isabelle: src/HOL/UNITY/Comp/Alloc.thy@9d94a6c95113 (annotated)

37936 1e4c5015a72e updated some headers; wenzelm parents: 36866 diff changeset	1	(* Title: HOL/UNITY/Comp/Alloc.thy
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	2	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	3	Copyright 1998 University of Cambridge
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	4
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	5	Specification of Chandy and Charpentier's Allocator
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	6	*)
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	7
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	8	theory Alloc
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	9	imports AllocBase "../PPROD"
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	10	begin
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	11
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	12	subsection\<open>State definitions. OUTPUT variables are locals\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	13
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	14	record clientState =
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	15	giv :: "nat list" \<comment> \<open>client's INPUT history: tokens GRANTED\<close>
3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	16	ask :: "nat list" \<comment> \<open>client's OUTPUT history: tokens REQUESTED\<close>
3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	17	rel :: "nat list" \<comment> \<open>client's OUTPUT history: tokens RELEASED\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	18
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	19	record 'a clientState_d =
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	20	clientState +
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	21	dummy :: 'a \<comment> \<open>dummy field for new variables\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	22
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	23	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	24	\<comment> \<open>DUPLICATED FROM Client.thy, but with "tok" removed\<close>
3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	25	\<comment> \<open>Maybe want a special theory section to declare such maps\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	26	non_dummy :: "'a clientState_d => clientState"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	27	where "non_dummy s = (\|giv = giv s, ask = ask s, rel = rel s\|)"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	28
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	29	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	30	\<comment> \<open>Renaming map to put a Client into the standard form\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	31	client_map :: "'a clientState_d => clientState*'a"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	32	where "client_map = funPair non_dummy dummy"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	33
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	34
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	35	record allocState =
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	36	allocGiv :: "nat => nat list" \<comment> \<open>OUTPUT history: source of "giv" for i\<close>
3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	37	allocAsk :: "nat => nat list" \<comment> \<open>INPUT: allocator's copy of "ask" for i\<close>
3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	38	allocRel :: "nat => nat list" \<comment> \<open>INPUT: allocator's copy of "rel" for i\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	39
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	40	record 'a allocState_d =
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	41	allocState +
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	42	dummy :: 'a \<comment> \<open>dummy field for new variables\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	43
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	44	record 'a systemState =
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	45	allocState +
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	46	client :: "nat => clientState" \<comment> \<open>states of all clients\<close>
3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	47	dummy :: 'a \<comment> \<open>dummy field for new variables\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	48
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	49
67445 4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	50	subsubsection \<open>Resource allocation system specification\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	51
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	52	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	53	\<comment> \<open>spec (1)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	54	system_safety :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	55	where "system_safety =
61954 1d43f86f48be more symbols; wenzelm parents: 61853 diff changeset	56	Always {s. (\<Sum>i \<in> lessThan Nclients. (tokens o giv o sub i o client)s)
1d43f86f48be more symbols; wenzelm parents: 61853 diff changeset	57	\<le> NbT + (\<Sum>i \<in> lessThan Nclients. (tokens o rel o sub i o client)s)}"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	58
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	59	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	60	\<comment> \<open>spec (2)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	61	system_progress :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	62	where "system_progress = (INT i : lessThan Nclients.
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	63	INT h.
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	64	{s. h \<le> (ask o sub i o client)s} LeadsTo
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	65	{s. h pfixLe (giv o sub i o client) s})"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	66
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	67	definition
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	68	system_spec :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	69	where "system_spec = system_safety Int system_progress"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	70
67445 4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	71
4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	72	subsubsection \<open>Client specification (required)\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	73
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	74	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	75	\<comment> \<open>spec (3)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	76	client_increasing :: "'a clientState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	77	where "client_increasing = UNIV guarantees Increasing ask Int Increasing rel"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	78
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	79	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	80	\<comment> \<open>spec (4)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	81	client_bounded :: "'a clientState_d program set"
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	82	where "client_bounded = UNIV guarantees Always {s. \<forall>elt \<in> set (ask s). elt \<le> NbT}"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	83
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	84	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	85	\<comment> \<open>spec (5)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	86	client_progress :: "'a clientState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	87	where "client_progress =
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	88	Increasing giv guarantees
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	89	(INT h. {s. h \<le> giv s & h pfixGe ask s}
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	90	LeadsTo {s. tokens h \<le> (tokens o rel) s})"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	91
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	92	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	93	\<comment> \<open>spec: preserves part\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	94	client_preserves :: "'a clientState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	95	where "client_preserves = preserves giv Int preserves clientState_d.dummy"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	96
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	97	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	98	\<comment> \<open>environmental constraints\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	99	client_allowed_acts :: "'a clientState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	100	where "client_allowed_acts =
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	101	{F. AllowedActs F =
69325 4b6ddc5989fc removed legacy input syntax haftmann parents: 69313 diff changeset	102	insert Id (\<Union> (Acts ` preserves (funPair rel ask)))}"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	103
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	104	definition
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	105	client_spec :: "'a clientState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	106	where "client_spec = client_increasing Int client_bounded Int client_progress
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	107	Int client_allowed_acts Int client_preserves"
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	108
67445 4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	109
4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	110	subsubsection \<open>Allocator specification (required)\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	111
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	112	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	113	\<comment> \<open>spec (6)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	114	alloc_increasing :: "'a allocState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	115	where "alloc_increasing =
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	116	UNIV guarantees
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	117	(INT i : lessThan Nclients. Increasing (sub i o allocGiv))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	118
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	119	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	120	\<comment> \<open>spec (7)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	121	alloc_safety :: "'a allocState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	122	where "alloc_safety =
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	123	(INT i : lessThan Nclients. Increasing (sub i o allocRel))
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	124	guarantees
61954 1d43f86f48be more symbols; wenzelm parents: 61853 diff changeset	125	Always {s. (\<Sum>i \<in> lessThan Nclients. (tokens o sub i o allocGiv)s)
1d43f86f48be more symbols; wenzelm parents: 61853 diff changeset	126	\<le> NbT + (\<Sum>i \<in> lessThan Nclients. (tokens o sub i o allocRel)s)}"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	127
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	128	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	129	\<comment> \<open>spec (8)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	130	alloc_progress :: "'a allocState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	131	where "alloc_progress =
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	132	(INT i : lessThan Nclients. Increasing (sub i o allocAsk) Int
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	133	Increasing (sub i o allocRel))
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	134	Int
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	135	Always {s. \<forall>i<Nclients.
ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	136	\<forall>elt \<in> set ((sub i o allocAsk) s). elt \<le> NbT}
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	137	Int
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	138	(INT i : lessThan Nclients.
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	139	INT h. {s. h \<le> (sub i o allocGiv)s & h pfixGe (sub i o allocAsk)s}
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	140	LeadsTo
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	141	{s. tokens h \<le> (tokens o sub i o allocRel)s})
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	142	guarantees
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	143	(INT i : lessThan Nclients.
