isabelle: src/HOL/TLA/Inc/Inc.ML@a901bafe4578 (annotated)

3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1	(*
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	2	File: TLA/ex/inc/Inc.ML
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	3	Author: Stephan Merz
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	4	Copyright: 1997 University of Munich
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	5
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	6	Proofs for the "increment" example from SRC79.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	7	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	8
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	9	val PsiInv_defs = [PsiInv_def,PsiInv1_def,PsiInv2_def,PsiInv3_def];
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	10	val Psi_defs = [Psi_def,InitPsi_def,N1_def,N2_def,alpha1_def,alpha2_def,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	11	beta1_def,beta2_def,gamma1_def,gamma2_def];
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	12
4089 96fba19bcbe2 isatool fixclasimp; wenzelm parents: 3807 diff changeset	13	val Inc_css = (claset(), simpset());
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	14
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	15	(* Invariant proof for Psi: "manual" proof proves individual lemmas *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	16
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	17	qed_goal "PsiInv_Init" Inc.thy "\|- InitPsi --> PsiInv"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	18	(fn _ => [ auto_tac (Inc_css addsimps2 InitPsi_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	19
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	20	qed_goal "PsiInv_alpha1" Inc.thy "\|- alpha1 & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	21	(fn _ => [ auto_tac (Inc_css addsimps2 alpha1_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	22
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	23	qed_goal "PsiInv_alpha2" Inc.thy "\|- alpha2 & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	24	(fn _ => [ auto_tac (Inc_css addsimps2 alpha2_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	25
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	26	qed_goal "PsiInv_beta1" Inc.thy "\|- beta1 & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	27	(fn _ => [ auto_tac (Inc_css addsimps2 beta1_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	28
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	29	qed_goal "PsiInv_beta2" Inc.thy "\|- beta2 & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	30	(fn _ => [ auto_tac (Inc_css addsimps2 beta2_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	31
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	32	qed_goal "PsiInv_gamma1" Inc.thy "\|- gamma1 & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	33	(fn _ => [ auto_tac (Inc_css addsimps2 gamma1_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	34
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	35	qed_goal "PsiInv_gamma2" Inc.thy "\|- gamma2 & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	36	(fn _ => [ auto_tac (Inc_css addsimps2 gamma2_def::PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	37
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	38	qed_goal "PsiInv_stutter" Inc.thy "\|- unchanged (x,y,sem,pc1,pc2) & $PsiInv --> PsiInv`"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	39	(fn _ => [ auto_tac (Inc_css addsimps2 PsiInv_defs) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	40
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	41	qed_goal "PsiInv" Inc.thy "\|- Psi --> []PsiInv" (K [
5755 22081de41254 corrected auto_tac (applications of unsafe wrappers) oheimb parents: 5525 diff changeset	42	inv_tac (Inc_css addsimps2 [Psi_def]) 1,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	43	force_tac (Inc_css addsimps2 [PsiInv_Init, Init_def]) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	44	auto_tac (Inc_css addIs2
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	45	[PsiInv_alpha1,PsiInv_alpha2,PsiInv_beta1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	46	PsiInv_beta2,PsiInv_gamma1,PsiInv_gamma2,PsiInv_stutter]
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	47	addsimps2 [square_def,N1_def, N2_def]) ]);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	48
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	49	(* Automatic proof works too, but it make take a while on a slow machine.
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	50	More realistic examples require user guidance anyway.
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	51
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	52	Goal "\|- Psi --> []PsiInv";
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	53	by (auto_inv_tac (simpset() addsimps PsiInv_defs @ Psi_defs) 1);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	54
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	55	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	56
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	57	(** Step simulation **)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	58
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	59	qed_goal "Init_sim" Inc.thy "\|- Psi --> Init InitPhi"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	60	(fn _ => [ auto_tac (Inc_css addsimps2 [InitPhi_def,Psi_def,InitPsi_def,Init_def]) ]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	61
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	62	qed_goal "Step_sim" Inc.thy "\|- Psi --> [][M1 \| M2]_(x,y)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	63	(fn _ => [auto_tac (Inc_css addsimps2 [square_def,M1_def,M2_def] @ Psi_defs
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	64	addSEs2 [STL4E])
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	65	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	66
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	67	(** Proof of fairness **)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	68
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	69	(*
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	70	The goal is to prove Fair_M1 far below, which asserts
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	71	\|- Psi --> WF(M1)_(x,y)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	72	(the other fairness condition is symmetrical).
