isabelle: src/ZF/UNITY/Union.thy@9d457dfb56c5 (annotated)

11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	1	(* Title: ZF/UNITY/Union.thy
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	2	Author: Sidi O Ehmety, Computer Laboratory
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	3	Copyright 2001 University of Cambridge
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	4
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	5	Unions of programs
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	6
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	7	Partly from Misra's Chapter 5 \<in> Asynchronous Compositions of Programs
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	8
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	9	Theory ported form HOL..
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	10
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	11	*)
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	12
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	13	theory Union imports SubstAx FP
b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	14	begin
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	15
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	16	definition
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	17	(FIXME: conjoin Init(F) \<inter> Init(G) \<noteq> 0 )
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	18	ok :: "[i, i] \<Rightarrow> o" (infixl \<open>ok\<close> 65) where
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	19	"F ok G \<equiv> Acts(F) \<subseteq> AllowedActs(G) \<and>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	20	Acts(G) \<subseteq> AllowedActs(F)"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	21
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	22	definition
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	23	(FIXME: conjoin (\<Inter>i \<in> I. Init(F(i))) \<noteq> 0 )
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	24	OK :: "[i, i\<Rightarrow>i] \<Rightarrow> o" where
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	25	"OK(I,F) \<equiv> (\<forall>i \<in> I. \<forall>j \<in> I-{i}. Acts(F(i)) \<subseteq> AllowedActs(F(j)))"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	26
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	27	definition
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	28	JOIN :: "[i, i\<Rightarrow>i] \<Rightarrow> i" where
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	29	"JOIN(I,F) \<equiv> if I = 0 then SKIP else
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	30	mk_program(\<Inter>i \<in> I. Init(F(i)), \<Union>i \<in> I. Acts(F(i)),
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	31	\<Inter>i \<in> I. AllowedActs(F(i)))"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	32
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	33	definition
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	34	Join :: "[i, i] \<Rightarrow> i" (infixl \<open>\<squnion>\<close> 65) where
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	35	"F \<squnion> G \<equiv> mk_program (Init(F) \<inter> Init(G), Acts(F) \<union> Acts(G),
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	36	AllowedActs(F) \<inter> AllowedActs(G))"
24893 b8ef7afe3a6b modernized specifications; wenzelm parents: 16417 diff changeset	37	definition
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	38	(Characterizes safety properties. Used with specifying AllowedActs)
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	39	safety_prop :: "i \<Rightarrow> o" where
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	40	"safety_prop(X) \<equiv> X\<subseteq>program \<and>
0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	41	SKIP \<in> X \<and> (\<forall>G \<in> program. Acts(G) \<subseteq> (\<Union>F \<in> X. Acts(F)) \<longrightarrow> G \<in> X)"
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	42
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	43	syntax
80917 2a77bc3b4eac more inner syntax markup: minor object-logics; wenzelm parents: 80761 diff changeset	44	"_JOIN1" :: "[pttrns, i] \<Rightarrow> i" (\<open>(\<open>indent=3 notation=\<open>binder \<Squnion>\<close>\<close>\<Squnion>_./ _)\<close> 10)
2a77bc3b4eac more inner syntax markup: minor object-logics; wenzelm parents: 80761 diff changeset	45	"_JOIN" :: "[pttrn, i, i] \<Rightarrow> i" (\<open>(\<open>indent=3 notation=\<open>binder \<Squnion>\<in>\<close>\<close>\<Squnion>_ \<in> _./ _)\<close> 10)
80761 bc936d3d8b45 tuned, following be8c0e039a5e; wenzelm parents: 80754 diff changeset	46	syntax_consts
bc936d3d8b45 tuned, following be8c0e039a5e; wenzelm parents: 80754 diff changeset	47	"_JOIN1" "_JOIN" == JOIN
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	48	translations
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	49	"\<Squnion>x \<in> A. B" == "CONST JOIN(A, (\<lambda>x. B))"
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	50	"\<Squnion>x y. B" == "\<Squnion>x. \<Squnion>y. B"
331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	51	"\<Squnion>x. B" == "CONST JOIN(CONST state, (\<lambda>x. B))"
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	52
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	53
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	54	subsection\<open>SKIP\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	55
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	56	lemma reachable_SKIP [simp]: "reachable(SKIP) = state"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	57	by (force elim: reachable.induct intro: reachable.intros)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	58
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	59	text\<open>Elimination programify from ok and \<squnion>\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	60
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	61	lemma ok_programify_left [iff]: "programify(F) ok G \<longleftrightarrow> F ok G"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	62	by (simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	63
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	64	lemma ok_programify_right [iff]: "F ok programify(G) \<longleftrightarrow> F ok G"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	65	by (simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	66
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	67	lemma Join_programify_left [simp]: "programify(F) \<squnion> G = F \<squnion> G"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	68	by (simp add: Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	69
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	70	lemma Join_programify_right [simp]: "F \<squnion> programify(G) = F \<squnion> G"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	71	by (simp add: Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	72
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	73	subsection\<open>SKIP and safety properties\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	74
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	75	lemma SKIP_in_constrains_iff [iff]: "(SKIP \<in> A co B) \<longleftrightarrow> (A\<subseteq>B \<and> st_set(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	76	by (unfold constrains_def st_set_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	77
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	78	lemma SKIP_in_Constrains_iff [iff]: "(SKIP \<in> A Co B)\<longleftrightarrow> (state \<inter> A\<subseteq>B)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	79	by (unfold Constrains_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	80