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	144	INT h. {s. h \<le> (sub i o allocAsk) s}
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	145	LeadsTo
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	146	{s. h pfixLe (sub i o allocGiv) s})"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	147
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	148	(*NOTE: to follow the original paper, the formula above should have had
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	149	INT h. {s. h i \<le> (sub i o allocGiv)s & h i pfixGe (sub i o allocAsk)s}
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	150	LeadsTo
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	151	{s. tokens h i \<le> (tokens o sub i o allocRel)s})
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	152	thus h should have been a function variable. However, only h i is ever
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	153	looked at.*)
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	154
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	155	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	156	\<comment> \<open>spec: preserves part\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	157	alloc_preserves :: "'a allocState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	158	where "alloc_preserves = preserves allocRel Int preserves allocAsk Int
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	159	preserves allocState_d.dummy"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	160
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	161	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	162	\<comment> \<open>environmental constraints\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	163	alloc_allowed_acts :: "'a allocState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	164	where "alloc_allowed_acts =
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	165	{F. AllowedActs F =
69313 b021008c5397 removed legacy input syntax haftmann parents: 67717 diff changeset	166	insert Id (\<Union>(Acts ` (preserves allocGiv)))}"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	167
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	168	definition
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	169	alloc_spec :: "'a allocState_d program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	170	where "alloc_spec = alloc_increasing Int alloc_safety Int alloc_progress Int
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	171	alloc_allowed_acts Int alloc_preserves"
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	172
67445 4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	173
4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	174	subsubsection \<open>Network specification\<close>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	175
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	176	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	177	\<comment> \<open>spec (9.1)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	178	network_ask :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	179	where "network_ask = (INT i : lessThan Nclients.
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	180	Increasing (ask o sub i o client) guarantees
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	181	((sub i o allocAsk) Fols (ask o sub i o client)))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	182
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	183	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	184	\<comment> \<open>spec (9.2)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	185	network_giv :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	186	where "network_giv = (INT i : lessThan Nclients.
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	187	Increasing (sub i o allocGiv)
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	188	guarantees
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	189	((giv o sub i o client) Fols (sub i o allocGiv)))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	190
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	191	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	192	\<comment> \<open>spec (9.3)\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	193	network_rel :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	194	where "network_rel = (INT i : lessThan Nclients.
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	195	Increasing (rel o sub i o client)
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	196	guarantees
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	197	((sub i o allocRel) Fols (rel o sub i o client)))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	198
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	199	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	200	\<comment> \<open>spec: preserves part\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	201	network_preserves :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	202	where "network_preserves =
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	203	preserves allocGiv Int
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	204	(INT i : lessThan Nclients. preserves (rel o sub i o client) Int
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	205	preserves (ask o sub i o client))"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	206
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	207	definition
67443 3abf6a722518 standardized towards new-style formal comments: isabelle update_comments; wenzelm parents: 64267 diff changeset	208	\<comment> \<open>environmental constraints\<close>
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	209	network_allowed_acts :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	210	where "network_allowed_acts =
69325 4b6ddc5989fc removed legacy input syntax haftmann parents: 69313 diff changeset	211	{F. AllowedActs F = insert Id
4b6ddc5989fc removed legacy input syntax haftmann parents: 69313 diff changeset	212	(\<Union> (Acts ` (preserves allocRel \<inter> (\<Inter>i<Nclients.
4b6ddc5989fc removed legacy input syntax haftmann parents: 69313 diff changeset	213	preserves (giv \<circ> sub i \<circ> client)))))}"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	214
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	215	definition
17310 1322ed8e0ee4 converted to Isar theory format; wenzelm parents: 15074 diff changeset	216	network_spec :: "'a systemState program set"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	217	where "network_spec = network_ask Int network_giv Int
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	218	network_rel Int network_allowed_acts Int
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	219	network_preserves"
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	220
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	221
67445 4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	222	subsubsection \<open>State mappings\<close>
4311845b0412 tuned document; wenzelm parents: 67443 diff changeset	223
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	224	definition
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	225	sysOfAlloc :: "((nat => clientState) * 'a) allocState_d => 'a systemState"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	226	where "sysOfAlloc = (%s. let (cl,xtr) = allocState_d.dummy s
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	227	in (\| allocGiv = allocGiv s,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	228	allocAsk = allocAsk s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	229	allocRel = allocRel s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	230	client = cl,
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	231	dummy = xtr\|))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	232
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	233
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	234	definition
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	235	sysOfClient :: "(nat => clientState) * 'a allocState_d => 'a systemState"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	236	where "sysOfClient = (%(cl,al). (\| allocGiv = allocGiv al,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	237	allocAsk = allocAsk al,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	238	allocRel = allocRel al,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	239	client = cl,
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	240	systemState.dummy = allocState_d.dummy al\|))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	241
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	242	axiomatization Alloc :: "'a allocState_d program"
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	243	where Alloc: "Alloc \<in> alloc_spec"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	244
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	245	axiomatization Client :: "'a clientState_d program"
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	246	where Client: "Client \<in> client_spec"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	247
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	248	axiomatization Network :: "'a systemState program"
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	249	where Network: "Network \<in> network_spec"
36866 426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	250
426d5781bb25 modernized specifications; wenzelm parents: 32149 diff changeset	251	definition System :: "'a systemState program"
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	252	where "System = rename sysOfAlloc Alloc \<squnion> Network \<squnion>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	253	(rename sysOfClient
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	254	(plam x: lessThan Nclients. rename client_map Client))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	255
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	256
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	257	(**
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	258	locale System =
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	259	fixes
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	260	Alloc :: 'a allocState_d program
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	261	Client :: 'a clientState_d program
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	262	Network :: 'a systemState program
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	263	System :: 'a systemState program
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	264
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	265	assumes
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	266	Alloc "Alloc : alloc_spec"
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	267	Client "Client : client_spec"
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	268	Network "Network : network_spec"
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	269
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	270	defines
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	271	System_def
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	272	"System == rename sysOfAlloc Alloc
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	273	\<squnion>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	274	Network
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	275	\<squnion>
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	276	(rename sysOfClient
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	277	(plam x: lessThan Nclients. rename client_map Client))"
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	278	**)
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	279
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	280	declare subset_preserves_o [THEN [2] rev_subsetD, intro]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	281	declare subset_preserves_o [THEN [2] rev_subsetD, simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	282	declare funPair_o_distrib [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	283	declare Always_INT_distrib [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	284	declare o_apply [simp del]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	285
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	286	(For rewriting of specifications related by "guarantees")
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	287	lemmas [simp] =
