (dtac (temp_use BoxDmdDmdBox) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
632 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
633 |
by (fast_tac (temp_cs addSEs [DmdImplE,STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
634 |
qed "streett_leadsto"; |
3807 | 635 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
636 |
Goal "|- []<>F & (F ~> G) --> []<>G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
637 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
638 |
by (etac ((temp_use InitDmd) RS |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
639 |
((temp_unlift streett_leadsto) RS iffD2 RS mp)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
640 |
by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
641 |
qed "leadsto_infinite"; |
3807 | 642 |
|
643 |
(* In particular, strong fairness is a Streett condition. The following |
|
644 |
rules are sometimes easier to use than WF2 or SF2 below. |
|
645 |
*) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
646 |
Goalw [SF_def] "|- (Enabled(<A>_v) ~> <A>_v) --> SF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
647 |
by (clarsimp_tac (temp_css addSEs2 [leadsto_infinite]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
648 |
qed "leadsto_SF"; |
3807 | 649 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
650 |
Goal "|- (Enabled(<A>_v) ~> <A>_v) --> WF(A)_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
651 |
by (clarsimp_tac (temp_css addSIs2 [SFImplWF, leadsto_SF]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
652 |
qed "leadsto_WF"; |
3807 | 653 |
|
654 |
(* introduce an invariant into the proof of a leadsto assertion. |
|
6255 | 655 |
[]I --> ((P ~> Q) = (P /\ I ~> Q)) |
3807 | 656 |
*) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
657 |
Goalw [leadsto_def] "|- []I & (P & I ~> Q) --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
658 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
659 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
660 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
661 |
by (auto_tac (temp_css addsimps2 Init_simps addSDs2 [STL2_gen])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
662 |
qed "INV_leadsto"; |
3807 | 663 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
664 |
Goalw [leadsto_def,dmd_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
665 |
"|- (Init F & []~G ~> G) --> (F ~> G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
666 |
by (force_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
667 |
qed "leadsto_classical"; |
3807 | 668 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
669 |
Goalw [leadsto_def] "|- (F ~> #False) = ([]~F)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
670 |
by (simp_tac (simpset() addsimps [boxNotInitD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
671 |
qed "leadsto_false"; |
6255 | 672 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
673 |
Goalw [leadsto_def] "|- ((EX x. F x) ~> G) = (ALL x. (F x ~> G))"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
674 |
by (auto_tac (temp_css addsimps2 allT::Init_simps addSEs2 [STL4E])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
675 |
qed "leadsto_exists"; |
3807 | 676 |
|
677 |
(* basic leadsto properties, cf. Unity *) |
|
678 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
679 |
Goalw [leadsto_def] "|- [](Init F --> Init G) --> (F ~> G)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
680 |
by (auto_tac (temp_css addSIs2 [InitDmd_gen] addSEs2 [STL4E_gen] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
681 |
addsimps2 Init_simps)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
682 |
qed "ImplLeadsto_gen"; |
3807 | 683 |
|
6255 | 684 |
bind_thm("ImplLeadsto", |
685 |
rewrite_rule Init_simps |
|
686 |
(read_instantiate [("'a","behavior"), ("'b","behavior")] ImplLeadsto_gen)); |
|
687 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
688 |
Goal "!!F G. |- F --> G ==> |- F ~> G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
689 |
by (auto_tac (temp_css addsimps2 [Init_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
690 |
addSIs2 [ImplLeadsto_gen,necT])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
691 |
qed "ImplLeadsto_simple"; |
6255 | 692 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
693 |
val [prem] = goalw thy [leadsto_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
694 |
"|- A & $P --> Q` ==> |- []A --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
695 |
by (clarsimp_tac (temp_css addSEs2 [INV_leadsto]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
696 |
by (etac STL4E_gen 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
697 |
by (auto_tac (temp_css addsimps2 Init_defs addSIs2 [PrimeDmd,prem])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
698 |
qed "EnsuresLeadsto"; |
6255 | 699 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
700 |
Goalw [leadsto_def] "|- []($P --> Q`) --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
701 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
702 |
by (etac STL4E_gen 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
703 |
by (auto_tac (temp_css addsimps2 Init_simps addSIs2 [PrimeDmd])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
704 |
qed "EnsuresLeadsto2"; |
3807 | 705 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
706 |
val [p1,p2] = goalw thy [leadsto_def] |
6255 | 707 |
"[| |- $P & N --> P` | Q`; \ |
708 |
\ |- ($P & N) & A --> Q` \ |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
709 |
\ |] ==> |- []N & []([]P --> <>A) --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
710 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
711 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
712 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
