isabelle: src/HOL/Auth/Guard/List_Msg.thy@96ca738055a6 (annotated)

13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	1	(******************************************************************************
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	2	date: november 2001
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	3	author: Frederic Blanqui
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	4	email: blanqui@lri.fr
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	5	webpage: http://www.lri.fr/~blanqui/
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	6
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	7	University of Cambridge, Computer Laboratory
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	8	William Gates Building, JJ Thomson Avenue
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	9	Cambridge CB3 0FD, United Kingdom
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	10	******************************************************************************)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	11
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	12	header{Lists of Messages and Lists of Agents}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	13
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 13508 diff changeset	14	theory List_Msg imports Extensions begin
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	15
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	16	subsection{Implementation of Lists by Messages}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	17
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	18	subsubsection{nil is represented by any message which is not a pair}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	19
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	20	syntax cons :: "msg => msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	21
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	22	translations "cons x l" => "{\|x,l\|}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	23
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	24	subsubsection{induction principle}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	25
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	26	lemma lmsg_induct: "[\| !!x. not_MPair x ==> P x; !!x l. P l ==> P (cons x l) \|]
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	27	==> P l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	28	by (induct l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	29
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	30	subsubsection{head}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	31
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	32	consts head :: "msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	33
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	34	recdef head "measure size"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	35	"head (cons x l) = x"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	36
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	37	subsubsection{tail}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	38
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	39	consts tail :: "msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	40
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	41	recdef tail "measure size"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	42	"tail (cons x l) = l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	43
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	44	subsubsection{length}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	45
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	46	consts len :: "msg => nat"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	47
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	48	recdef len "measure size"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	49	"len (cons x l) = Suc (len l)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	50	"len other = 0"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	51
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	52	lemma len_not_empty: "n < len l ==> EX x l'. l = cons x l'"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	53	by (cases l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	54
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	55	subsubsection{membership}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	56
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	57	consts isin :: "msg * msg => bool"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	58
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	59	recdef isin "measure (%(x,l). size l)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	60	"isin (x, cons y l) = (x=y \| isin (x,l))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	61	"isin (x, other) = False"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	62
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	63	subsubsection{delete an element}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	64
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	65	consts del :: "msg * msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	66
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	67	recdef del "measure (%(x,l). size l)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	68	"del (x, cons y l) = (if x=y then l else cons y (del (x,l)))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	69	"del (x, other) = other"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	70
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	71	lemma notin_del [simp]: "~ isin (x,l) ==> del (x,l) = l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	72	by (induct l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	73
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	74	lemma isin_del [rule_format]: "isin (y, del (x,l)) --> isin (y,l)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	75	by (induct l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	76
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	77	subsubsection{concatenation}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	78
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	79	consts app :: "msg * msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	80
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	81	recdef app "measure (%(l,l'). size l)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	82	"app (cons x l, l') = cons x (app (l,l'))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	83	"app (other, l') = l'"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	84
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	85	lemma isin_app [iff]: "isin (x, app(l,l')) = (isin (x,l) \| isin (x,l'))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	86	by (induct l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	87
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	88	subsubsection{replacement}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	89
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	90	consts repl :: "msg * nat * msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	91
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	92	recdef repl "measure (%(l,i,x'). i)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	93	"repl (cons x l, Suc i, x') = cons x (repl (l,i,x'))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	94	"repl (cons x l, 0, x') = cons x' l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	95	"repl (other, i, M') = other"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	96
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	97	subsubsection{ith element}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	98
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	99	consts ith :: "msg * nat => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	100
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	101	recdef ith "measure (%(l,i). i)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	102	"ith (cons x l, Suc i) = ith (l,i)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	103	"ith (cons x l, 0) = x"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	104	"ith (other, i) = other"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	105
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	106	lemma ith_head: "0 < len l ==> ith (l,0) = head l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	107	by (cases l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	108
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	109	subsubsection{insertion}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	110
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	111	consts ins :: "msg * nat * msg => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	112
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	113	recdef ins "measure (%(l,i,x). i)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	114	"ins (cons x l, Suc i, y) = cons x (ins (l,i,y))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	115	"ins (l, 0, y) = cons y l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	116
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	117	lemma ins_head [simp]: "ins (l,0,y) = cons y l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	118	by (cases l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	119
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	120	subsubsection{truncation}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	121
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	122	consts trunc :: "msg * nat => msg"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	123
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	124	recdef trunc "measure (%(l,i). i)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	125	"trunc (l,0) = l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	126	"trunc (cons x l, Suc i) = trunc (l,i)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	127
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	128	lemma trunc_zero [simp]: "trunc (l,0) = l"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	129	by (cases l, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	130
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	131
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	132	subsection{Agent Lists}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	133
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	134	subsubsection{set of well-formed agent-list messages}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	135
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	136	syntax nil :: msg
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	137
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	138	translations "nil" == "Number 0"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	139
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	140	consts agl :: "msg set"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	141
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	142	inductive agl
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	143	intros
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	144	Nil[intro]: "nil:agl"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	145	Cons[intro]: "[\| A:agent; I:agl \|] ==> cons (Agent A) I :agl"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	146
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	147	subsubsection{basic facts about agent lists}
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	148
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	149	lemma del_in_agl [intro]: "I:agl ==> del (a,I):agl"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	150	by (erule agl.induct, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	151
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	152	lemma app_in_agl [intro]: "[\| I:agl; J:agl \|] ==> app (I,J):agl"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	153	by (erule agl.induct, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	154
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	155	lemma no_Key_in_agl: "I:agl ==> Key K ~:parts {I}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	156	by (erule agl.induct, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	157
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	158	lemma no_Nonce_in_agl: "I:agl ==> Nonce n ~:parts {I}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	159	by (erule agl.induct, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	160
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	161	lemma no_Key_in_appdel: "[\| I:agl; J:agl \|] ==>
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	162	Key K ~:parts {app (J, del (Agent B, I))}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	163	by (rule no_Key_in_agl, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	164
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	165	lemma no_Nonce_in_appdel: "[\| I:agl; J:agl \|] ==>
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	166	Nonce n ~:parts {app (J, del (Agent B, I))}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	167	by (rule no_Nonce_in_agl, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	168
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	169	lemma no_Crypt_in_agl: "I:agl ==> Crypt K X ~:parts {I}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	170	by (erule agl.induct, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	171
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	172	lemma no_Crypt_in_appdel: "[\| I:agl; J:agl \|] ==>
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	173	Crypt K X ~:parts {app (J, del (Agent B,I))}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	174	by (rule no_Crypt_in_agl, auto)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	175
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	176	end

author	paulson
	Tue, 28 Mar 2006 16:48:18 +0200
changeset 19334	96ca738055a6
parent 16417	9bc16273c2d4
child 20768	1d478c2d621f
permissions	-rw-r--r--