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	288	rename_image_constrains
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	289	rename_image_stable
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	290	rename_image_increasing
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	291	rename_image_invariant
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	292	rename_image_Constrains
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	293	rename_image_Stable
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	294	rename_image_Increasing
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	295	rename_image_Always
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	296	rename_image_leadsTo
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	297	rename_image_LeadsTo
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	298	rename_preserves
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	299	rename_image_preserves
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	300	lift_image_preserves
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	301	bij_image_INT
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	302	bij_is_inj [THEN image_Int]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	303	bij_image_Collect_eq
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	304
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	305	ML \<open>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	306	(Splits up conjunctions & intersections: like CONJUNCTS in the HOL system)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	307	fun list_of_Int th =
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	308	(list_of_Int (th RS conjunct1) @ list_of_Int (th RS conjunct2))
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	309	handle THM _ => (list_of_Int (th RS IntD1) @ list_of_Int (th RS IntD2))
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	310	handle THM _ => (list_of_Int (th RS @{thm INT_D}))
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	311	handle THM _ => (list_of_Int (th RS bspec))
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	312	handle THM _ => [th];
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	313	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	314
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	315	lemmas lessThanBspec = lessThan_iff [THEN iffD2, THEN [2] bspec]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	316
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	317	attribute_setup normalized = \<open>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	318	let
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	319	fun normalized th =
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	320	normalized (th RS spec
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	321	handle THM _ => th RS @{thm lessThanBspec}
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	322	handle THM _ => th RS bspec
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	323	handle THM _ => th RS (@{thm guarantees_INT_right_iff} RS iffD1))
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	324	handle THM _ => th;
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	325	in
61853 fb7756087101 rule_attribute and declaration_attribute implicitly support abstract closure, but mixed_attribute implementations need to be aware of Thm.is_free_dummy; wenzelm parents: 60773 diff changeset	326	Scan.succeed (Thm.rule_attribute [] (K normalized))
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	327	end
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	328	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	329
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	330	(* bijectivity of sysOfAlloc [MUST BE AUTOMATED] *)
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	331	ML \<open>
42767 e6d920bea7a6 prefer Proof.context over old-style clasimpset; wenzelm parents: 40702 diff changeset	332	fun record_auto_tac ctxt =
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42767 diff changeset	333	let val ctxt' =
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	334	ctxt addSWrapper Record.split_wrapper
9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	335	addsimps
42795 66fcc9882784 clarified map_simpset versus Simplifier.map_simpset_global; wenzelm parents: 42793 diff changeset	336	[@{thm sysOfAlloc_def}, @{thm sysOfClient_def},
66fcc9882784 clarified map_simpset versus Simplifier.map_simpset_global; wenzelm parents: 42793 diff changeset	337	@{thm client_map_def}, @{thm non_dummy_def}, @{thm funPair_def},
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	338	@{thm o_apply}, @{thm Let_def}]
42793 88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42767 diff changeset	339	in auto_tac ctxt' end;
88bee9f6eec7 proper Proof.context for classical tactics; wenzelm parents: 42767 diff changeset	340
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	341	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	342
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	343	method_setup record_auto = \<open>Scan.succeed (SIMPLE_METHOD o record_auto_tac)\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	344
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	345	lemma inj_sysOfAlloc [iff]: "inj sysOfAlloc"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	346	apply (unfold sysOfAlloc_def Let_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	347	apply (rule inj_onI)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	348	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	349	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	350
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	351	text\<open>We need the inverse; also having it simplifies the proof of surjectivity\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	352	lemma inv_sysOfAlloc_eq [simp]: "!!s. inv sysOfAlloc s =
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	353	(\| allocGiv = allocGiv s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	354	allocAsk = allocAsk s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	355	allocRel = allocRel s,
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	356	allocState_d.dummy = (client s, dummy s) \|)"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	357	apply (rule inj_sysOfAlloc [THEN inv_f_eq])
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	358	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	359	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	360
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	361	lemma surj_sysOfAlloc [iff]: "surj sysOfAlloc"
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	362	apply (simp add: surj_iff_all)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	363	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	364	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	365
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	366	lemma bij_sysOfAlloc [iff]: "bij sysOfAlloc"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	367	apply (blast intro: bijI)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	368	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	369
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	370
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	371	subsubsection\<open>bijectivity of \<^term>\<open>sysOfClient\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	372
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	373	lemma inj_sysOfClient [iff]: "inj sysOfClient"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	374	apply (unfold sysOfClient_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	375	apply (rule inj_onI)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	376	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	377	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	378
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	379	lemma inv_sysOfClient_eq [simp]: "!!s. inv sysOfClient s =
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	380	(client s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	381	(\| allocGiv = allocGiv s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	382	allocAsk = allocAsk s,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	383	allocRel = allocRel s,
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	384	allocState_d.dummy = systemState.dummy s\|) )"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	385	apply (rule inj_sysOfClient [THEN inv_f_eq])
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	386	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	387	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	388
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	389	lemma surj_sysOfClient [iff]: "surj sysOfClient"
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	390	apply (simp add: surj_iff_all)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	391	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	392	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	393
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	394	lemma bij_sysOfClient [iff]: "bij sysOfClient"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	395	apply (blast intro: bijI)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	396	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	397
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	398
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	399	subsubsection\<open>bijectivity of \<^term>\<open>client_map\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	400
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	401	lemma inj_client_map [iff]: "inj client_map"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	402	apply (unfold inj_on_def)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	403	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	404	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	405
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	406	lemma inv_client_map_eq [simp]: "!!s. inv client_map s =
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	407	(%(x,y).(\|giv = giv x, ask = ask x, rel = rel x,
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	408	clientState_d.dummy = y\|)) s"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	409	apply (rule inj_client_map [THEN inv_f_eq])
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	410	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	411	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	412
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	413	lemma surj_client_map [iff]: "surj client_map"
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	414	apply (simp add: surj_iff_all)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	415	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	416	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	417
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	418	lemma bij_client_map [iff]: "bij client_map"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	419	apply (blast intro: bijI)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	420	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	421
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	422
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	423	text\<open>o-simprules for \<^term>\<open>client_map\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	424
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	425	lemma fst_o_client_map: "fst o client_map = non_dummy"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	426	apply (unfold client_map_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	427	apply (rule fst_o_funPair)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	428	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	429
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	430	ML \<open>ML_Thms.bind_thms ("fst_o_client_map'", make_o_equivs \<^context> @{thm fst_o_client_map})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	431	declare fst_o_client_map' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	432
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	433	lemma snd_o_client_map: "snd o client_map = clientState_d.dummy"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	434	apply (unfold client_map_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	435	apply (rule snd_o_funPair)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	436	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	437