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	73
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	74	The strategy is to use WF2 (with beta1 as the helpful action). Proving its
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	75	temporal premise needs two auxiliary lemmas:
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	76	1. Stuck_at_b: control can only proceed at pc1 = b by executing beta1
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	77	2. N1_live: the first component will eventually reach b
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	78
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	79	Lemma 1 is easy, lemma 2 relies on the invariant, the strong fairness
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	80	of the semaphore, and needs auxiliary lemmas that ensure that the second
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	81	component will eventually release the semaphore. Most of the proofs of
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	82	the auxiliary lemmas are very similar.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	83	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	84
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	85	qed_goal "Stuck_at_b" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	86	"\|- [][(N1 \| N2) & ~ beta1]_(x,y,sem,pc1,pc2) --> stable(pc1 = #b)"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	87	(fn _ => [ auto_tac (Inc_css addSEs2 [Stable,squareE] addsimps2 Psi_defs) ]);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	88
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	89	qed_goal "N1_enabled_at_g" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	90	"\|- pc1 = #g --> Enabled (<N1>_(x,y,sem,pc1,pc2))"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	91	(fn _ => [Clarsimp_tac 1,
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	92	res_inst_tac [("F","gamma1")] enabled_mono 1,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	93	enabled_tac Inc_base 1,
7881 1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	94	force_tac (Inc_css addsimps2 [gamma1_def]) 1,
1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	95	force_tac (Inc_css addsimps2 [angle_def,gamma1_def,N1_def]) 1
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	96	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	97
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	98	qed_goal "g1_leadsto_a1" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	99	"\|- [][(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N1)_(x,y,sem,pc1,pc2) & []#True \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	100	\ --> (pc1 = #g ~> pc1 = #a)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	101	(fn _ => [rtac SF1 1,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	102	action_simp_tac (simpset() addsimps Psi_defs) [] [squareE] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	103	action_simp_tac (simpset() addsimps angle_def::Psi_defs) [] [] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	104	(* reduce \|- []A --> <>Enabled B to \|- A --> Enabled B *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	105	auto_tac (Inc_css addSIs2 [InitDmd_gen, N1_enabled_at_g]
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	106	addSDs2 [STL2_gen]
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	107	addsimps2 [Init_def])
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	108	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	109
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	110	(* symmetrical for N2, and similar for beta2 *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	111	qed_goal "N2_enabled_at_g" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	112	"\|- pc2 = #g --> Enabled (<N2>_(x,y,sem,pc1,pc2))"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	113	(fn _ => [Clarsimp_tac 1,
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	114	res_inst_tac [("F","gamma2")] enabled_mono 1,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	115	enabled_tac Inc_base 1,
7881 1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	116	force_tac (Inc_css addsimps2 [gamma2_def]) 1,
1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	117	force_tac (Inc_css addsimps2 [angle_def,gamma2_def,N2_def]) 1
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	118	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	119
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	120	qed_goal "g2_leadsto_a2" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	121	"\|- [][(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & []#True \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	122	\ --> (pc2 = #g ~> pc2 = #a)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	123	(fn _ => [rtac SF1 1,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	124	action_simp_tac (simpset() addsimps Psi_defs) [] [squareE] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	125	action_simp_tac (simpset() addsimps angle_def::Psi_defs) [] [] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	126	auto_tac (Inc_css addSIs2 [InitDmd_gen, N2_enabled_at_g]
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	127	addSDs2 [STL2_gen]
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	128	addsimps2 [Init_def])
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	129	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	130
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	131	qed_goal "N2_enabled_at_b" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	132	"\|- pc2 = #b --> Enabled (<N2>_(x,y,sem,pc1,pc2))"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	133	(fn _ => [Clarsimp_tac 1,