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	81	lemma SKIP_in_stable [iff]: "SKIP \<in> stable(A) \<longleftrightarrow> st_set(A)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	82	by (auto simp add: stable_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	83
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	84	lemma SKIP_in_Stable [iff]: "SKIP \<in> Stable(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	85	by (unfold Stable_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	86
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	87	subsection\<open>Join and JOIN types\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	88
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	89	lemma Join_in_program [iff,TC]: "F \<squnion> G \<in> program"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	90	by (unfold Join_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	91
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	92	lemma JOIN_in_program [iff,TC]: "JOIN(I,F) \<in> program"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	93	by (unfold JOIN_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	94
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	95	subsection\<open>Init, Acts, and AllowedActs of Join and JOIN\<close>
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	96	lemma Init_Join [simp]: "Init(F \<squnion> G) = Init(F) \<inter> Init(G)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	97	by (simp add: Int_assoc Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	98
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	99	lemma Acts_Join [simp]: "Acts(F \<squnion> G) = Acts(F) \<union> Acts(G)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	100	by (simp add: Int_Un_distrib2 cons_absorb Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	101
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	102	lemma AllowedActs_Join [simp]: "AllowedActs(F \<squnion> G) =
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	103	AllowedActs(F) \<inter> AllowedActs(G)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	104	apply (simp add: Int_assoc cons_absorb Join_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	105	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	106
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	107	subsection\<open>Join's algebraic laws\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	108
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	109	lemma Join_commute: "F \<squnion> G = G \<squnion> F"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	110	by (simp add: Join_def Un_commute Int_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	111
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	112	lemma Join_left_commute: "A \<squnion> (B \<squnion> C) = B \<squnion> (A \<squnion> C)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	113	apply (simp add: Join_def Int_Un_distrib2 cons_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	114	apply (simp add: Un_ac Int_ac Int_Un_distrib2 cons_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	115	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	116
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	117	lemma Join_assoc: "(F \<squnion> G) \<squnion> H = F \<squnion> (G \<squnion> H)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	118	by (simp add: Un_ac Join_def cons_absorb Int_assoc Int_Un_distrib2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	119
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	120	subsection\<open>Needed below\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	121	lemma cons_id [simp]: "cons(id(state), Pow(state * state)) = Pow(state*state)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	122	by auto
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	123
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	124	lemma Join_SKIP_left [simp]: "SKIP \<squnion> F = programify(F)"
76217 8655344f1cf6 More obsolete "unfold" calls paulson <lp15@cam.ac.uk> parents: 76216 diff changeset	125	unfolding Join_def SKIP_def
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	126	apply (auto simp add: Int_absorb cons_eq)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	127	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	128
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	129	lemma Join_SKIP_right [simp]: "F \<squnion> SKIP = programify(F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	130	apply (subst Join_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	131	apply (simp add: Join_SKIP_left)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	132	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	133
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	134	lemma Join_absorb [simp]: "F \<squnion> F = programify(F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	135	by (rule program_equalityI, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	136
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	137	lemma Join_left_absorb: "F \<squnion> (F \<squnion> G) = F \<squnion> G"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	138	by (simp add: Join_assoc [symmetric])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	139
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	140	subsection\<open>Join is an AC-operator\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	141	lemmas Join_ac = Join_assoc Join_left_absorb Join_commute Join_left_commute
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	142
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	143	subsection\<open>Eliminating programify form JOIN and OK expressions\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	144
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	145	lemma OK_programify [iff]: "OK(I, \<lambda>x. programify(F(x))) \<longleftrightarrow> OK(I, F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	146	by (simp add: OK_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	147
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	148	lemma JOIN_programify [iff]: "JOIN(I, \<lambda>x. programify(F(x))) = JOIN(I, F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	149	by (simp add: JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	150
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	151
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	152	subsection\<open>JOIN\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	153
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	154	lemma JOIN_empty [simp]: "JOIN(0, F) = SKIP"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	155	by (unfold JOIN_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	156
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	157	lemma Init_JOIN [simp]:
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	158	"Init(\<Squnion>i \<in> I. F(i)) = (if I=0 then state else (\<Inter>i \<in> I. Init(F(i))))"
14095 a1ba833d6b61 Changed many Intersection rules from i:I to I~=0 to avoid introducing a new paulson parents: 14093 diff changeset	159	by (simp add: JOIN_def INT_extend_simps del: INT_simps)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	160
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	161	lemma Acts_JOIN [simp]:
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	162	"Acts(JOIN(I,F)) = cons(id(state), \<Union>i \<in> I. Acts(F(i)))"
