isabelle: src/HOL/TLA/TLA.ML@b3e7da94b51f (annotated)

17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1	(*
c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	2	File: TLA/TLA.ML
c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	3	ID: $Id$
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	4	Author: Stephan Merz
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	5	Copyright: 1998 University of Munich
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	6
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	7	Lemmas and tactics for temporal reasoning.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	8	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	9
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	10	(* Specialize intensional introduction/elimination rules for temporal formulas *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	11
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	12	val [prem] = goal (the_context ()) "(!!sigma. sigma \|= (F::temporal)) ==> \|- F";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	13	by (REPEAT (resolve_tac [prem,intI] 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	14	qed "tempI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	15
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	16	val [prem] = goal (the_context ()) "\|- (F::temporal) ==> sigma \|= F";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	17	by (rtac (prem RS intD) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	18	qed "tempD";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	19
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	20
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	21	(* ======== Functions to "unlift" temporal theorems ====== *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	22
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	23	(* The following functions are specialized versions of the corresponding
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	24	functions defined in Intensional.ML in that they introduce a
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	25	"world" parameter of type "behavior".
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	26	*)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	27	fun temp_unlift th =
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	28	(rewrite_rule action_rews (th RS tempD))
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	29	handle _ => action_unlift th;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	30
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	31	(* Turn \|- F = G into meta-level rewrite rule F == G *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	32	val temp_rewrite = int_rewrite;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	33
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	34	fun temp_use th =
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	35	case (concl_of th) of
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	36	Const _ $ (Const ("Intensional.Valid", _) $ _) =>
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	37	((flatten (temp_unlift th)) handle _ => th)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	38	\| _ => th;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	39
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	40	(* Update classical reasoner---will be updated once more below! *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	41
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	42	AddSIs [tempI];
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	43	AddDs [tempD];
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	44
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	45	val temp_css = (claset(), simpset());
4651 70dd492a1698 changed wrapper mechanism of classical reasoner oheimb parents: 4477 diff changeset	46	val temp_cs = op addss temp_css;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	47
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	48	(* Modify the functions that add rules to simpsets, classical sets,
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	49	and clasimpsets in order to accept "lifted" theorems
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	50	*)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	51
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	52	local
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	53	fun try_rewrite th =
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	54	(temp_rewrite th) handle _ => temp_use th
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	55	in
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	56	val op addsimps = fn (ss, ts) => ss addsimps (map try_rewrite ts)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	57	val op addsimps2 = fn (css, ts) => css addsimps2 (map try_rewrite ts)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	58	end;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	59
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	60	val op addSIs = fn (cs, ts) => cs addSIs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	61	val op addSEs = fn (cs, ts) => cs addSEs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	62	val op addSDs = fn (cs, ts) => cs addSDs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	63	val op addIs = fn (cs, ts) => cs addIs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	64	val op addEs = fn (cs, ts) => cs addEs (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	65	val op addDs = fn (cs, ts) => cs addDs (map temp_use ts);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	66
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	67	val op addSIs2 = fn (css, ts) => css addSIs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	68	val op addSEs2 = fn (css, ts) => css addSEs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	69	val op addSDs2 = fn (css, ts) => css addSDs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	70	val op addIs2 = fn (css, ts) => css addIs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	71	val op addEs2 = fn (css, ts) => css addEs2 (map temp_use ts);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	72	val op addDs2 = fn (css, ts) => css addDs2 (map temp_use ts);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	73
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	74
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	75	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	76	(* "Simple temporal logic": only [] and <> *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	77	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	78	section "Simple temporal logic";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	79
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	80	(* []~F == []~Init F *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	81	bind_thm("boxNotInit",
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	82	rewrite_rule Init_simps (read_instantiate [("F", "LIFT ~F")] boxInit));
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	83
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	84	Goalw [dmd_def] "TEMP <>F == TEMP <> Init F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	85	by (rewtac (read_instantiate [("F", "LIFT ~F")] boxInit));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	86	by (simp_tac (simpset() addsimps Init_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	87	qed "dmdInit";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	88
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	89	bind_thm("dmdNotInit",
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	90	rewrite_rule Init_simps (read_instantiate [("F", "LIFT ~F")] dmdInit));
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	91
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	92	(* boxInit and dmdInit cannot be used as rewrites, because they loop.