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	438	ML \<open>ML_Thms.bind_thms ("snd_o_client_map'", make_o_equivs \<^context> @{thm snd_o_client_map})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	439	declare snd_o_client_map' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	440
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	441
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	442	subsection\<open>o-simprules for \<^term>\<open>sysOfAlloc\<close> [MUST BE AUTOMATED]\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	443
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	444	lemma client_o_sysOfAlloc: "client o sysOfAlloc = fst o allocState_d.dummy "
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	445	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	446	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	447
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	448	ML \<open>ML_Thms.bind_thms ("client_o_sysOfAlloc'", make_o_equivs \<^context> @{thm client_o_sysOfAlloc})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	449	declare client_o_sysOfAlloc' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	450
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	451	lemma allocGiv_o_sysOfAlloc_eq: "allocGiv o sysOfAlloc = allocGiv"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	452	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	453	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	454
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	455	ML \<open>ML_Thms.bind_thms ("allocGiv_o_sysOfAlloc_eq'", make_o_equivs \<^context> @{thm allocGiv_o_sysOfAlloc_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	456	declare allocGiv_o_sysOfAlloc_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	457
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	458	lemma allocAsk_o_sysOfAlloc_eq: "allocAsk o sysOfAlloc = allocAsk"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	459	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	460	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	461
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	462	ML \<open>ML_Thms.bind_thms ("allocAsk_o_sysOfAlloc_eq'", make_o_equivs \<^context> @{thm allocAsk_o_sysOfAlloc_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	463	declare allocAsk_o_sysOfAlloc_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	464
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	465	lemma allocRel_o_sysOfAlloc_eq: "allocRel o sysOfAlloc = allocRel"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	466	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	467	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	468
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	469	ML \<open>ML_Thms.bind_thms ("allocRel_o_sysOfAlloc_eq'", make_o_equivs \<^context> @{thm allocRel_o_sysOfAlloc_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	470	declare allocRel_o_sysOfAlloc_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	471
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	472
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	473	subsection\<open>o-simprules for \<^term>\<open>sysOfClient\<close> [MUST BE AUTOMATED]\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	474
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	475	lemma client_o_sysOfClient: "client o sysOfClient = fst"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	476	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	477	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	478
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	479	ML \<open>ML_Thms.bind_thms ("client_o_sysOfClient'", make_o_equivs \<^context> @{thm client_o_sysOfClient})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	480	declare client_o_sysOfClient' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	481
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	482	lemma allocGiv_o_sysOfClient_eq: "allocGiv o sysOfClient = allocGiv o snd "
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	483	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	484	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	485
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	486	ML \<open>ML_Thms.bind_thms ("allocGiv_o_sysOfClient_eq'", make_o_equivs \<^context> @{thm allocGiv_o_sysOfClient_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	487	declare allocGiv_o_sysOfClient_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	488
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	489	lemma allocAsk_o_sysOfClient_eq: "allocAsk o sysOfClient = allocAsk o snd "
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	490	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	491	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	492
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	493	ML \<open>ML_Thms.bind_thms ("allocAsk_o_sysOfClient_eq'", make_o_equivs \<^context> @{thm allocAsk_o_sysOfClient_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	494	declare allocAsk_o_sysOfClient_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	495
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	496	lemma allocRel_o_sysOfClient_eq: "allocRel o sysOfClient = allocRel o snd "
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	497	apply record_auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	498	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	499
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	500	ML \<open>ML_Thms.bind_thms ("allocRel_o_sysOfClient_eq'", make_o_equivs \<^context> @{thm allocRel_o_sysOfClient_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	501	declare allocRel_o_sysOfClient_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	502
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	503	lemma allocGiv_o_inv_sysOfAlloc_eq: "allocGiv o inv sysOfAlloc = allocGiv"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	504	apply (simp add: o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	505	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	506
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	507	ML \<open>ML_Thms.bind_thms ("allocGiv_o_inv_sysOfAlloc_eq'", make_o_equivs \<^context> @{thm allocGiv_o_inv_sysOfAlloc_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	508	declare allocGiv_o_inv_sysOfAlloc_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	509
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	510	lemma allocAsk_o_inv_sysOfAlloc_eq: "allocAsk o inv sysOfAlloc = allocAsk"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	511	apply (simp add: o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	512	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	513
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	514	ML \<open>ML_Thms.bind_thms ("allocAsk_o_inv_sysOfAlloc_eq'", make_o_equivs \<^context> @{thm allocAsk_o_inv_sysOfAlloc_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	515	declare allocAsk_o_inv_sysOfAlloc_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	516
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	517	lemma allocRel_o_inv_sysOfAlloc_eq: "allocRel o inv sysOfAlloc = allocRel"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	518	apply (simp add: o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	519	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	520
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	521	ML \<open>ML_Thms.bind_thms ("allocRel_o_inv_sysOfAlloc_eq'", make_o_equivs \<^context> @{thm allocRel_o_inv_sysOfAlloc_eq})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	522	declare allocRel_o_inv_sysOfAlloc_eq' [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	523
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	524	lemma rel_inv_client_map_drop_map: "(rel o inv client_map o drop_map i o inv sysOfClient) =
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	525	rel o sub i o client"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	526	apply (simp add: o_def drop_map_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	527	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	528
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	529	ML \<open>ML_Thms.bind_thms ("rel_inv_client_map_drop_map'", make_o_equivs \<^context> @{thm rel_inv_client_map_drop_map})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	530	declare rel_inv_client_map_drop_map [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	531
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	532	lemma ask_inv_client_map_drop_map: "(ask o inv client_map o drop_map i o inv sysOfClient) =
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	533	ask o sub i o client"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	534	apply (simp add: o_def drop_map_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	535	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	536
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	537	ML \<open>ML_Thms.bind_thms ("ask_inv_client_map_drop_map'", make_o_equivs \<^context> @{thm ask_inv_client_map_drop_map})\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	538	declare ask_inv_client_map_drop_map [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	539
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	540
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	541	text\<open>Client : <unfolded specification>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	542	lemmas client_spec_simps =
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	543	client_spec_def client_increasing_def client_bounded_def
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	544	client_progress_def client_allowed_acts_def client_preserves_def
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	545	guarantees_Int_right
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	546
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	547	ML \<open>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	548	val [Client_Increasing_ask, Client_Increasing_rel,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	549	Client_Bounded, Client_Progress, Client_AllowedActs,
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	550	Client_preserves_giv, Client_preserves_dummy] =
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	551	@{thm Client} \|> simplify (\<^context> addsimps @{thms client_spec_simps})
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	552	\|> list_of_Int;
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	553
56199 8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	554	ML_Thms.bind_thm ("Client_Increasing_ask", Client_Increasing_ask);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	555	ML_Thms.bind_thm ("Client_Increasing_rel", Client_Increasing_rel);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	556	ML_Thms.bind_thm ("Client_Bounded", Client_Bounded);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	557	ML_Thms.bind_thm ("Client_Progress", Client_Progress);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	558	ML_Thms.bind_thm ("Client_AllowedActs", Client_AllowedActs);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	559	ML_Thms.bind_thm ("Client_preserves_giv", Client_preserves_giv);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	560	ML_Thms.bind_thm ("Client_preserves_dummy", Client_preserves_dummy);
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	561	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	562
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	563	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	564	Client_Increasing_ask [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	565	Client_Increasing_rel [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	566	Client_Bounded [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	567	Client_preserves_giv [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	568	Client_preserves_dummy [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	569
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	570
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	571	text\<open>Network : <unfolded specification>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	572	lemmas network_spec_simps =
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	573	network_spec_def network_ask_def network_giv_def
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	574	network_rel_def network_allowed_acts_def network_preserves_def