76216 9fc34f76b4e8 getting rid of apply (unfold ...) paulson <lp15@cam.ac.uk> parents: 76215 diff changeset	163	unfolding JOIN_def
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	164	apply (auto simp del: INT_simps UN_simps)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	165	apply (rule equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	166	apply (auto dest: Acts_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	167	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	168
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	169	lemma AllowedActs_JOIN [simp]:
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	170	"AllowedActs(\<Squnion>i \<in> I. F(i)) =
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	171	(if I=0 then Pow(state*state) else (\<Inter>i \<in> I. AllowedActs(F(i))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	172	apply (unfold JOIN_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	173	apply (rule equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	174	apply (auto elim!: not_emptyE dest: AllowedActs_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	175	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	176
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	177	lemma JOIN_cons [simp]: "(\<Squnion>i \<in> cons(a,I). F(i)) = F(a) \<squnion> (\<Squnion>i \<in> I. F(i))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	178	by (rule program_equalityI, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	179
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	180	lemma JOIN_cong [cong]:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	181	"\<lbrakk>I=J; \<And>i. i \<in> J \<Longrightarrow> F(i) = G(i)\<rbrakk> \<Longrightarrow>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	182	(\<Squnion>i \<in> I. F(i)) = (\<Squnion>i \<in> J. G(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	183	by (simp add: JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	184
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	185
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	186
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	187	subsection\<open>JOIN laws\<close>
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	188	lemma JOIN_absorb: "k \<in> I \<Longrightarrow>F(k) \<squnion> (\<Squnion>i \<in> I. F(i)) = (\<Squnion>i \<in> I. F(i))"
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	189	apply (subst JOIN_cons [symmetric])
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	190	apply (auto simp add: cons_absorb)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	191	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	192
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	193	lemma JOIN_Un: "(\<Squnion>i \<in> I \<union> J. F(i)) = ((\<Squnion>i \<in> I. F(i)) \<squnion> (\<Squnion>i \<in> J. F(i)))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	194	apply (rule program_equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	195	apply (simp_all add: UN_Un INT_Un)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	196	apply (simp_all del: INT_simps add: INT_extend_simps, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	197	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	198
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	199	lemma JOIN_constant: "(\<Squnion>i \<in> I. c) = (if I=0 then SKIP else programify(c))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	200	by (rule program_equalityI, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	201
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	202	lemma JOIN_Join_distrib:
331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	203	"(\<Squnion>i \<in> I. F(i) \<squnion> G(i)) = (\<Squnion>i \<in> I. F(i)) \<squnion> (\<Squnion>i \<in> I. G(i))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	204	apply (rule program_equalityI)
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	205	apply (simp_all add: INT_Int_distrib, blast)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	206	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	207
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	208	lemma JOIN_Join_miniscope: "(\<Squnion>i \<in> I. F(i) \<squnion> G) = ((\<Squnion>i \<in> I. F(i) \<squnion> G))"
331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	209	by (simp add: JOIN_Join_distrib JOIN_constant)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	210
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	211	text\<open>Used to prove guarantees_JOIN_I\<close>
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	212	lemma JOIN_Join_diff: "i \<in> I\<Longrightarrow>F(i) \<squnion> JOIN(I - {i}, F) = JOIN(I, F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	213	apply (rule program_equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	214	apply (auto elim!: not_emptyE)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	215	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	216
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	217	subsection\<open>Safety: co, stable, FP\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	218
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	219
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	220	(*Fails if I=0 because it collapses to SKIP \<in> A co B, i.e. to A\<subseteq>B. So an
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	221	alternative precondition is A\<subseteq>B, but most proofs using this rule require
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	222	I to be nonempty for other reasons anyway.*)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	223
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	224	lemma JOIN_constrains:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	225	"i \<in> I\<Longrightarrow>(\<Squnion>i \<in> I. F(i)) \<in> A co B \<longleftrightarrow> (\<forall>i \<in> I. programify(F(i)) \<in> A co B)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	226
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	227	apply (unfold constrains_def JOIN_def st_set_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	228	prefer 2 apply blast
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	229	apply (rename_tac j act y z)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	230	apply (cut_tac F = "F (j) " in Acts_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	231	apply (drule_tac x = act in bspec, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	232	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	233
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	234	lemma Join_constrains [iff]:
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	235	"(F \<squnion> G \<in> A co B) \<longleftrightarrow> (programify(F) \<in> A co B \<and> programify(G) \<in> A co B)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	236	by (auto simp add: constrains_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	237
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	238	lemma Join_unless [iff]:
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	239	"(F \<squnion> G \<in> A unless B) \<longleftrightarrow>
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	240	(programify(F) \<in> A unless B \<and> programify(G) \<in> A unless B)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	241	by (simp add: Join_constrains unless_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	242
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	243
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	244	(*Analogous weak versions FAIL; see Misra [1994] 5.4.1, Substitution Axiom.