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	93	Non-looping instances for state predicates and actions are occasionally useful.
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	94	*)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	95	bind_thm("boxInit_stp", read_instantiate [("'a","state")] boxInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	96	bind_thm("boxInit_act", read_instantiate [("'a","state * state")] boxInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	97	bind_thm("dmdInit_stp", read_instantiate [("'a","state")] dmdInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	98	bind_thm("dmdInit_act", read_instantiate [("'a","state * state")] dmdInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	99
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	100	(* The symmetric equations can be used to get rid of Init *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	101	bind_thm("boxInitD", symmetric boxInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	102	bind_thm("dmdInitD", symmetric dmdInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	103	bind_thm("boxNotInitD", symmetric boxNotInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	104	bind_thm("dmdNotInitD", symmetric dmdNotInit);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	105
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	106	val Init_simps = Init_simps @ [boxInitD, dmdInitD, boxNotInitD, dmdNotInitD];
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	107
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	108	(* ------------------------ STL2 ------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	109	bind_thm("STL2", reflT);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	110
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	111	(* The "polymorphic" (generic) variant *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	112	Goal "\|- []F --> Init F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	113	by (rewtac (read_instantiate [("F", "F")] boxInit));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	114	by (rtac STL2 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	115	qed "STL2_gen";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	116
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	117	(* see also STL2_pr below: "\|- []P --> Init P & Init (P`)" *)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	118
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	119
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	120	(* Dual versions for <> *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	121	Goalw [dmd_def] "\|- F --> <> F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	122	by (auto_tac (temp_css addSDs2 [STL2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	123	qed "InitDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	124
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	125	Goal "\|- Init F --> <>F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	126	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	127	by (dtac (temp_use InitDmd) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	128	by (asm_full_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	129	qed "InitDmd_gen";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	130
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	131
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	132	(* ------------------------ STL3 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	133	Goal "\|- ([][]F) = ([]F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	134	by (force_tac (temp_css addEs2 [transT,STL2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	135	qed "STL3";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	136
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	137	(* corresponding elimination rule introduces double boxes:
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	138	[\| (sigma \|= []F); (sigma \|= [][]F) ==> PROP W \|] ==> PROP W
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	139	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	140	bind_thm("dup_boxE", make_elim((temp_unlift STL3) RS iffD2));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	141	bind_thm("dup_boxD", (temp_unlift STL3) RS iffD1);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	142
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	143	(* dual versions for <> *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	144	Goal "\|- (<><>F) = (<>F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	145	by (auto_tac (temp_css addsimps2 [dmd_def,STL3]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	146	qed "DmdDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	147	bind_thm("dup_dmdE", make_elim((temp_unlift DmdDmd) RS iffD2));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	148	bind_thm("dup_dmdD", (temp_unlift DmdDmd) RS iffD1);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	149
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	150
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	151	(* ------------------------ STL4 ------------------------------------------- *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	152	val [prem] = goal (the_context ()) "\|- F --> G ==> \|- []F --> []G";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	153	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	154	by (rtac (temp_use normalT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	155	by (rtac (temp_use (prem RS necT)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	156	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	157	qed "STL4";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	158