713 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
714 |
by (subgoal_tac "sigmaa |= []($P --> P` | Q`)" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
715 |
by (dtac (temp_use unless) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
716 |
by (clarsimp_tac (temp_css addSDs2 [INV1]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
717 |
by (rtac ((temp_use (p2 RS DmdImpl)) RS (temp_use DmdPrime)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
718 |
by (force_tac (temp_css addSIs2 [BoxDmd_simple] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
719 |
addsimps2 [split_box_conj,box_stp_act]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
720 |
by (force_tac (temp_css addEs2 [STL4E] addDs2 [p1]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
721 |
qed "ensures"; |
6255 | 722 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
723 |
val prems = goal thy |
6255 | 724 |
"[| |- $P & N --> P` | Q`; \ |
725 |
\ |- ($P & N) & A --> Q` \ |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
726 |
\ |] ==> |- []N & []<>A --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
727 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
728 |
by (rtac (temp_use ensures) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
729 |
by (TRYALL (ares_tac prems)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
730 |
by (force_tac (temp_css addSEs2 [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
731 |
qed "ensures_simple"; |
6255 | 732 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
733 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
734 |
"[| sigma |= []<>P; sigma |= []A; |- A & $P --> Q` |] ==> sigma |= []<>Q"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
735 |
by (REPEAT (resolve_tac (prems @ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
736 |
(map temp_use [leadsto_infinite, EnsuresLeadsto])) 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
737 |
qed "EnsuresInfinite"; |
6255 | 738 |
|
3807 | 739 |
|
740 |
(*** Gronning's lattice rules (taken from TLP) ***) |
|
741 |
section "Lattice rules"; |
|
742 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
743 |
Goalw [leadsto_def] "|- F ~> F"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
744 |
by (REPEAT (resolve_tac [necT,InitDmd_gen] 1)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
745 |
qed "LatticeReflexivity"; |
3807 | 746 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
747 |
Goalw [leadsto_def] "|- (G ~> H) & (F ~> G) --> (F ~> H)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
748 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
749 |
by (etac dup_boxE 1); (* [][](Init G --> H) *) |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
750 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
751 |
by (clarsimp_tac (temp_css addSEs2 [STL4E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
752 |
by (rtac dup_dmdD 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
753 |
by (subgoal_tac "sigmaa |= <>Init G" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
754 |
by (etac DmdImpl2 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
755 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
756 |
by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
757 |
qed "LatticeTransitivity"; |
3807 | 758 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
759 |
Goalw [leadsto_def] "|- (F | G ~> H) --> (F ~> H)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
760 |
by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
761 |
qed "LatticeDisjunctionElim1"; |
3807 | 762 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
763 |
Goalw [leadsto_def] "|- (F | G ~> H) --> (G ~> H)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
764 |
by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
765 |
qed "LatticeDisjunctionElim2"; |
3807 | 766 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
767 |
Goalw [leadsto_def] "|- (F ~> H) & (G ~> H) --> (F | G ~> H)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
768 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
769 |
by (merge_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
770 |
by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
771 |
qed "LatticeDisjunctionIntro"; |
6255 | 772 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
773 |
Goal "|- (F | G ~> H) = ((F ~> H) & (G ~> H))"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
774 |
by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro, |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
775 |
LatticeDisjunctionElim1, LatticeDisjunctionElim2])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
776 |
qed "LatticeDisjunction"; |
3807 | 777 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
778 |
Goal "|- (A ~> B | C) & (B ~> D) & (C ~> D) --> (A ~> D)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
779 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
780 |
by (subgoal_tac "sigma |= (B | C) ~> D" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
781 |
by (eres_inst_tac [("G", "LIFT (B | C)")] (temp_use LatticeTransitivity) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
782 |
by (ALLGOALS (fast_tac (temp_cs addSIs [LatticeDisjunctionIntro]))); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
783 |
qed "LatticeDiamond"; |
6255 | 784 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
785 |
Goal "|- (A ~> D | B) & (B ~> D) --> (A ~> D)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
786 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
787 |
by (subgoal_tac "sigma |= (D | B) ~> D" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
788 |
by (eres_inst_tac [("G", "LIFT (D | B)")] (temp_use LatticeTransitivity) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
789 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
790 |