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	245	reachable (F \<squnion> G) could be much bigger than reachable F, reachable G
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	246	*)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	247
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	248	lemma Join_constrains_weaken:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	249	"\<lbrakk>F \<in> A co A'; G \<in> B co B'\<rbrakk>
e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	250	\<Longrightarrow> F \<squnion> G \<in> (A \<inter> B) co (A' \<union> B')"
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	251	apply (subgoal_tac "st_set (A) \<and> st_set (B) \<and> F \<in> program \<and> G \<in> program")
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	252	prefer 2 apply (blast dest: constrainsD2, simp)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	253	apply (blast intro: constrains_weaken)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	254	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	255
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	256	(If I=0, it degenerates to SKIP \<in> state co 0, which is false.)
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	257	lemma JOIN_constrains_weaken:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	258	assumes major: "(\<And>i. i \<in> I \<Longrightarrow> F(i) \<in> A(i) co A'(i))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	259	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	260	shows "(\<Squnion>i \<in> I. F(i)) \<in> (\<Inter>i \<in> I. A(i)) co (\<Union>i \<in> I. A'(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	261	apply (cut_tac minor)
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	262	apply (simp (no_asm_simp) add: JOIN_constrains)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	263	apply clarify
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	264	apply (rename_tac "j")
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	265	apply (frule_tac i = j in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	266	apply (frule constrainsD2, simp)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	267	apply (blast intro: constrains_weaken)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	268	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	269
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	270	lemma JOIN_stable:
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	271	"(\<Squnion>i \<in> I. F(i)) \<in> stable(A) \<longleftrightarrow> ((\<forall>i \<in> I. programify(F(i)) \<in> stable(A)) \<and> st_set(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	272	apply (auto simp add: stable_def constrains_def JOIN_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	273	apply (cut_tac F = "F (i) " in Acts_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	274	apply (drule_tac x = act in bspec, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	275	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	276
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	277	lemma initially_JOIN_I:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	278	assumes major: "(\<And>i. i \<in> I \<Longrightarrow>F(i) \<in> initially(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	279	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	280	shows "(\<Squnion>i \<in> I. F(i)) \<in> initially(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	281	apply (cut_tac minor)
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	282	apply (auto elim!: not_emptyE simp add: Inter_iff initially_def)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	283	apply (frule_tac i = x in major)
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	284	apply (auto simp add: initially_def)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	285	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	286
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	287	lemma invariant_JOIN_I:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	288	assumes major: "(\<And>i. i \<in> I \<Longrightarrow> F(i) \<in> invariant(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	289	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	290	shows "(\<Squnion>i \<in> I. F(i)) \<in> invariant(A)"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	291	apply (cut_tac minor)
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	292	apply (auto intro!: initially_JOIN_I dest: major simp add: invariant_def JOIN_stable)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	293	apply (erule_tac V = "i \<in> I" in thin_rl)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	294	apply (frule major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	295	apply (drule_tac [2] major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	296	apply (auto simp add: invariant_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	297	apply (frule stableD2, force)+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	298	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	299
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	300	lemma Join_stable [iff]:
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	301	" (F \<squnion> G \<in> stable(A)) \<longleftrightarrow>
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	302	(programify(F) \<in> stable(A) \<and> programify(G) \<in> stable(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	303	by (simp add: stable_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	304
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	305	lemma initially_JoinI [intro!]:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	306	"\<lbrakk>F \<in> initially(A); G \<in> initially(A)\<rbrakk> \<Longrightarrow> F \<squnion> G \<in> initially(A)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	307	by (unfold initially_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	308
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	309	lemma invariant_JoinI:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	310	"\<lbrakk>F \<in> invariant(A); G \<in> invariant(A)\<rbrakk>
e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	311	\<Longrightarrow> F \<squnion> G \<in> invariant(A)"
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	312	apply (subgoal_tac "F \<in> program\<and>G \<in> program")