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	159	(* Unlifted version as an elimination rule *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	160	val prems = goal (the_context ()) "[\| sigma \|= []F; \|- F --> G \|] ==> sigma \|= []G";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	161	by (REPEAT (resolve_tac (prems @ [temp_use STL4]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	162	qed "STL4E";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	163
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	164	val [prem] = goal (the_context ()) "\|- Init F --> Init G ==> \|- []F --> []G";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	165	by (rtac (rewrite_rule [boxInitD] (prem RS STL4)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	166	qed "STL4_gen";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	167
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	168	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	169	"[\| sigma \|= []F; \|- Init F --> Init G \|] ==> sigma \|= []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	170	by (REPEAT (resolve_tac (prems @ [temp_use STL4_gen]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	171	qed "STL4E_gen";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	172
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	173	(* see also STL4Edup below, which allows an auxiliary boxed formula:
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	174	[]A /\ F => G
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	175	-----------------
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	176	[]A /\ []F => []G
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	177	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	178
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	179	(* The dual versions for <> *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	180	val [prem] = goalw (the_context ()) [dmd_def]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	181	"\|- F --> G ==> \|- <>F --> <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	182	by (fast_tac (temp_cs addSIs [prem] addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	183	qed "DmdImpl";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	184
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	185	val prems = goal (the_context ()) "[\| sigma \|= <>F; \|- F --> G \|] ==> sigma \|= <>G";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	186	by (REPEAT (resolve_tac (prems @ [temp_use DmdImpl]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	187	qed "DmdImplE";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	188
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	189
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	190	(* ------------------------ STL5 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	191	Goal "\|- ([]F & []G) = ([](F & G))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	192	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	193	by (subgoal_tac "sigma \|= [](G --> (F & G))" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	194	by (etac (temp_use normalT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	195	by (ALLGOALS (fast_tac (temp_cs addSEs [STL4E])));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	196	qed "STL5";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	197
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	198	(* rewrite rule to split conjunctions under boxes *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	199	bind_thm("split_box_conj", (temp_unlift STL5) RS sym);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	200
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	201	(* the corresponding elimination rule allows to combine boxes in the hypotheses
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	202	(NB: F and G must have the same type, i.e., both actions or temporals.)
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	203	Use "addSE2" etc. if you want to add this to a claset, otherwise it will loop!
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	204	*)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	205	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	206	"[\| sigma \|= []F; sigma \|= []G; sigma \|= [](F&G) ==> PROP R \|] ==> PROP R";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	207	by (REPEAT (resolve_tac (prems @ [(temp_unlift STL5) RS iffD1, conjI]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	208	qed "box_conjE";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	209
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	210	(* Instances of box_conjE for state predicates, actions, and temporals
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	211	in case the general rule is "too polymorphic".
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	212	*)
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	213	bind_thm("box_conjE_temp", read_instantiate [("'a","behavior")] box_conjE);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	214	bind_thm("box_conjE_stp", read_instantiate [("'a","state")] box_conjE);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	215	bind_thm("box_conjE_act", read_instantiate [("'a","state * state")] box_conjE);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	216
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	217	(* Define a tactic that tries to merge all boxes in an antecedent. The definition is
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	218	a bit kludgy in order to simulate "double elim-resolution".