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	575	ball_conj_distrib
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	576
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	577	ML \<open>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	578	val [Network_Ask, Network_Giv, Network_Rel, Network_AllowedActs,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	579	Network_preserves_allocGiv, Network_preserves_rel,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	580	Network_preserves_ask] =
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	581	@{thm Network} \|> simplify (\<^context> addsimps @{thms network_spec_simps})
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	582	\|> list_of_Int;
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	583
56199 8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	584	ML_Thms.bind_thm ("Network_Ask", Network_Ask);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	585	ML_Thms.bind_thm ("Network_Giv", Network_Giv);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	586	ML_Thms.bind_thm ("Network_Rel", Network_Rel);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	587	ML_Thms.bind_thm ("Network_AllowedActs", Network_AllowedActs);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	588	ML_Thms.bind_thm ("Network_preserves_allocGiv", Network_preserves_allocGiv);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	589	ML_Thms.bind_thm ("Network_preserves_rel", Network_preserves_rel);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	590	ML_Thms.bind_thm ("Network_preserves_ask", Network_preserves_ask);
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	591	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	592
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	593	declare Network_preserves_allocGiv [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	594
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	595	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	596	Network_preserves_rel [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	597	Network_preserves_ask [simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	598
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	599	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	600	Network_preserves_rel [simplified o_def, simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	601	Network_preserves_ask [simplified o_def, simp]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	602
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	603	text\<open>Alloc : <unfolded specification>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	604	lemmas alloc_spec_simps =
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	605	alloc_spec_def alloc_increasing_def alloc_safety_def
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	606	alloc_progress_def alloc_allowed_acts_def alloc_preserves_def
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	607
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	608	ML \<open>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	609	val [Alloc_Increasing_0, Alloc_Safety, Alloc_Progress, Alloc_AllowedActs,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	610	Alloc_preserves_allocRel, Alloc_preserves_allocAsk,
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	611	Alloc_preserves_dummy] =
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	612	@{thm Alloc} \|> simplify (\<^context> addsimps @{thms alloc_spec_simps})
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	613	\|> list_of_Int;
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	614
56199 8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	615	ML_Thms.bind_thm ("Alloc_Increasing_0", Alloc_Increasing_0);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	616	ML_Thms.bind_thm ("Alloc_Safety", Alloc_Safety);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	617	ML_Thms.bind_thm ("Alloc_Progress", Alloc_Progress);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	618	ML_Thms.bind_thm ("Alloc_AllowedActs", Alloc_AllowedActs);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	619	ML_Thms.bind_thm ("Alloc_preserves_allocRel", Alloc_preserves_allocRel);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	620	ML_Thms.bind_thm ("Alloc_preserves_allocAsk", Alloc_preserves_allocAsk);
8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	621	ML_Thms.bind_thm ("Alloc_preserves_dummy", Alloc_preserves_dummy);
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	622	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	623
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	624	text\<open>Strip off the INT in the guarantees postcondition\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	625
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	626	lemmas Alloc_Increasing = Alloc_Increasing_0 [normalized]
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	627
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	628	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	629	Alloc_preserves_allocRel [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	630	Alloc_preserves_allocAsk [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	631	Alloc_preserves_dummy [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	632
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	633
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	634	subsection\<open>Components Lemmas [MUST BE AUTOMATED]\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	635
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	636	lemma Network_component_System: "Network \<squnion>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	637	((rename sysOfClient
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	638	(plam x: (lessThan Nclients). rename client_map Client)) \<squnion>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	639	rename sysOfAlloc Alloc)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	640	= System"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	641	by (simp add: System_def Join_ac)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	642
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	643	lemma Client_component_System: "(rename sysOfClient
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	644	(plam x: (lessThan Nclients). rename client_map Client)) \<squnion>
d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	645	(Network \<squnion> rename sysOfAlloc Alloc) = System"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	646	by (simp add: System_def Join_ac)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	647
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	648	lemma Alloc_component_System: "rename sysOfAlloc Alloc \<squnion>
d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 60754 diff changeset	649	((rename sysOfClient (plam x: (lessThan Nclients). rename client_map Client)) \<squnion>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	650	Network) = System"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	651	by (simp add: System_def Join_ac)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	652
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	653	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	654	Client_component_System [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	655	Network_component_System [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	656	Alloc_component_System [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	657
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	658
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	659	text\<open>* These preservation laws should be generated automatically *\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	660
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	661	lemma Client_Allowed [simp]: "Allowed Client = preserves rel Int preserves ask"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	662	by (auto simp add: Allowed_def Client_AllowedActs safety_prop_Acts_iff)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	663
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	664	lemma Network_Allowed [simp]: "Allowed Network =
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	665	preserves allocRel Int
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	666	(INT i: lessThan Nclients. preserves(giv o sub i o client))"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	667	by (auto simp add: Allowed_def Network_AllowedActs safety_prop_Acts_iff)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	668
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	669	lemma Alloc_Allowed [simp]: "Allowed Alloc = preserves allocGiv"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	670	by (auto simp add: Allowed_def Alloc_AllowedActs safety_prop_Acts_iff)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	671
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	672	text\<open>needed in \<open>rename_client_map_tac\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	673	lemma OK_lift_rename_Client [simp]: "OK I (%i. lift i (rename client_map Client))"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	674	apply (rule OK_lift_I)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	675	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	676	apply (drule_tac w1 = rel in subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	677	apply (drule_tac [2] w1 = ask in subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	678	apply (auto simp add: o_def split_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	679	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	680
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	681	lemma fst_lift_map_eq_fst [simp]: "fst (lift_map i x) i = fst x"
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	682	apply (insert fst_o_lift_map [of i])
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	683	apply (drule fun_cong [where x=x])
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	684	apply (simp add: o_def)
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	685	done
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	686
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	687	lemma fst_o_lift_map' [simp]:
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	688	"(f \<circ> sub i \<circ> fst \<circ> lift_map i \<circ> g) = f o fst o g"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	689	apply (subst fst_o_lift_map [symmetric])
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	690	apply (simp only: o_assoc)
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	691	done
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	692
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	693
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	694	(*The proofs of rename_Client_Increasing, rename_Client_Bounded and
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	695	rename_Client_Progress are similar. All require copying out the original
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	696	Client property. A forward proof can be constructed as follows:
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	697
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	698	Client_Increasing_ask RS
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	699	(bij_client_map RS rename_rename_guarantees_eq RS iffD2)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	700	RS (lift_lift_guarantees_eq RS iffD2)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	701	RS guarantees_PLam_I
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	702	RS (bij_sysOfClient RS rename_rename_guarantees_eq RS iffD2)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	703	\|> simplify (simpset() addsimps [lift_image_eq_rename, o_def, split_def,
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	704	surj_rename])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	705
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	706	However, the "preserves" property remains to be discharged, and the unfolding
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	707	of "o" and "sub" complicates subsequent reasoning.
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	708
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	709	The following tactic works for all three proofs, though it certainly looks
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	710	ad-hoc!