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	313	prefer 2 apply (blast dest: invariantD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	314	apply (simp add: invariant_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	315	apply (auto intro: Join_in_program)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	316	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	317
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	318
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	319	(* Fails if I=0 because \<Inter>i \<in> 0. A(i) = 0 *)
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	320	lemma FP_JOIN: "i \<in> I \<Longrightarrow> FP(\<Squnion>i \<in> I. F(i)) = (\<Inter>i \<in> I. FP (programify(F(i))))"
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	321	by (auto simp add: FP_def Inter_def st_set_def JOIN_stable)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	322
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	323	subsection\<open>Progress: transient, ensures\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	324
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	325	lemma JOIN_transient:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	326	"i \<in> I \<Longrightarrow>
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	327	(\<Squnion>i \<in> I. F(i)) \<in> transient(A) \<longleftrightarrow> (\<exists>i \<in> I. programify(F(i)) \<in> transient(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	328	apply (auto simp add: transient_def JOIN_def)
76216 9fc34f76b4e8 getting rid of apply (unfold ...) paulson <lp15@cam.ac.uk> parents: 76215 diff changeset	329	unfolding st_set_def
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	330	apply (drule_tac [2] x = act in bspec)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	331	apply (auto dest: Acts_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	332	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	333
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	334	lemma Join_transient [iff]:
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	335	"F \<squnion> G \<in> transient(A) \<longleftrightarrow>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	336	(programify(F) \<in> transient(A) \| programify(G) \<in> transient(A))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	337	apply (auto simp add: transient_def Join_def Int_Un_distrib2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	338	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	339
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	340	lemma Join_transient_I1: "F \<in> transient(A) \<Longrightarrow> F \<squnion> G \<in> transient(A)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	341	by (simp add: Join_transient transientD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	342
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	343
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	344	lemma Join_transient_I2: "G \<in> transient(A) \<Longrightarrow> F \<squnion> G \<in> transient(A)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	345	by (simp add: Join_transient transientD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	346
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	347	(If I=0 it degenerates to (SKIP \<in> A ensures B) = False, i.e. to \<not>(A\<subseteq>B) )
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	348	lemma JOIN_ensures:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	349	"i \<in> I \<Longrightarrow>
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	350	(\<Squnion>i \<in> I. F(i)) \<in> A ensures B \<longleftrightarrow>
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	351	((\<forall>i \<in> I. programify(F(i)) \<in> (A-B) co (A \<union> B)) \<and>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	352	(\<exists>i \<in> I. programify(F(i)) \<in> A ensures B))"
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	353	by (auto simp add: ensures_def JOIN_constrains JOIN_transient)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	354
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	355
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	356	lemma Join_ensures:
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	357	"F \<squnion> G \<in> A ensures B \<longleftrightarrow>
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	358	(programify(F) \<in> (A-B) co (A \<union> B) \<and> programify(G) \<in> (A-B) co (A \<union> B) \<and>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	359	(programify(F) \<in> transient (A-B) \| programify(G) \<in> transient (A-B)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	360
76216 9fc34f76b4e8 getting rid of apply (unfold ...) paulson <lp15@cam.ac.uk> parents: 76215 diff changeset	361	unfolding ensures_def
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	362	apply (auto simp add: Join_transient)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	363	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	364
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	365	lemma stable_Join_constrains:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	366	"\<lbrakk>F \<in> stable(A); G \<in> A co A'\<rbrakk>
e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	367	\<Longrightarrow> F \<squnion> G \<in> A co A'"
76217 8655344f1cf6 More obsolete "unfold" calls paulson <lp15@cam.ac.uk> parents: 76216 diff changeset	368	unfolding stable_def constrains_def Join_def st_set_def
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	369	apply (cut_tac F = F in Acts_type)
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	370	apply (cut_tac F = G in Acts_type, force)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	371	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	372
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	373	(*Premise for G cannot use Always because F \<in> Stable A is
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	374	weaker than G \<in> stable A *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	375	lemma stable_Join_Always1:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	376	"\<lbrakk>F \<in> stable(A); G \<in> invariant(A)\<rbrakk> \<Longrightarrow> F \<squnion> G \<in> Always(A)"
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	377	apply (subgoal_tac "F \<in> program \<and> G \<in> program \<and> st_set (A) ")