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	219	*)
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	220
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	221	Goal "[\| sigma \|= []F; PROP W \|] ==> PROP W";
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	222	by (atac 1);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	223	val box_thin = result();
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	224
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	225	fun merge_box_tac i =
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	226	REPEAT_DETERM (EVERY [etac box_conjE i, atac i, etac box_thin i]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	227
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	228	fun merge_temp_box_tac i =
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	229	REPEAT_DETERM (EVERY [etac box_conjE_temp i, atac i,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	230	eres_inst_tac [("'a","behavior")] box_thin i]);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	231
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	232	fun merge_stp_box_tac i =
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	233	REPEAT_DETERM (EVERY [etac box_conjE_stp i, atac i,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	234	eres_inst_tac [("'a","state")] box_thin i]);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	235
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	236	fun merge_act_box_tac i =
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	237	REPEAT_DETERM (EVERY [etac box_conjE_act i, atac i,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	238	eres_inst_tac [("'a","state * state")] box_thin i]);
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	239
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	240
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	241	(* rewrite rule to push universal quantification through box:
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	242	(sigma \|= [](! x. F x)) = (! x. (sigma \|= []F x))
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	243	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	244	bind_thm("all_box", standard((temp_unlift allT) RS sym));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	245
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	246
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	247	Goal "\|- (<>(F \| G)) = (<>F \| <>G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	248	by (auto_tac (temp_css addsimps2 [dmd_def,split_box_conj]));
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	249	by (ALLGOALS (EVERY' [etac contrapos_np,
c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	250	merge_box_tac,
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	251	fast_tac (temp_cs addSEs [STL4E])]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	252	qed "DmdOr";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	253
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	254	Goal "\|- (EX x. <>(F x)) = (<>(EX x. F x))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	255	by (auto_tac (temp_css addsimps2 [dmd_def,Not_Rex,all_box]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	256	qed "exT";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	257
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	258	bind_thm("ex_dmd", standard((temp_unlift exT) RS sym));
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	259
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	260
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	261	Goal "!!sigma. [\| sigma \|= []A; sigma \|= []F; \|- F & []A --> G \|] ==> sigma \|= []G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	262	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	263	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	264	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	265	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	266	qed "STL4Edup";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	267
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	268	Goalw [dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	269	"!!sigma. [\| sigma \|= <>F; sigma \|= [](F --> G) \|] ==> sigma \|= <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	270	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	271	by (etac notE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	272	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	273	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	274	qed "DmdImpl2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	275
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	276	val [prem1,prem2,prem3] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	277	"[\| sigma \|= []<>F; sigma \|= []G; \|- F & G --> H \|] ==> sigma \|= []<>H";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	278	by (cut_facts_tac [prem1,prem2] 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	279	by (eres_inst_tac [("F","G")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	280	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	281	by (fast_tac (temp_cs addSEs [STL4E,DmdImpl2] addSIs [prem3]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	282	qed "InfImpl";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	283
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	284	(* ------------------------ STL6 ------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	285	(* Used in the proof of STL6, but useful in itself. *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	286	Goalw [dmd_def] "\|- []F & <>G --> <>([]F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	287	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	288	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	289	by (merge_box_tac 1);
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	290	by (etac contrapos_np 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	291	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	292	qed "BoxDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	293
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	294	(* weaker than BoxDmd, but more polymorphic (and often just right) *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	295	Goalw [dmd_def] "\|- []F & <>G --> <>(F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	296	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	297	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	298	by (fast_tac (temp_cs addSEs [notE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	299	qed "BoxDmd_simple";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	300
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	301	Goalw [dmd_def] "\|- []F & <>G --> <>(G & F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	302	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	303	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	304	by (fast_tac (temp_cs addSEs [notE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	305	qed "BoxDmd2_simple";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	306
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	307	val [p1,p2,p3] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	308	"[\| sigma \|= []A; sigma \|= <>F; \|- []A & F --> G \|] ==> sigma \|= <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	309	by (rtac ((p2 RS (p1 RS (temp_use BoxDmd))) RS DmdImplE) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	310	by (rtac p3 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	311	qed "DmdImpldup";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	312
