isabelle: src/ZF/UNITY/Merge.thy@8c7f69f1825b (annotated)

32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	1	(* Title: ZF/UNITY/Merge.thy
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	2	Author: Sidi O Ehmety, Cambridge University Computer Laboratory
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	3	Copyright 2002 University of Cambridge
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	4
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	5	A multiple-client allocator from a single-client allocator: Merge
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	6	specification.
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	7	*)
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	8
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 14077 diff changeset	9	theory Merge imports AllocBase Follows Guar GenPrefix begin
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	10
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	11	( Merge specification (the number of inputs is Nclients) *)
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	12	( Parameter A represents the type of items to Merge )
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	13
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	14	definition
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	15	(spec (10))
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	16	merge_increasing :: "[i, i, i] =>i" where
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	17	"merge_increasing(A, Out, iOut) == program guarantees
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	18	(lift(Out) IncreasingWrt prefix(A)/list(A)) Int
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	19	(lift(iOut) IncreasingWrt prefix(nat)/list(nat))"
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	20
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	21	definition
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	22	(spec (11))
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	23	merge_eq_Out :: "[i, i] =>i" where
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	24	"merge_eq_Out(Out, iOut) == program guarantees
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	25	Always({s \<in> state. length(s`Out) = length(s`iOut)})"
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	26
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	27	definition
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	28	(spec (12))
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	29	merge_bounded :: "i=>i" where
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	30	"merge_bounded(iOut) == program guarantees
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	31	Always({s \<in> state. \<forall>elt \<in> set_of_list(s`iOut). elt<Nclients})"
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	32
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	33	definition
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	34	(spec (13))
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	35	(* Parameter A represents the type of tokens *)
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	36	merge_follows :: "[i, i=>i, i, i] =>i" where
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	37	"merge_follows(A, In, Out, iOut) ==
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	38	(\<Inter>n \<in> Nclients. lift(In(n)) IncreasingWrt prefix(A)/list(A))
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	39	guarantees
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	40	(\<Inter>n \<in> Nclients.
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	41	(%s. sublist(s`Out, {k \<in> nat. k < length(s`iOut) &
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	42	nth(k, s`iOut) = n})) Fols lift(In(n))
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	43	Wrt prefix(A)/list(A))"
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	44
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	45	definition
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	46	(spec: preserves part)
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	47	merge_preserves :: "[i=>i] =>i" where
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	48	"merge_preserves(In) == \<Inter>n \<in> nat. preserves(lift(In(n)))"
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	49
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	50	definition
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	51	(* environmental constraints*)
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	52	merge_allowed_acts :: "[i, i] =>i" where
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	53	"merge_allowed_acts(Out, iOut) ==
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	54	{F \<in> program. AllowedActs(F) =
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	55	cons(id(state), (\<Union>G \<in> preserves(lift(Out)) \<inter>
14057 57de6d68389e x-symbols (mostly) paulson parents: 14053 diff changeset	56	preserves(lift(iOut)). Acts(G)))}"
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	57
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	58	definition
b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	59	merge_spec :: "[i, i =>i, i, i]=>i" where
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	60	"merge_spec(A, In, Out, iOut) ==
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	61	merge_increasing(A, Out, iOut) \<inter> merge_eq_Out(Out, iOut) \<inter>
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	62	merge_bounded(iOut) \<inter> merge_follows(A, In, Out, iOut)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	63	\<inter> merge_allowed_acts(Out, iOut) \<inter> merge_preserves(In)"
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	64
4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	65	( State definitions. OUTPUT variables are locals )
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	66	locale merge =
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	67	fixes In --{merge's INPUT histories: streams to merge}
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	68	and Out --{merge's OUTPUT history: merged items}