by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,LatticeReflexivity])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
791 |
qed "LatticeTriangle"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
792 |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
793 |
Goal "|- (A ~> B | D) & (B ~> D) --> (A ~> D)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
794 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
795 |
by (subgoal_tac "sigma |= B | D ~> D" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
796 |
by (eres_inst_tac [("G", "LIFT (B | D)")] (temp_use LatticeTransitivity) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
797 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
798 |
by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,LatticeReflexivity])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
799 |
qed "LatticeTriangle2"; |
3807 | 800 |
|
801 |
(*** Lamport's fairness rules ***) |
|
802 |
section "Fairness rules"; |
|
803 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
804 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
805 |
"[| |- $P & N --> P` | Q`; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
806 |
\ |- ($P & N) & <A>_v --> Q`; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
807 |
\ |- $P & N --> $(Enabled(<A>_v)) |] \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
808 |
\ ==> |- []N & WF(A)_v --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
809 |
by (clarsimp_tac (temp_css addSDs2 [BoxWFI]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
810 |
by (rtac (temp_use ensures) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
811 |
by (TRYALL (ares_tac prems)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
812 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
813 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
814 |
by (clarsimp_tac (temp_css addsimps2 [WF_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
815 |
by (rtac (temp_use STL2) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
816 |
by (clarsimp_tac (temp_css addSEs2 [mp] addSIs2 [InitDmd]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
817 |
by (resolve_tac ((map temp_use (prems RL [STL4])) RL [box_stp_actD]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
818 |
by (asm_simp_tac (simpset() addsimps [split_box_conj,box_stp_actI]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
819 |
qed "WF1"; |
3807 | 820 |
|
821 |
(* Sometimes easier to use; designed for action B rather than state predicate Q *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
822 |
val [prem1,prem2,prem3] = goalw thy [leadsto_def] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
823 |
"[| |- N & $P --> $Enabled (<A>_v); \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
824 |
\ |- N & <A>_v --> B; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
825 |
\ |- [](N & [~A]_v) --> stable P |] \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
826 |
\ ==> |- []N & WF(A)_v --> (P ~> B)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
827 |
by (clarsimp_tac (temp_css addSDs2 [BoxWFI]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
828 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
829 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
830 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
831 |
by (rtac (temp_use (prem2 RS DmdImpl)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
832 |
by (rtac (temp_use BoxDmd_simple) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
833 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
834 |
by (rtac classical 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
835 |
by (rtac (temp_use STL2) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
836 |
by (clarsimp_tac (temp_css addsimps2 [WF_def] addSEs2 [mp] addSIs2 [InitDmd]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
837 |
by (rtac ((temp_use (prem1 RS STL4)) RS box_stp_actD) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
838 |
by (asm_simp_tac (simpset() addsimps [split_box_conj,box_stp_act]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
839 |
by (etac (temp_use INV1) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
840 |
by (rtac (temp_use prem3) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
841 |
by (asm_full_simp_tac (simpset() addsimps [split_box_conj,temp_use NotDmd,not_angle]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
842 |
qed "WF_leadsto"; |
3807 | 843 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
844 |
val prems = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
845 |
"[| |- $P & N --> P` | Q`; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
846 |
\ |- ($P & N) & <A>_v --> Q`; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
847 |
\ |- []P & []N & []F --> <>Enabled(<A>_v) |] \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
848 |
\ ==> |- []N & SF(A)_v & []F --> (P ~> Q)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
849 |
by (clarsimp_tac (temp_css addSDs2 [BoxSFI]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
850 |
by (rtac (temp_use ensures) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
851 |
by (TRYALL (ares_tac prems)); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
852 |
by (eres_inst_tac [("F","F")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
853 |
by (merge_temp_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
854 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
855 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
856 |
by (clarsimp_tac (temp_css addsimps2 [SF_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
857 |
by (rtac (temp_use STL2) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
858 |
by (etac mp 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
859 |