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	134	res_inst_tac [("F","beta2")] enabled_mono 1,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	135	enabled_tac Inc_base 1,
7881 1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	136	force_tac (Inc_css addsimps2 [beta2_def]) 1,
1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	137	force_tac (Inc_css addsimps2 [angle_def,beta2_def,N2_def]) 1
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	138	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	139
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	140	qed_goal "b2_leadsto_g2" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	141	"\|- [][(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & []#True \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	142	\ --> (pc2 = #b ~> pc2 = #g)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	143	(fn _ => [rtac SF1 1,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	144	action_simp_tac (simpset() addsimps Psi_defs) [] [squareE] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	145	action_simp_tac (simpset() addsimps angle_def::Psi_defs) [] [] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	146	auto_tac (Inc_css addSIs2 [InitDmd_gen, N2_enabled_at_b]
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	147	addSDs2 [STL2_gen]
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	148	addsimps2 [Init_def])
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	149	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	150
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	151	(* Combine above lemmas: the second component will eventually reach pc2 = a *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	152	qed_goal "N2_leadsto_a" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	153	"\|- [][(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & []#True \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	154	\ --> (pc2 = #a \| pc2 = #b \| pc2 = #g ~> pc2 = #a)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	155	(fn _ => [auto_tac (Inc_css addSIs2 [LatticeDisjunctionIntro]),
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	156	rtac (temp_use LatticeReflexivity) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	157	rtac (temp_use LatticeTransitivity) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	158	auto_tac (Inc_css addSIs2 [b2_leadsto_g2,g2_leadsto_a2])
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	159	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	160
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	161	(* Get rid of complete disjunction on the left-hand side of ~> above. *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	162	qed_goal "N2_live" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	163	"\|- [][(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	164	\ --> <>(pc2 = #a)"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	165	(fn _ => [auto_tac (Inc_css addsimps2 Init_defs
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	166	addSIs2 [(temp_use N2_leadsto_a)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	167	RSN(2, (temp_use leadsto_init))]),
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	168	exhaust_tac "pc2 (st1 sigma)" 1,
4477 b3e5857d8d99 New Auto_tac (by Oheimb), and new syntax (without parens), and expandshort paulson parents: 4089 diff changeset	169	Auto_tac
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	170	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	171
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	172	(* Now prove that the first component will eventually reach pc1 = b from pc1 = a *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	173
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	174	qed_goal "N1_enabled_at_both_a" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	175	"\|- pc2 = #a & (PsiInv & pc1 = #a) --> Enabled (<N1>_(x,y,sem,pc1,pc2))"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	176	(fn _ => [Clarsimp_tac 1,
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	177	res_inst_tac [("F","alpha1")] enabled_mono 1,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	178	enabled_tac Inc_base 1,
7881 1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	179	force_tac (Inc_css addsimps2 (alpha1_def::PsiInv_defs)) 1,
1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	180	force_tac (Inc_css addsimps2 [angle_def,alpha1_def,N1_def]) 1
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	181	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	182
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	183	qed_goal "a1_leadsto_b1" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	184	"\|- []($PsiInv & [(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2)) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	185	\ & SF(N1)_(x,y,sem,pc1,pc2) & [] SF(N2)_(x,y,sem,pc1,pc2) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	186	\ --> (pc1 = #a ~> pc1 = #b)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	187	(fn _ => [rtac SF1 1,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	188	action_simp_tac (simpset() addsimps Psi_defs) [] [squareE] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	189	action_simp_tac (simpset() addsimps angle_def::Psi_defs) [] [] 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	190	clarsimp_tac (Inc_css addSIs2 [N1_enabled_at_both_a RS (temp_use DmdImpl)]) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	191	auto_tac (Inc_css addSIs2 [BoxDmd2_simple, N2_live]