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	69	and iOut --{merge's OUTPUT history: origins of merged items}
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	70	and A --{the type of items being merged }
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	71	and M
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	72	assumes var_assumes [simp]:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	73	"(\<forall>n. In(n):var) & Out \<in> var & iOut \<in> var"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	74	and all_distinct_vars:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	75	"\<forall>n. all_distinct([In(n), Out, iOut])"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	76	and type_assumes [simp]:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	77	"(\<forall>n. type_of(In(n))=list(A)) &
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	78	type_of(Out)=list(A) &
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	79	type_of(iOut)=list(nat)"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	80	and default_val_assumes [simp]:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	81	"(\<forall>n. default_val(In(n))=Nil) &
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	82	default_val(Out)=Nil &
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	83	default_val(iOut)=Nil"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	84	and merge_spec: "M \<in> merge_spec(A, In, Out, iOut)"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	85
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	86
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	87	lemma (in merge) In_value_type [TC,simp]: "s \<in> state ==> s`In(n) \<in> list(A)"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	88	apply (unfold state_def)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	89	apply (drule_tac a = "In (n)" in apply_type)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	90	apply auto
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	91	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	92
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	93	lemma (in merge) Out_value_type [TC,simp]: "s \<in> state ==> s`Out \<in> list(A)"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	94	apply (unfold state_def)
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	95	apply (drule_tac a = Out in apply_type, auto)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	96	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	97
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	98	lemma (in merge) iOut_value_type [TC,simp]: "s \<in> state ==> s`iOut \<in> list(nat)"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	99	apply (unfold state_def)
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	100	apply (drule_tac a = iOut in apply_type, auto)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	101	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	102
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	103	lemma (in merge) M_in_program [intro,simp]: "M \<in> program"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	104	apply (cut_tac merge_spec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	105	apply (auto dest: guarantees_type [THEN subsetD]
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	106	simp add: merge_spec_def merge_increasing_def)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	107	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	108
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	109	lemma (in merge) merge_Allowed:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	110	"Allowed(M) = (preserves(lift(Out)) Int preserves(lift(iOut)))"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	111	apply (insert merge_spec preserves_type [of "lift (Out)"])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	112	apply (auto simp add: merge_spec_def merge_allowed_acts_def Allowed_def safety_prop_Acts_iff)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	113	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	114
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	115	lemma (in merge) M_ok_iff:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	116	"G \<in> program ==>
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	117	M ok G <-> (G \<in> preserves(lift(Out)) &
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	118	G \<in> preserves(lift(iOut)) & M \<in> Allowed(G))"
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	119	apply (cut_tac merge_spec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	120	apply (auto simp add: merge_Allowed ok_iff_Allowed)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	121	done
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	122
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	123	lemma (in merge) merge_Always_Out_eq_iOut:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	124	"[\| G \<in> preserves(lift(Out)); G \<in> preserves(lift(iOut));
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	125	M \<in> Allowed(G) \|]
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	126	==> M \<squnion> G \<in> Always({s \<in> state. length(s`Out)=length(s`iOut)})"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	127	apply (frule preserves_type [THEN subsetD])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	128	apply (subgoal_tac "G \<in> program")
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	129	prefer 2 apply assumption
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	130	apply (frule M_ok_iff)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	131	apply (cut_tac merge_spec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	132	apply (force dest: guaranteesD simp add: merge_spec_def merge_eq_Out_def)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	133	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	134
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	135	lemma (in merge) merge_Bounded:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	136	"[\| G \<in> preserves(lift(iOut)); G \<in> preserves(lift(Out));
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	137	M \<in> Allowed(G) \|] ==>