by (resolve_tac (map temp_use (prems RL [STL4])) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
860 |
by (asm_simp_tac (simpset() addsimps [split_box_conj, STL3]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
861 |
qed "SF1"; |
3807 | 862 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
863 |
val [prem1,prem2,prem3,prem4] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
864 |
"[| |- N & <B>_f --> <M>_g; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
865 |
\ |- $P & P` & <N & A>_f --> B; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
866 |
\ |- P & Enabled(<M>_g) --> Enabled(<A>_f); \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
867 |
\ |- [](N & [~B]_f) & WF(A)_f & []F & <>[]Enabled(<M>_g) --> <>[]P |] \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
868 |
\ ==> |- []N & WF(A)_f & []F --> WF(M)_g"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
869 |
by (clarsimp_tac (temp_css addSDs2 [BoxWFI, (temp_use BoxDmdBox) RS iffD2] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
870 |
addsimps2 [read_instantiate [("A","M")] WF_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
871 |
by (eres_inst_tac [("F","F")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
872 |
by (merge_temp_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
873 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
874 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
875 |
by (clarsimp_tac (temp_css addSIs2 |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
876 |
[(temp_use BoxDmd_simple) RS (temp_use (prem1 RS DmdImpl))]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
877 |
by (rtac classical 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
878 |
by (subgoal_tac "sigmaa |= <>(($P & P` & N) & <A>_f)" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
879 |
by (force_tac (temp_css addsimps2 [angle_def] addSIs2 [prem2] addSEs2 [DmdImplE]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
880 |
by (rtac (temp_use (rewrite_rule [temp_rewrite DmdDmd] (BoxDmd_simple RS DmdImpl))) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
881 |
by (asm_full_simp_tac (simpset() addsimps [temp_use NotDmd, not_angle]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
882 |
by (merge_act_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
883 |
by (forward_tac [temp_use prem4] 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
884 |
by (TRYALL atac); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
885 |
by (dtac (temp_use STL6) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
886 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
887 |
by (eres_inst_tac [("V","sigmaa |= <>[]P")] thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
888 |
by (eres_inst_tac [("V","sigmaa |= []F")] thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
889 |
by (dtac (temp_use BoxWFI) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
890 |
by (eres_inst_tac [("F", "ACT N & [~B]_f")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
891 |
by (merge_temp_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
892 |
by (etac DmdImpldup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
893 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
894 |
by (auto_tac (temp_css addsimps2 [split_box_conj,STL3,WF_Box,box_stp_act])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
895 |
by (force_tac (temp_css addSEs2 [read_instantiate [("P","P")] TLA2E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
896 |
by (rtac (temp_use STL2) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
897 |
by (force_tac (temp_css addsimps2 [WF_def,split_box_conj] addSEs2 [mp] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
898 |
addSIs2 [InitDmd, prem3 RS STL4]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
899 |
qed "WF2"; |
3807 | 900 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
901 |
val [prem1,prem2,prem3,prem4] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
902 |
"[| |- N & <B>_f --> <M>_g; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
903 |
\ |- $P & P` & <N & A>_f --> B; \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
904 |
\ |- P & Enabled(<M>_g) --> Enabled(<A>_f); \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
905 |
\ |- [](N & [~B]_f) & SF(A)_f & []F & []<>Enabled(<M>_g) --> <>[]P |] \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
906 |
\ ==> |- []N & SF(A)_f & []F --> SF(M)_g"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
907 |
by (clarsimp_tac (temp_css addSDs2 [BoxSFI] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
908 |
addsimps2 [read_instantiate [("A","M")] SF_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
909 |
by (eres_inst_tac [("F","F")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
910 |
by (eres_inst_tac [("F","TEMP <>Enabled(<M>_g)")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
911 |
by (merge_temp_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
912 |
by (etac STL4Edup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
913 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
914 |
by (clarsimp_tac (temp_css addSIs2 |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
915 |
[(temp_use BoxDmd_simple) RS (temp_use (prem1 RS DmdImpl))]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
916 |
by (rtac classical 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
917 |
by (subgoal_tac "sigmaa |= <>(($P & P` & N) & <A>_f)" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
918 |
by (force_tac (temp_css addsimps2 [angle_def] addSIs2 [prem2] addSEs2 [DmdImplE]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
919 |
by (rtac (temp_use (rewrite_rule [temp_rewrite DmdDmd] (BoxDmd_simple RS DmdImpl))) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
920 |
by (asm_full_simp_tac (simpset() addsimps [temp_use NotDmd, not_angle]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