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	711	*)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	712	ML
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	713	\<open>
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	714	fun rename_client_map_tac ctxt =
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	715	EVERY [
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	716	simp_tac (ctxt addsimps [@{thm rename_guarantees_eq_rename_inv}]) 1,
60754 02924903a6fd prefer tactics with explicit context; wenzelm parents: 59807 diff changeset	717	resolve_tac ctxt @{thms guarantees_PLam_I} 1,
58963 26bf09b95dda proper context for assume_tac (atac remains as fall-back without context); wenzelm parents: 56199 diff changeset	718	assume_tac ctxt 2,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	719	(preserves: routine reasoning)
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	720	asm_simp_tac (ctxt addsimps [@{thm lift_preserves_sub}]) 2,
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	721	(the guarantee for "lift i (rename client_map Client)" )
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	722	asm_simp_tac
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	723	(ctxt addsimps [@{thm lift_guarantees_eq_lift_inv},
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	724	@{thm rename_guarantees_eq_rename_inv},
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	725	@{thm bij_imp_bij_inv}, @{thm surj_rename},
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	726	@{thm inv_inv_eq}]) 1,
52089 6ce832f71bdd proper context; wenzelm parents: 51717 diff changeset	727	asm_simp_tac
6ce832f71bdd proper context; wenzelm parents: 51717 diff changeset	728	(ctxt addsimps [@{thm o_def}, @{thm non_dummy_def}, @{thm guarantees_Int_right}]) 1]
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	729	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	730
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	731	method_setup rename_client_map = \<open>
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51703 diff changeset	732	Scan.succeed (fn ctxt => SIMPLE_METHOD (rename_client_map_tac ctxt))
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	733	\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	734
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	735	text\<open>Lifting \<open>Client_Increasing\<close> to \<^term>\<open>systemState\<close>\<close>
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	736	lemma rename_Client_Increasing: "i \<in> I
ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	737	==> rename sysOfClient (plam x: I. rename client_map Client) \<in>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	738	UNIV guarantees
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	739	Increasing (ask o sub i o client) Int
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	740	Increasing (rel o sub i o client)"
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	741	by rename_client_map
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	742
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	743	lemma preserves_sub_fst_lift_map: "[\| F \<in> preserves w; i \<noteq> j \|]
ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	744	==> F \<in> preserves (sub i o fst o lift_map j o funPair v w)"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	745	apply (auto simp add: lift_map_def split_def linorder_neq_iff o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	746	apply (drule_tac [!] subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	747	apply (auto simp add: o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	748	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	749
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	750	lemma client_preserves_giv_oo_client_map: "[\| i < Nclients; j < Nclients \|]
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	751	==> Client \<in> preserves (giv o sub i o fst o lift_map j o client_map)"
46911 6d2a2f0e904e tuned proofs; wenzelm parents: 46577 diff changeset	752	apply (cases "i=j")
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	753	apply (simp, simp add: o_def non_dummy_def)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	754	apply (drule Client_preserves_dummy [THEN preserves_sub_fst_lift_map])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	755	apply (drule_tac [!] subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	756	apply (simp add: o_def client_map_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	757	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	758
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	759	lemma rename_sysOfClient_ok_Network:
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	760	"rename sysOfClient (plam x: lessThan Nclients. rename client_map Client)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	761	ok Network"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	762	by (auto simp add: ok_iff_Allowed client_preserves_giv_oo_client_map)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	763
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	764	lemma rename_sysOfClient_ok_Alloc:
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	765	"rename sysOfClient (plam x: lessThan Nclients. rename client_map Client)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	766	ok rename sysOfAlloc Alloc"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	767	by (simp add: ok_iff_Allowed)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	768
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	769	lemma rename_sysOfAlloc_ok_Network: "rename sysOfAlloc Alloc ok Network"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	770	by (simp add: ok_iff_Allowed)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	771
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	772	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	773	rename_sysOfClient_ok_Network [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	774	rename_sysOfClient_ok_Alloc [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	775	rename_sysOfAlloc_ok_Network [iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	776
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	777	text\<open>The "ok" laws, re-oriented.
f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	778	But not sure this works: theorem \<open>ok_commute\<close> is needed below\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	779	declare
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	780	rename_sysOfClient_ok_Network [THEN ok_sym, iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	781	rename_sysOfClient_ok_Alloc [THEN ok_sym, iff]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	782	rename_sysOfAlloc_ok_Network [THEN ok_sym]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	783
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	784	lemma System_Increasing: "i < Nclients
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	785	==> System \<in> Increasing (ask o sub i o client) Int
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	786	Increasing (rel o sub i o client)"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	787	apply (rule component_guaranteesD [OF rename_Client_Increasing Client_component_System])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	788	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	789	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	790
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	791	lemmas rename_guarantees_sysOfAlloc_I =
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45600 diff changeset	792	bij_sysOfAlloc [THEN rename_rename_guarantees_eq, THEN iffD2]
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	793
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	794
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	795	(Lifting Alloc_Increasing up to the level of systemState)
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	796	lemmas rename_Alloc_Increasing =
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	797	Alloc_Increasing
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	798	[THEN rename_guarantees_sysOfAlloc_I,
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	799	simplified surj_rename o_def sub_apply
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	800	rename_image_Increasing bij_sysOfAlloc
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	801	allocGiv_o_inv_sysOfAlloc_eq']
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	802
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	803	lemma System_Increasing_allocGiv:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	804	"i < Nclients \<Longrightarrow> System \<in> Increasing (sub i o allocGiv)"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	805	apply (unfold System_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	806	apply (simp add: o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	807	apply (rule rename_Alloc_Increasing [THEN guarantees_Join_I1, THEN guaranteesD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	808	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	809	done
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	810
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	811
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	812	ML \<open>
56199 8e8d28ed7529 tuned signature -- rearranged modules; wenzelm parents: 52089 diff changeset	813	ML_Thms.bind_thms ("System_Increasing'", list_of_Int @{thm System_Increasing})
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	814	\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	815
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	816	declare System_Increasing' [intro!]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	817
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	818	text\<open>Follows consequences.
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	819	The "Always (INT ...) formulation expresses the general safety property
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	820	and allows it to be combined using \<open>Always_Int_rule\<close> below.\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	821
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	822	lemma System_Follows_rel:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	823	"i < Nclients ==> System \<in> ((sub i o allocRel) Fols (rel o sub i o client))"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	824	apply (auto intro!: Network_Rel [THEN component_guaranteesD])
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	825	apply (simp add: ok_commute [of Network])
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	826	done
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	827
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	828	lemma System_Follows_ask:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	829	"i < Nclients ==> System \<in> ((sub i o allocAsk) Fols (ask o sub i o client))"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	830	apply (auto intro!: Network_Ask [THEN component_guaranteesD])
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	831	apply (simp add: ok_commute [of Network])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	832	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	833
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	834	lemma System_Follows_allocGiv:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	835	"i < Nclients ==> System \<in> (giv o sub i o client) Fols (sub i o allocGiv)"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	836	apply (auto intro!: Network_Giv [THEN component_guaranteesD]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	837	rename_Alloc_Increasing [THEN component_guaranteesD])
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	838	apply (simp_all add: o_def non_dummy_def ok_commute [of Network])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	839	apply (auto intro!: rename_Alloc_Increasing [THEN component_guaranteesD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	840	done
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	841
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	842
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	843	lemma Always_giv_le_allocGiv: "System \<in> Always (INT i: lessThan Nclients.
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	844	{s. (giv o sub i o client) s \<le> (sub i o allocGiv) s})"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	845	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	846	apply (erule System_Follows_allocGiv [THEN Follows_Bounded])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	847	done
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	848
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	849
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	850	lemma Always_allocAsk_le_ask: "System \<in> Always (INT i: lessThan Nclients.
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	851	{s. (sub i o allocAsk) s \<le> (ask o sub i o client) s})"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	852	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	853	apply (erule System_Follows_ask [THEN Follows_Bounded])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	854	done
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	855
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	856
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	857	lemma Always_allocRel_le_rel: "System \<in> Always (INT i: lessThan Nclients.