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	138	M \<squnion> G: Always({s \<in> state. \<forall>elt \<in> set_of_list(s`iOut). elt<Nclients})"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	139	apply (frule preserves_type [THEN subsetD])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	140	apply (frule M_ok_iff)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	141	apply (cut_tac merge_spec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	142	apply (force dest: guaranteesD simp add: merge_spec_def merge_bounded_def)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	143	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	144
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	145	lemma (in merge) merge_bag_Follows_lemma:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	146	"[\| G \<in> preserves(lift(iOut));
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	147	G: preserves(lift(Out)); M \<in> Allowed(G) \|]
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	148	==> M \<squnion> G \<in> Always
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	149	({s \<in> state. msetsum(%i. bag_of(sublist(s`Out,
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	150	{k \<in> nat. k < length(s`iOut) & nth(k, s`iOut)=i})),
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	151	Nclients, A) = bag_of(s`Out)})"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	152	apply (rule Always_Diff_Un_eq [THEN iffD1])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	153	apply (rule_tac [2] state_AlwaysI [THEN Always_weaken])
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	154	apply (rule Always_Int_I [OF merge_Always_Out_eq_iOut merge_Bounded], auto)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	155	apply (subst bag_of_sublist_UN_disjoint [symmetric])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	156	apply (auto simp add: nat_into_Finite set_of_list_conv_nth [OF iOut_value_type])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	157	apply (subgoal_tac " (\<Union>i \<in> Nclients. {k \<in> nat. k < length (x`iOut) & nth (k, x`iOut) = i}) = length (x`iOut) ")
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	158	apply (auto simp add: sublist_upt_eq_take [OF Out_value_type]
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	159	length_type [OF iOut_value_type]
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	160	take_all [OF _ Out_value_type]
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	161	length_type [OF iOut_value_type])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	162	apply (rule equalityI)
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	163	apply (blast dest: ltD, clarify)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	164	apply (subgoal_tac "length (x ` iOut) \<in> nat")
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	165	prefer 2 apply (simp add: length_type [OF iOut_value_type])
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	166	apply (subgoal_tac "xa \<in> nat")
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	167	apply (simp_all add: Ord_mem_iff_lt)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	168	prefer 2 apply (blast intro: lt_trans)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	169	apply (drule_tac x = "nth (xa, x`iOut)" and P = "%elt. ?X (elt) --> elt<Nclients" in bspec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	170	apply (simp add: ltI nat_into_Ord)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	171	apply (blast dest: ltD)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	172	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	173
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	174	theorem (in merge) merge_bag_Follows:
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	175	"M \<in> (\<Inter>n \<in> Nclients. lift(In(n)) IncreasingWrt prefix(A)/list(A))
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	176	guarantees
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	177	(%s. bag_of(s`Out)) Fols
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	178	(%s. msetsum(%i. bag_of(s`In(i)),Nclients, A)) Wrt MultLe(A, r)/Mult(A)"
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	179	apply (cut_tac merge_spec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	180	apply (rule merge_bag_Follows_lemma [THEN Always_Follows1, THEN guaranteesI])
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	181	apply (simp_all add: M_ok_iff, clarify)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	182	apply (rule Follows_state_ofD1 [OF Follows_msetsum_UN])
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	183	apply (simp_all add: nat_into_Finite bag_of_multiset [of _ A])
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	184	apply (simp add: INT_iff merge_spec_def merge_follows_def, clarify)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	185	apply (cut_tac merge_spec)
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	186	apply (subgoal_tac "M ok G")
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	187	prefer 2 apply (force intro: M_ok_iff [THEN iffD2])
14076 5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	188	apply (drule guaranteesD, assumption)
5cfc8b9fb880 Conversion of AllocBase to new-style paulson parents: 14073 diff changeset	189	apply (simp add: merge_spec_def merge_follows_def, blast)
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	190	apply (simp cong add: Follows_cong
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	191	add: refl_prefix
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	192	mono_bag_of [THEN subset_Follows_comp, THEN subsetD,
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 24893 diff changeset	193	unfolded metacomp_def])
14073 21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	194	done
21e2ff495d81 Conversion of "Merge" to Isar format paulson parents: 14057 diff changeset	195
14053 4daa384f4fd7 Introduction of the theories UNITY/Merge, UNITY/ClientImpl paulson parents: diff changeset	196	end

author	wenzelm
	Mon, 11 Jul 2011 17:14:30 +0200
changeset 43751	8c7f69f1825b
parent 32960	69916a850301
child 46823	57bf0cecb366
permissions	-rw-r--r--