921 |
by (merge_act_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
922 |
by (forward_tac [temp_use prem4] 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
923 |
by (TRYALL atac); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
924 |
by (eres_inst_tac [("V","sigmaa |= []F")] thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
925 |
by (dtac (temp_use BoxSFI) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
926 |
by (eres_inst_tac [("F","TEMP <>Enabled(<M>_g)")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
927 |
by (eres_inst_tac [("F", "ACT N & [~B]_f")] dup_boxE 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
928 |
by (merge_temp_box_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
929 |
by (etac DmdImpldup 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
930 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
931 |
by (auto_tac (temp_css addsimps2 [split_box_conj,STL3,SF_Box,box_stp_act])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
932 |
by (force_tac (temp_css addSEs2 [read_instantiate [("P","P")] TLA2E]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
933 |
by (rtac (temp_use STL2) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
934 |
by (force_tac (temp_css addsimps2 [SF_def,split_box_conj] addSEs2 [mp,InfImpl] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
935 |
addSIs2 [prem3]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
936 |
qed "SF2"; |
3807 | 937 |
|
938 |
(* ------------------------------------------------------------------------- *) |
|
939 |
(*** Liveness proofs by well-founded orderings ***) |
|
940 |
(* ------------------------------------------------------------------------- *) |
|
941 |
section "Well-founded orderings"; |
|
942 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
943 |
val p1::prems = goal thy |
6255 | 944 |
"[| wf r; \ |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
945 |
\ !!x. sigma |= F x ~> (G | (EX y. #((y,x):r) & F y)) \ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
946 |
\ |] ==> sigma |= F x ~> G"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
947 |
by (rtac (p1 RS wf_induct) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
948 |
by (rtac (temp_use LatticeTriangle) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
949 |
by (resolve_tac prems 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
950 |
by (auto_tac (temp_css addsimps2 [leadsto_exists])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
951 |
by (case_tac "(y,x):r" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
952 |
by (Force_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
953 |
by (force_tac (temp_css addsimps2 leadsto_def::Init_simps addSIs2 [necT]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
954 |
qed "wf_leadsto"; |
3807 | 955 |
|
956 |
(* If r is well-founded, state function v cannot decrease forever *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
957 |
Goal "!!r. wf r ==> |- [][ (v`, $v) : #r ]_v --> <>[][#False]_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
958 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
959 |
by (rtac ccontr 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
960 |
by (subgoal_tac "sigma |= (EX x. v=#x) ~> #False" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
961 |
by (dtac ((temp_use leadsto_false) RS iffD1 RS (temp_use STL2_gen)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
962 |
by (force_tac (temp_css addsimps2 Init_defs) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
963 |
by (clarsimp_tac (temp_css addsimps2 [leadsto_exists,not_square]@more_temp_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
964 |
by (etac wf_leadsto 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
965 |
by (rtac (temp_use ensures_simple) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
966 |
by (TRYALL atac); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
967 |
by (auto_tac (temp_css addsimps2 [square_def,angle_def])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
968 |
qed "wf_not_box_decrease"; |
3807 | 969 |
|
6255 | 970 |
(* "wf r ==> |- <>[][ (v`, $v) : #r ]_v --> <>[][#False]_v" *) |
3807 | 971 |
bind_thm("wf_not_dmd_box_decrease", |
972 |
standard(rewrite_rule more_temp_simps (wf_not_box_decrease RS DmdImpl))); |
|
973 |
||
6255 | 974 |
(* If there are infinitely many steps where v decreases, then there |
3807 | 975 |
have to be infinitely many non-stuttering steps where v doesn't decrease. |
976 |
*) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
977 |
val [prem] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
978 |
"wf r ==> |- []<>((v`, $v) : #r) --> []<><(v`, $v) ~: #r>_v"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
979 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
980 |
by (rtac ccontr 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
981 |
by (asm_full_simp_tac (simpset() addsimps not_angle::more_temp_simps) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
982 |
by (dtac (prem RS (temp_use wf_not_dmd_box_decrease)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
983 |
by (dtac (temp_use BoxDmdDmdBox) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
984 |
by (atac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
985 |
by (subgoal_tac "sigma |= []<>((#False)::action)" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
986 |
by (Force_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
987 |
by (etac STL4E 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
988 |
by (rtac DmdImpl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
989 |
by (force_tac (temp_css addIs2 [prem RS wf_irrefl]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
990 |
qed "wf_box_dmd_decrease"; |
3807 | 991 |
|