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	858	{s. (sub i o allocRel) s \<le> (rel o sub i o client) s})"
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	859	by (auto intro!: Follows_Bounded System_Follows_rel)
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	860
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	861
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	862	subsection\<open>Proof of the safety property (1)\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	863
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	864	text\<open>safety (1), step 1 is \<open>System_Follows_rel\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	865
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	866	text\<open>safety (1), step 2\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	867	(* i < Nclients ==> System : Increasing (sub i o allocRel) *)
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45600 diff changeset	868	lemmas System_Increasing_allocRel = System_Follows_rel [THEN Follows_Increasing1]
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	869
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	870	(*Lifting Alloc_safety up to the level of systemState.
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	871	Simplifying with o_def gets rid of the translations but it unfortunately
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	872	gets rid of the other "o"s too.*)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	873
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	874	text\<open>safety (1), step 3\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	875	lemma System_sum_bounded:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	876	"System \<in> Always {s. (\<Sum>i \<in> lessThan Nclients. (tokens o sub i o allocGiv) s)
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	877	\<le> NbT + (\<Sum>i \<in> lessThan Nclients. (tokens o sub i o allocRel) s)}"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	878	apply (simp add: o_apply)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	879	apply (insert Alloc_Safety [THEN rename_guarantees_sysOfAlloc_I])
40702 cf26dd7395e4 Replace surj by abbreviation; remove surj_on. hoelzl parents: 39302 diff changeset	880	apply (simp add: o_def)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	881	apply (erule component_guaranteesD)
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	882	apply (auto simp add: System_Increasing_allocRel [simplified sub_apply o_def])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	883	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	884
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	885	text\<open>Follows reasoning\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	886
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	887	lemma Always_tokens_giv_le_allocGiv: "System \<in> Always (INT i: lessThan Nclients.
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	888	{s. (tokens o giv o sub i o client) s
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	889	\<le> (tokens o sub i o allocGiv) s})"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	890	apply (rule Always_giv_le_allocGiv [THEN Always_weaken])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	891	apply (auto intro: tokens_mono_prefix simp add: o_apply)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	892	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	893
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	894	lemma Always_tokens_allocRel_le_rel: "System \<in> Always (INT i: lessThan Nclients.
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	895	{s. (tokens o sub i o allocRel) s
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	896	\<le> (tokens o rel o sub i o client) s})"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	897	apply (rule Always_allocRel_le_rel [THEN Always_weaken])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	898	apply (auto intro: tokens_mono_prefix simp add: o_apply)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	899	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	900
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	901	text\<open>safety (1), step 4 (final result!)\<close>
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	902	theorem System_safety: "System \<in> system_safety"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	903	apply (unfold system_safety_def)
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	904	apply (tactic \<open>resolve_tac \<^context> [Always_Int_rule [@{thm System_sum_bounded},
39159 0dec18004e75 more antiquotations; wenzelm parents: 38012 diff changeset	905	@{thm Always_tokens_giv_le_allocGiv}, @{thm Always_tokens_allocRel_le_rel}] RS
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	906	@{thm Always_weaken}] 1\<close>)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	907	apply auto
64267 b9a1486e79be setsum -> sum nipkow parents: 63146 diff changeset	908	apply (rule sum_fun_mono [THEN order_trans])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	909	apply (drule_tac [2] order_trans)
64267 b9a1486e79be setsum -> sum nipkow parents: 63146 diff changeset	910	apply (rule_tac [2] add_le_mono [OF order_refl sum_fun_mono])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	911	prefer 3 apply assumption
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	912	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	913	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	914
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	915	subsection \<open>Proof of the progress property (2)\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	916
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	917	text\<open>progress (2), step 1 is \<open>System_Follows_ask\<close> and
f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	918	\<open>System_Follows_rel\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	919
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	920	text\<open>progress (2), step 2; see also \<open>System_Increasing_allocRel\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	921	(* i < Nclients ==> System : Increasing (sub i o allocAsk) *)
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45600 diff changeset	922	lemmas System_Increasing_allocAsk = System_Follows_ask [THEN Follows_Increasing1]
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	923
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	924	text\<open>progress (2), step 3: lifting \<open>Client_Bounded\<close> to systemState\<close>
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	925	lemma rename_Client_Bounded: "i \<in> I
ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	926	==> rename sysOfClient (plam x: I. rename client_map Client) \<in>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	927	UNIV guarantees
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	928	Always {s. \<forall>elt \<in> set ((ask o sub i o client) s). elt \<le> NbT}"
69768 7e4966eaf781 proper congruence rule for image operator haftmann parents: 69597 diff changeset	929	using image_cong_simp [cong del] by rename_client_map
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	930
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	931	lemma System_Bounded_ask: "i < Nclients
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	932	==> System \<in> Always
ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	933	{s. \<forall>elt \<in> set ((ask o sub i o client) s). elt \<le> NbT}"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	934	apply (rule component_guaranteesD [OF rename_Client_Bounded Client_component_System])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	935	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	936	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	937
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	938	lemma Collect_all_imp_eq: "{x. \<forall>y. P y \<longrightarrow> Q x y} = (INT y: {y. P y}. {x. Q x y})"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	939	apply blast
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	940	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	941
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	942	text\<open>progress (2), step 4\<close>
67717 5a1b299fe4af more symbols; wenzelm parents: 67613 diff changeset	943	lemma System_Bounded_allocAsk: "System \<in> Always {s. \<forall>i<Nclients.
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	944	\<forall>elt \<in> set ((sub i o allocAsk) s). elt \<le> NbT}"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	945	apply (auto simp add: Collect_all_imp_eq)
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69325 diff changeset	946	apply (tactic \<open>resolve_tac \<^context> [Always_Int_rule [@{thm Always_allocAsk_le_ask},
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	947	@{thm System_Bounded_ask}] RS @{thm Always_weaken}] 1\<close>)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	948	apply (auto dest: set_mono)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	949	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	950
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	951	text\<open>progress (2), step 5 is \<open>System_Increasing_allocGiv\<close>\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	952
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	953	text\<open>progress (2), step 6\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	954	(* i < Nclients ==> System : Increasing (giv o sub i o client) *)
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45600 diff changeset	955	lemmas System_Increasing_giv = System_Follows_allocGiv [THEN Follows_Increasing1]
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	956
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	957
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	958	lemma rename_Client_Progress: "i \<in> I
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	959	==> rename sysOfClient (plam x: I. rename client_map Client)
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	960	\<in> Increasing (giv o sub i o client)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	961	guarantees
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	962	(INT h. {s. h \<le> (giv o sub i o client) s &
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	963	h pfixGe (ask o sub i o client) s}
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	964	LeadsTo {s. tokens h \<le> (tokens o rel o sub i o client) s})"
69813 9d94a6c95113 more idiomatic style for local declarations in apply scripts haftmann parents: 69768 diff changeset	965	supply image_cong_simp [cong del]
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	966	apply rename_client_map
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	967	apply (simp add: Client_Progress [simplified o_def])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	968	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	969
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	970
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	971	text\<open>progress (2), step 7\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	972	lemma System_Client_Progress:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	973	"System \<in> (INT i : (lessThan Nclients).