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	378	prefer 2 apply (blast dest: invariantD2 stableD2)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	379	apply (simp add: Always_def invariant_def initially_def Stable_eq_stable)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	380	apply (force intro: stable_Int)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	381	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	382
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	383	(As above, but exchanging the roles of F and G)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	384	lemma stable_Join_Always2:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	385	"\<lbrakk>F \<in> invariant(A); G \<in> stable(A)\<rbrakk> \<Longrightarrow> F \<squnion> G \<in> Always(A)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	386	apply (subst Join_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	387	apply (blast intro: stable_Join_Always1)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	388	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	389
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	390
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	391
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	392	lemma stable_Join_ensures1:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	393	"\<lbrakk>F \<in> stable(A); G \<in> A ensures B\<rbrakk> \<Longrightarrow> F \<squnion> G \<in> A ensures B"
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	394	apply (subgoal_tac "F \<in> program \<and> G \<in> program \<and> st_set (A) ")
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	395	prefer 2 apply (blast dest: stableD2 ensures_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	396	apply (simp (no_asm_simp) add: Join_ensures)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	397	apply (simp add: stable_def ensures_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	398	apply (erule constrains_weaken, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	399	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	400
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	401
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	402	(As above, but exchanging the roles of F and G)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	403	lemma stable_Join_ensures2:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	404	"\<lbrakk>F \<in> A ensures B; G \<in> stable(A)\<rbrakk> \<Longrightarrow> F \<squnion> G \<in> A ensures B"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	405	apply (subst Join_commute)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	406	apply (blast intro: stable_Join_ensures1)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	407	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	408
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	409	subsection\<open>The ok and OK relations\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	410
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	411	lemma ok_SKIP1 [iff]: "SKIP ok F"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	412	by (auto dest: Acts_type [THEN subsetD] simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	413
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	414	lemma ok_SKIP2 [iff]: "F ok SKIP"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	415	by (auto dest: Acts_type [THEN subsetD] simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	416
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	417	lemma ok_Join_commute:
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	418	"(F ok G \<and> (F \<squnion> G) ok H) \<longleftrightarrow> (G ok H \<and> F ok (G \<squnion> H))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	419	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	420
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	421	lemma ok_commute: "(F ok G) \<longleftrightarrow>(G ok F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	422	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	423
45602 2a858377c3d2 eliminated obsolete "standard"; wenzelm parents: 35427 diff changeset	424	lemmas ok_sym = ok_commute [THEN iffD1]
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	425
76215 a642599ffdea More syntactic cleanup. LaTeX markup working paulson <lp15@cam.ac.uk> parents: 76214 diff changeset	426	lemma ok_iff_OK: "OK({\<langle>0,F\<rangle>,\<langle>1,G\<rangle>,\<langle>2,H\<rangle>}, snd) \<longleftrightarrow> (F ok G \<and> (F \<squnion> G) ok H)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	427	by (simp add: ok_def Join_def OK_def Int_assoc cons_absorb
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	428	Int_Un_distrib2 Ball_def, safe, force+)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	429
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	430	lemma ok_Join_iff1 [iff]: "F ok (G \<squnion> H) \<longleftrightarrow> (F ok G \<and> F ok H)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	431	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	432
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	433	lemma ok_Join_iff2 [iff]: "(G \<squnion> H) ok F \<longleftrightarrow> (G ok F \<and> H ok F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	434	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	435
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	436	(useful? Not with the previous two around)
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	437	lemma ok_Join_commute_I: "\<lbrakk>F ok G; (F \<squnion> G) ok H\<rbrakk> \<Longrightarrow> F ok (G \<squnion> H)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	438	by (auto simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	439
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	440	lemma ok_JOIN_iff1 [iff]: "F ok JOIN(I,G) \<longleftrightarrow> (\<forall>i \<in> I. F ok G(i))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	441	by (force dest: Acts_type [THEN subsetD] elim!: not_emptyE simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	442
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	443	lemma ok_JOIN_iff2 [iff]: "JOIN(I,G) ok F \<longleftrightarrow> (\<forall>i \<in> I. G(i) ok F)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	444	apply (auto elim!: not_emptyE simp add: ok_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	445	apply (blast dest: Acts_type [THEN subsetD])
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	446	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	447