992 |
(* In particular, for natural numbers, if n decreases infinitely often |
|
993 |
then it has to increase infinitely often. |
|
994 |
*) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
995 |
Goal "!!n::nat stfun. |- []<>(n` < $n) --> []<>($n < n`)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
996 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
997 |
by (subgoal_tac "sigma |= []<><~( (n`,$n) : #less_than )>_n" 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
998 |
by (etac thin_rl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
999 |
by (etac STL4E 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1000 |
by (rtac DmdImpl 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1001 |
by (clarsimp_tac (temp_css addsimps2 [angle_def]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1002 |
by (rtac nat_less_cases 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1003 |
by Auto_tac; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1004 |
by (rtac (temp_use wf_box_dmd_decrease) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1005 |
by (auto_tac (temp_css addSEs2 [STL4E,DmdImplE])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1006 |
qed "nat_box_dmd_decrease"; |
6255 | 1007 |
|
3807 | 1008 |
|
1009 |
(* ------------------------------------------------------------------------- *) |
|
1010 |
(*** Flexible quantification over state variables ***) |
|
1011 |
(* ------------------------------------------------------------------------- *) |
|
1012 |
section "Flexible quantification"; |
|
1013 |
||
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1014 |
val [prem1,prem2] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1015 |
"[| basevars vs; (!!x. basevars (x,vs) ==> sigma |= F x) |]\ |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1016 |
\ ==> sigma |= (AALL x. F x)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1017 |
by (auto_tac (temp_css addsimps2 [aall_def] addSEs2 [eexE] |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1018 |
addSIs2 [prem1] addSDs2 [prem2])); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1019 |
qed "aallI"; |
3807 | 1020 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1021 |
Goalw [aall_def] "|- (AALL x. F x) --> F x"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1022 |
by (Clarsimp_tac 1); |
10231 | 1023 |
by (etac contrapos_np 1); |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1024 |
by (force_tac (temp_css addSIs2 [eexI]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1025 |
qed "aallE"; |
3807 | 1026 |
|
1027 |
(* monotonicity of quantification *) |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1028 |
val [min,maj] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1029 |
"[| sigma |= EEX x. F x; !!x. sigma |= F x --> G x |] ==> sigma |= EEX x. G x"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1030 |
by (rtac (unit_base RS (min RS eexE)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1031 |
by (rtac (temp_use eexI) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1032 |
by (etac ((rewrite_rule intensional_rews maj) RS mp) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1033 |
qed "eex_mono"; |
3807 | 1034 |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1035 |
val [min,maj] = goal thy |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1036 |
"[| sigma |= AALL x. F(x); !!x. sigma |= F(x) --> G(x) |] ==> sigma |= AALL x. G(x)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1037 |
by (rtac (unit_base RS aallI) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1038 |
by (rtac ((rewrite_rule intensional_rews maj) RS mp) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1039 |
by (rtac (min RS (temp_use aallE)) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1040 |
qed "aall_mono"; |
3807 | 1041 |
|
6255 | 1042 |
(* Derived history introduction rule *) |
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1043 |
val [p1,p2,p3,p4,p5] = goal thy |
6255 | 1044 |
"[| sigma |= Init I; sigma |= []N; basevars vs; \ |
1045 |
\ (!!h. basevars(h,vs) ==> |- I & h = ha --> HI h); \ |
|
1046 |
\ (!!h s t. [| basevars(h,vs); N (s,t); h t = hb (h s) (s,t) |] ==> HN h (s,t)) \ |
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1047 |
\ |] ==> sigma |= EEX h. Init (HI h) & [](HN h)"; |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1048 |
by (rtac ((temp_use history) RS eexE) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1049 |
by (rtac p3 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1050 |
by (rtac (temp_use eexI) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1051 |
by (Clarsimp_tac 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1052 |
by (rtac conjI 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1053 |
by (cut_facts_tac [p2] 2); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1054 |
by (merge_box_tac 2); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1055 |
by (force_tac (temp_css addSEs2 [STL4E,p5]) 2); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1056 |
by (cut_facts_tac [p1] 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1057 |
by (force_tac (temp_css addsimps2 Init_defs addSEs2 [p4]) 1); |
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
9168
diff
changeset
|
1058 |
qed "historyI"; |
6255 | 1059 |
|
3807 | 1060 |
(* ---------------------------------------------------------------------- |
1061 |
example of a history variable: existence of a clock |
|
1062 |
||
6255 | 1063 |
Goal "|- EEX h. Init(h = #True) & [](h` = (~$h))"; |
4423 | 1064 |
by (rtac tempI 1); |
1065 |
by (rtac historyI 1); |
|
6255 | 1066 |
by (REPEAT (force_tac (temp_css addsimps2 Init_defs addIs2 [unit_base, necT]) 1)); |
3807 | 1067 |
(** solved **) |
1068 |
||
1069 |
---------------------------------------------------------------------- *) |