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	974	INT h. {s. h \<le> (giv o sub i o client) s &
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	975	h pfixGe (ask o sub i o client) s}
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	976	LeadsTo {s. tokens h \<le> (tokens o rel o sub i o client) s})"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	977	apply (rule INT_I)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	978	(Couldn't have just used Auto_tac since the "INT h" must be kept)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	979	apply (rule component_guaranteesD [OF rename_Client_Progress Client_component_System])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	980	apply (auto simp add: System_Increasing_giv)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	981	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	982
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	983	(*Concludes
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	984	System : {s. k \<le> (sub i o allocGiv) s}
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	985	LeadsTo
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	986	{s. (sub i o allocAsk) s \<le> (ask o sub i o client) s} Int
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	987	{s. k \<le> (giv o sub i o client) s} *)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	988
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	989	lemmas System_lemma1 =
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	990	Always_LeadsToD [OF System_Follows_ask [THEN Follows_Bounded]
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	991	System_Follows_allocGiv [THEN Follows_LeadsTo]]
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	992
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	993	lemmas System_lemma2 =
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	994	PSP_Stable [OF System_lemma1
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	995	System_Follows_ask [THEN Follows_Increasing1, THEN IncreasingD]]
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	996
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	997
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	998	lemma System_lemma3: "i < Nclients
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	999	==> System \<in> {s. h \<le> (sub i o allocGiv) s &
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1000	h pfixGe (sub i o allocAsk) s}
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1001	LeadsTo
edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1002	{s. h \<le> (giv o sub i o client) s &
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1003	h pfixGe (ask o sub i o client) s}"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1004	apply (rule single_LeadsTo_I)
45600 1bbbac9a0cb0 'lemmas' / 'theorems' commands allow 'for' fixes and standardize the result before storing; wenzelm parents: 44871 diff changeset	1005	apply (rule_tac k1 = h and x1 = "(sub i o allocAsk) s"
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1006	in System_lemma2 [THEN LeadsTo_weaken])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1007	apply auto
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1008	apply (blast intro: trans_Ge [THEN trans_genPrefix, THEN transD] prefix_imp_pfixGe)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1009	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1010
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1011
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	1012	text\<open>progress (2), step 8: Client i's "release" action is visible system-wide\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1013	lemma System_Alloc_Client_Progress: "i < Nclients
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	1014	==> System \<in> {s. h \<le> (sub i o allocGiv) s &
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1015	h pfixGe (sub i o allocAsk) s}
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1016	LeadsTo {s. tokens h \<le> (tokens o sub i o allocRel) s}"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1017	apply (rule LeadsTo_Trans)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1018	prefer 2
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1019	apply (drule System_Follows_rel [THEN
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1020	mono_tokens [THEN mono_Follows_o, THEN [2] rev_subsetD],
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1021	THEN Follows_LeadsTo])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1022	apply (simp add: o_assoc)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1023	apply (rule LeadsTo_Trans)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1024	apply (cut_tac [2] System_Client_Progress)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1025	prefer 2
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1026	apply (blast intro: LeadsTo_Basis)
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1027	apply (erule System_lemma3)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1028	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1029
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	1030	text\<open>Lifting \<open>Alloc_Progress\<close> up to the level of systemState\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1031
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	1032	text\<open>progress (2), step 9\<close>
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1033	lemma System_Alloc_Progress:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	1034	"System \<in> (INT i : (lessThan Nclients).
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1035	INT h. {s. h \<le> (sub i o allocAsk) s}
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1036	LeadsTo {s. h pfixLe (sub i o allocGiv) s})"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1037	apply (simp only: o_apply sub_def)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1038	apply (insert Alloc_Progress [THEN rename_guarantees_sysOfAlloc_I])
32139 e271a64f03ff moved complete_lattice &c. into separate theory haftmann parents: 30549 diff changeset	1039	apply (simp add: o_def del: INT_iff)
62343 24106dc44def prefer abbreviations for compound operators INFIMUM and SUPREMUM haftmann parents: 61954 diff changeset	1040	apply (drule component_guaranteesD)
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1041	apply (auto simp add:
21710 4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1042	System_Increasing_allocRel [simplified sub_apply o_def]
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1043	System_Increasing_allocAsk [simplified sub_apply o_def]
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1044	System_Bounded_allocAsk [simplified sub_apply o_def]
4e4b7c801142 patched up the proofs agsin paulson parents: 21669 diff changeset	1045	System_Alloc_Client_Progress [simplified sub_apply o_def])
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1046	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1047
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	1048	text\<open>progress (2), step 10 (final result!)\<close>
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	1049	lemma System_Progress: "System \<in> system_progress"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1050	apply (unfold system_progress_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1051	apply (cut_tac System_Alloc_Progress)
62343 24106dc44def prefer abbreviations for compound operators INFIMUM and SUPREMUM haftmann parents: 61954 diff changeset	1052	apply auto
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1053	apply (blast intro: LeadsTo_Trans
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1054	System_Follows_allocGiv [THEN Follows_LeadsTo_pfixLe]
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1055	System_Follows_ask [THEN Follows_LeadsTo])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1056	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1057
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1058
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	1059	theorem System_correct: "System \<in> system_spec"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1060	apply (unfold system_spec_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1061	apply (blast intro: System_safety System_Progress)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1062	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1063
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1064
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	1065	text\<open>Some obsolete lemmas\<close>
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1066
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1067	lemma non_dummy_eq_o_funPair: "non_dummy = (% (g,a,r). (\| giv = g, ask = a, rel = r \|)) o
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1068	(funPair giv (funPair ask rel))"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1069	apply (rule ext)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1070	apply (auto simp add: o_def non_dummy_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1071	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1072
24147 edc90be09ac1 misc cleanup of ML bindings (for multihreading); wenzelm parents: 21710 diff changeset	1073	lemma preserves_non_dummy_eq: "(preserves non_dummy) =
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1074	(preserves rel Int preserves ask Int preserves giv)"
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1075	apply (simp add: non_dummy_eq_o_funPair)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1076	apply auto
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1077	apply (drule_tac w1 = rel in subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1078	apply (drule_tac [2] w1 = ask in subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1079	apply (drule_tac [3] w1 = giv in subset_preserves_o [THEN [2] rev_subsetD])
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1080	apply (auto simp add: o_def)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1081	done
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1082
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	1083	text\<open>Could go to Extend.ML\<close>
67613 ce654b0e6d69 more symbols; wenzelm parents: 67445 diff changeset	1084	lemma bij_fst_inv_inv_eq: "bij f \<Longrightarrow> fst (inv (%(x, u). inv f x) z) = f z"
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1085	apply (rule fst_inv_equalityI)
59807 22bc39064290 prefer local fixes; wenzelm parents: 58963 diff changeset	1086	apply (rule_tac f = "%z. (f z, h z)" for h in surjI)
21632 e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1087	apply (simp add: bij_is_inj inv_f_f)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1088	apply (simp add: bij_is_surj surj_f_inv_f)
e7c1f1a77d18 converted legacy ML script; wenzelm parents: 17310 diff changeset	1089	done
11194 ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	1090
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp paulson parents: diff changeset	1091	end

author	haftmann
	Fri, 15 Feb 2019 07:11:09 +0000
changeset 69813	9d94a6c95113
parent 69768	7e4966eaf781
permissions	-rw-r--r--