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	313	Goal "\|- <>[]F & <>[]G --> <>[](F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	314	by (auto_tac (temp_css addsimps2 [symmetric (temp_rewrite STL5)]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	315	by (dtac (temp_use linT) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	316	by (atac 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	317	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	318	by (rtac ((temp_unlift DmdDmd) RS iffD1) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	319	by (etac disjE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	320	by (etac DmdImplE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	321	by (rtac BoxDmd 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	322	by (etac DmdImplE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	323	by Auto_tac;
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	324	by (dtac (temp_use BoxDmd) 1);
c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	325	by (atac 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	326	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	327	by (fast_tac (temp_cs addSEs [DmdImplE]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	328	qed "STL6";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	329
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	330
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	331	(* ------------------------ True / False ----------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	332	section "Simplification of constants";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	333
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	334	Goal "\|- ([]#P) = #P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	335	by (rtac tempI 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	336	by (case_tac "P" 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	337	by (auto_tac (temp_css addSIs2 [necT] addDs2 [STL2_gen]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	338	addsimps2 Init_simps));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	339	qed "BoxConst";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	340
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	341	Goalw [dmd_def] "\|- (<>#P) = #P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	342	by (case_tac "P" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	343	by (ALLGOALS (asm_full_simp_tac (simpset() addsimps [BoxConst])));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	344	qed "DmdConst";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	345
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	346	val temp_simps = map temp_rewrite [BoxConst, DmdConst];
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	347
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	348	(* Make these rewrites active by default *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	349	Addsimps temp_simps;
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	350	val temp_css = temp_css addsimps2 temp_simps;
4651 70dd492a1698 changed wrapper mechanism of classical reasoner oheimb parents: 4477 diff changeset	351	val temp_cs = op addss temp_css;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	352
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	353
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	354	(* ------------------------ Further rewrites ----------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	355	section "Further rewrites";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	356
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	357	Goalw [dmd_def] "\|- (~[]F) = (<>~F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	358	by (Simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	359	qed "NotBox";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	360
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	361	Goalw [dmd_def] "\|- (~<>F) = ([]~F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	362	by (Simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	363	qed "NotDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	364
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	365	(* These are not by default included in temp_css, because they could be harmful,
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	366	e.g. []F & ~[]F becomes []F & <>~F !! *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	367	val more_temp_simps = (map temp_rewrite [STL3, DmdDmd, NotBox, NotDmd])
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	368	@ (map (fn th => (temp_unlift th) RS eq_reflection)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	369	[NotBox, NotDmd]);
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	370
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	371	Goal "\|- ([]<>[]F) = (<>[]F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	372	by (auto_tac (temp_css addSDs2 [STL2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	373	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	374	by (subgoal_tac "sigma \|= <>[][]F & <>[]~[]F" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	375	by (etac thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	376	by Auto_tac;
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	377	by (dtac (temp_use STL6) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	378	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	379	by (Asm_full_simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	380	by (ALLGOALS (asm_full_simp_tac (simpset() addsimps more_temp_simps)));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	381	qed "BoxDmdBox";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	382
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	383	Goalw [dmd_def] "\|- (<>[]<>F) = ([]<>F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	384	by (auto_tac (temp_css addsimps2 [rewrite_rule [dmd_def] BoxDmdBox]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	385	qed "DmdBoxDmd";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	386
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	387	val more_temp_simps = more_temp_simps @ (map temp_rewrite [BoxDmdBox, DmdBoxDmd]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	388
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	389
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	390	(* ------------------------ Miscellaneous ----------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	391
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	392	Goal "!!sigma. [\| sigma \|= []F \| []G \|] ==> sigma \|= [](F \| G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	393	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	394	qed "BoxOr";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	395
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	396	(* "persistently implies infinitely often" *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	397	Goal "\|- <>[]F --> []<>F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	398	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	399	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	400	by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	401	by (dtac (temp_use STL6) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	402	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	403	by (Asm_full_simp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	404	qed "DBImplBD";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	405
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	406	Goal "\|- []<>F & <>[]G --> []<>(F & G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	407	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	408	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	409	by (rewrite_goals_tac more_temp_simps);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	410	by (dtac (temp_use STL6) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	411	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	412	by (subgoal_tac "sigma \|= <>[]~F" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	413	by (force_tac (temp_css addsimps2 [dmd_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	414	by (fast_tac (temp_cs addEs [DmdImplE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	415	qed "BoxDmdDmdBox";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	416