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	448	lemma OK_iff_ok: "OK(I,F) \<longleftrightarrow> (\<forall>i \<in> I. \<forall>j \<in> I-{i}. F(i) ok (F(j)))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	449	by (auto simp add: ok_def OK_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	450
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	451	lemma OK_imp_ok: "\<lbrakk>OK(I,F); i \<in> I; j \<in> I; i\<noteq>j\<rbrakk> \<Longrightarrow> F(i) ok F(j)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	452	by (auto simp add: OK_iff_ok)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	453
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	454
14093 24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	455	lemma OK_0 [iff]: "OK(0,F)"
24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	456	by (simp add: OK_def)
24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	457
24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	458	lemma OK_cons_iff:
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	459	"OK(cons(i, I), F) \<longleftrightarrow>
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	460	(i \<in> I \<and> OK(I, F)) \| (i\<notin>I \<and> OK(I, F) \<and> F(i) ok JOIN(I,F))"
14093 24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	461	apply (simp add: OK_iff_ok)
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	462	apply (blast intro: ok_sym)
14093 24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	463	done
24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	464
24382760fd89 converting more theories to Isar scripts, and tidying paulson parents: 14092 diff changeset	465
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	466	subsection\<open>Allowed\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	467
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	468	lemma Allowed_SKIP [simp]: "Allowed(SKIP) = program"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	469	by (auto dest: Acts_type [THEN subsetD] simp add: Allowed_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	470
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	471	lemma Allowed_Join [simp]:
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	472	"Allowed(F \<squnion> G) =
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	473	Allowed(programify(F)) \<inter> Allowed(programify(G))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	474	apply (auto simp add: Allowed_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	475	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	476
61392 331be2820f90 tuned syntax -- more symbols; wenzelm parents: 60770 diff changeset	477	lemma Allowed_JOIN [simp]:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	478	"i \<in> I \<Longrightarrow>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	479	Allowed(JOIN(I,F)) = (\<Inter>i \<in> I. Allowed(programify(F(i))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	480	apply (auto simp add: Allowed_def, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	481	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	482
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	483	lemma ok_iff_Allowed:
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	484	"F ok G \<longleftrightarrow> (programify(F) \<in> Allowed(programify(G)) \<and>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	485	programify(G) \<in> Allowed(programify(F)))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	486	by (simp add: ok_def Allowed_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	487
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	488
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	489	lemma OK_iff_Allowed:
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	490	"OK(I,F) \<longleftrightarrow>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	491	(\<forall>i \<in> I. \<forall>j \<in> I-{i}. programify(F(i)) \<in> Allowed(programify(F(j))))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	492	apply (auto simp add: OK_iff_ok ok_iff_Allowed)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	493	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	494
60770 240563fbf41d isabelle update_cartouches; wenzelm parents: 46953 diff changeset	495	subsection\<open>safety_prop, for reasoning about given instances of "ok"\<close>
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	496
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	497	lemma safety_prop_Acts_iff:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	498	"safety_prop(X) \<Longrightarrow> (Acts(G) \<subseteq> cons(id(state), (\<Union>F \<in> X. Acts(F)))) \<longleftrightarrow> (programify(G) \<in> X)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	499	apply (simp (no_asm_use) add: safety_prop_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	500	apply clarify
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	501	apply (case_tac "G \<in> program", simp_all, blast, safe)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	502	prefer 2 apply force
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	503	apply (force simp add: programify_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	504	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	505
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	506	lemma safety_prop_AllowedActs_iff_Allowed:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	507	"safety_prop(X) \<Longrightarrow>
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	508	(\<Union>G \<in> X. Acts(G)) \<subseteq> AllowedActs(F) \<longleftrightarrow> (X \<subseteq> Allowed(programify(F)))"
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	509	apply (simp add: Allowed_def safety_prop_Acts_iff [THEN iff_sym]
2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	510	safety_prop_def, blast)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	511	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	512
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	513
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	514	lemma Allowed_eq:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	515	"safety_prop(X) \<Longrightarrow> Allowed(mk_program(init, acts, \<Union>F \<in> X. Acts(F))) = X"
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	516	apply (subgoal_tac "cons (id (state), \<Union>(RepFun (X, Acts)) \<inter> Pow (state * state)) = \<Union>(RepFun (X, Acts))")