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	192	addsimps2 split_box_conj::more_temp_simps)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	193	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	194
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	195	(* Combine the leadsto properties for N1: it will arrive at pc1 = b *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	196
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	197	qed_goal "N1_leadsto_b" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	198	"\|- []($PsiInv & [(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2)) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	199	\ & SF(N1)_(x,y,sem,pc1,pc2) & [] SF(N2)_(x,y,sem,pc1,pc2) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	200	\ --> (pc1 = #b \| pc1 = #g \| pc1 = #a ~> pc1 = #b)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	201	(fn _ => [auto_tac (Inc_css addSIs2 [LatticeDisjunctionIntro]),
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	202	rtac (temp_use LatticeReflexivity) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	203	rtac (temp_use LatticeTransitivity) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	204	auto_tac (Inc_css addSIs2 [a1_leadsto_b1,g1_leadsto_a1]
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	205	addsimps2 [split_box_conj])
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	206	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	207
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	208	qed_goal "N1_live" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	209	"\|- []($PsiInv & [(N1 \| N2) & ~beta1]_(x,y,sem,pc1,pc2)) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	210	\ & SF(N1)_(x,y,sem,pc1,pc2) & [] SF(N2)_(x,y,sem,pc1,pc2) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	211	\ --> <>(pc1 = #b)"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	212	(fn _ => [auto_tac (Inc_css addsimps2 Init_defs
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	213	addSIs2 [(temp_use N1_leadsto_b)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	214	RSN(2, temp_use leadsto_init)]),
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	215	exhaust_tac "pc1 (st1 sigma)" 1,
4477 b3e5857d8d99 New Auto_tac (by Oheimb), and new syntax (without parens), and expandshort paulson parents: 4089 diff changeset	216	Auto_tac
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	217	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	218
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	219	qed_goal "N1_enabled_at_b" Inc.thy
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	220	"\|- pc1 = #b --> Enabled (<N1>_(x,y,sem,pc1,pc2))"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	221	(fn _ => [Clarsimp_tac 1,
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	222	res_inst_tac [("F","beta1")] enabled_mono 1,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	223	enabled_tac Inc_base 1,
7881 1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	224	force_tac (Inc_css addsimps2 [beta1_def]) 1,
1b1db39a110b update by Stephan Merz; wenzelm parents: 6255 diff changeset	225	force_tac (Inc_css addsimps2 [angle_def,beta1_def,N1_def]) 1
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	226	]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	227
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	228	(* Now assemble the bits and pieces to prove that Psi is fair. *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	229
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	230	qed_goal "Fair_M1_lemma" Inc.thy
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	231	"\|- []($PsiInv & [(N1 \| N2)]_(x,y,sem,pc1,pc2)) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	232	\ & SF(N1)_(x,y,sem,pc1,pc2) & []SF(N2)_(x,y,sem,pc1,pc2) \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	233	\ --> SF(M1)_(x,y)"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	234	(fn _ => [ res_inst_tac [("B","beta1"),("P","PRED pc1 = #b")] SF2 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	235	(* action premises *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	236	force_tac (Inc_css addsimps2 [angle_def,M1_def,beta1_def]) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	237	force_tac (Inc_css addsimps2 angle_def::Psi_defs) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	238	force_tac (Inc_css addSEs2 [N1_enabled_at_b]) 1,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	239	(* temporal premise: use previous lemmas and simple TL *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	240	force_tac (Inc_css addSIs2 [DmdStable, N1_live,Stuck_at_b]
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	241	addEs2 [STL4E] addsimps2 [square_def]) 1
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	242	]);
5525 896f8234b864 improved addbefore and addSbefore oheimb parents: 5176 diff changeset	243
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	244	qed_goal "Fair_M1" Inc.thy "\|- Psi --> WF(M1)_(x,y)"
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	245	(fn _ => [auto_tac (Inc_css addSIs2 [SFImplWF, Fair_M1_lemma, PsiInv]
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	246	addsimps2 [Psi_def,split_box_conj]@more_temp_simps)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	247	]);

author	wenzelm
	Mon, 29 Nov 1999 15:52:49 +0100
changeset 8039	a901bafe4578
parent 7881	1b1db39a110b
child 8423	3c19160b6432
permissions	-rw-r--r--