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	517	apply (rule_tac [2] equalityI)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	518	apply (simp del: UN_simps add: Allowed_def safety_prop_Acts_iff safety_prop_def, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	519	apply (force dest: Acts_type [THEN subsetD] simp add: safety_prop_def)+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	520	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	521
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	522	lemma def_prg_Allowed:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	523	"\<lbrakk>F \<equiv> mk_program (init, acts, \<Union>F \<in> X. Acts(F)); safety_prop(X)\<rbrakk>
e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	524	\<Longrightarrow> Allowed(F) = X"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	525	by (simp add: Allowed_eq)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	526
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	527	(For safety_prop to hold, the property must be satisfiable!)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	528	lemma safety_prop_constrains [iff]:
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	529	"safety_prop(A co B) \<longleftrightarrow> (A \<subseteq> B \<and> st_set(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	530	by (simp add: safety_prop_def constrains_def st_set_def, blast)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	531
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	532	(* To be used with resolution *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	533	lemma safety_prop_constrainsI [iff]:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	534	"\<lbrakk>A\<subseteq>B; st_set(A)\<rbrakk> \<Longrightarrow>safety_prop(A co B)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	535	by auto
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	536
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	537	lemma safety_prop_stable [iff]: "safety_prop(stable(A)) \<longleftrightarrow> st_set(A)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	538	by (simp add: stable_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	539
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	540	lemma safety_prop_stableI: "st_set(A) \<Longrightarrow> safety_prop(stable(A))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	541	by auto
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	542
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	543	lemma safety_prop_Int [simp]:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	544	"\<lbrakk>safety_prop(X) ; safety_prop(Y)\<rbrakk> \<Longrightarrow> safety_prop(X \<inter> Y)"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	545	apply (simp add: safety_prop_def, safe, blast)
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	546	apply (drule_tac [2] B = "\<Union>(RepFun (X \<inter> Y, Acts))" and C = "\<Union>(RepFun (Y, Acts))" in subset_trans)
57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	547	apply (drule_tac B = "\<Union>(RepFun (X \<inter> Y, Acts))" and C = "\<Union>(RepFun (X, Acts))" in subset_trans)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	548	apply blast+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	549	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	550
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	551	(* If I=0 the conclusion becomes safety_prop(0) which is false *)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	552	lemma safety_prop_Inter:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	553	assumes major: "(\<And>i. i \<in> I \<Longrightarrow>safety_prop(X(i)))"
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	554	and minor: "i \<in> I"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	555	shows "safety_prop(\<Inter>i \<in> I. X(i))"
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	556	apply (simp add: safety_prop_def)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	557	apply (cut_tac minor, safe)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	558	apply (simp (no_asm_use) add: Inter_iff)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	559	apply clarify
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	560	apply (frule major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	561	apply (drule_tac [2] i = xa in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	562	apply (frule_tac [4] i = xa in major)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	563	apply (auto simp add: safety_prop_def)
46823 57bf0cecb366 More mathematical symbols for ZF examples paulson parents: 45602 diff changeset	564	apply (drule_tac B = "\<Union>(RepFun (\<Inter>(RepFun (I, X)), Acts))" and C = "\<Union>(RepFun (X (xa), Acts))" in subset_trans)
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	565	apply blast+
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	566	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	567
46953 2b6e55924af3 replacing ":" by "\<in>" paulson parents: 46823 diff changeset	568	lemma def_UNION_ok_iff:
76213 e44d86131648 Removal of obsolete ASCII syntax paulson <lp15@cam.ac.uk> parents: 69587 diff changeset	569	"\<lbrakk>F \<equiv> mk_program(init,acts, \<Union>G \<in> X. Acts(G)); safety_prop(X)\<rbrakk>
76214 0c18df79b1c8 more modernisation of syntax paulson <lp15@cam.ac.uk> parents: 76213 diff changeset	570	\<Longrightarrow> F ok G \<longleftrightarrow> (programify(G) \<in> X \<and> acts \<inter> Pow(state*state) \<subseteq> AllowedActs(G))"
76216 9fc34f76b4e8 getting rid of apply (unfold ...) paulson <lp15@cam.ac.uk> parents: 76215 diff changeset	571	unfolding ok_def
14092 68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	572	apply (drule_tac G = G in safety_prop_Acts_iff)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	573	apply (cut_tac F = G in AllowedActs_type)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	574	apply (cut_tac F = G in Acts_type, auto)
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	575	done
68da54626309 Conversion of ZF/UNITY/{FP,Union} to Isar script. paulson parents: 12195 diff changeset	576
11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	577	end

author	desharna
	Fri, 04 Apr 2025 15:30:03 +0200
changeset 82399	9d457dfb56c5
parent 80917	2a77bc3b4eac
permissions	-rw-r--r--