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	417
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	418	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	419	(* TLA-specific theorems: primed formulas *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	420	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	421	section "priming";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	422
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	423	(* ------------------------ TLA2 ------------------------------------------- *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	424	Goal "\|- []P --> Init P & Init P`";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	425	by (fast_tac (temp_cs addSIs [primeI, STL2_gen]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	426	qed "STL2_pr";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	427
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	428	(* Auxiliary lemma allows priming of boxed actions *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	429	Goal "\|- []P --> []($P & P$)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	430	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	431	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	432	by (rewtac boxInit_act);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	433	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	434	by (auto_tac (temp_css addsimps2 Init_simps addSDs2 [STL2_pr]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	435	qed "BoxPrime";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	436
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	437	val prems = goal (the_context ()) "\|- $P & P$ --> A ==> \|- []P --> []A";
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	438	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	439	by (dtac (temp_use BoxPrime) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	440	by (auto_tac (temp_css addsimps2 [Init_stp_act_rev]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	441	addSIs2 prems addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	442	qed "TLA2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	443
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	444	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	445	"[\| sigma \|= []P; \|- $P & P$ --> A \|] ==> sigma \|= []A";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	446	by (REPEAT (resolve_tac (prems @ (prems RL [temp_use TLA2])) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	447	qed "TLA2E";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	448
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	449	Goalw [dmd_def] "\|- (<>P`) --> (<>P)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	450	by (fast_tac (temp_cs addSEs [TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	451	qed "DmdPrime";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	452
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	453	bind_thm("PrimeDmd", (temp_use InitDmd_gen) RS (temp_use DmdPrime));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	454
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	455	(* ------------------------ INV1, stable --------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	456	section "stable, invariant";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	457
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	458	val prems = goal (the_context ())
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	459	"[\| sigma \|= []H; sigma \|= Init P; \|- H --> (Init P & ~[]F --> Init(P`) & F) \|] \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	460	\ ==> sigma \|= []F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	461	by (rtac (temp_use indT) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	462	by (REPEAT (resolve_tac (prems @ (prems RL [STL4E])) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	463	qed "ind_rule";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	464
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	465	Goalw [boxInit_act] "\|- ([]$P) = ([]P)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	466	by (simp_tac (simpset() addsimps Init_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	467	qed "box_stp_act";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	468	bind_thm("box_stp_actI", zero_var_indexes ((temp_use box_stp_act) RS iffD2));
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	469	bind_thm("box_stp_actD", zero_var_indexes ((temp_use box_stp_act) RS iffD1));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	470
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	471	val more_temp_simps = (temp_rewrite box_stp_act)::more_temp_simps;
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	472
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	473	Goalw [stable_def,boxInit_stp,boxInit_act]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	474	"\|- (Init P) --> (stable P) --> []P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	475	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	476	by (etac ind_rule 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	477	by (auto_tac (temp_css addsimps2 Init_simps addEs2 [ind_rule]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	478	qed "INV1";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	479
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	480	Goalw [stable_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	481	"!!P. \|- $P & A --> P` ==> \|- []A --> stable P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	482	by (fast_tac (temp_cs addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	483	qed "StableT";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	484
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	485	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	486	"[\| sigma \|= []A; \|- $P & A --> P` \|] ==> sigma \|= stable P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	487	by (REPEAT (resolve_tac (prems @ [temp_use StableT]) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	488	qed "Stable";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	489
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	490	(* Generalization of INV1 *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	491	Goalw [stable_def] "\|- (stable P) --> [](Init P --> []P)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	492	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	493	by (etac dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	494	by (force_tac (temp_css addsimps2 [stable_def] addEs2 [STL4E, INV1]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	495	qed "StableBox";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	496
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	497	Goal "\|- (stable P) & <>P --> <>[]P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	498	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	499	by (rtac DmdImpl2 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	500	by (etac (temp_use StableBox) 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	501	by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	502	qed "DmdStable";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	503
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	504	(* ---------------- (Semi-)automatic invariant tactics ---------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	505
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	506	(* inv_tac reduces goals of the form ... ==> sigma \|= []P *)
5755 22081de41254 corrected auto_tac (applications of unsafe wrappers) oheimb parents: 5525 diff changeset	507	fun inv_tac css = SELECT_GOAL
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	508	(EVERY [auto_tac css,
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	509	TRY (merge_box_tac 1),
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	510	rtac (temp_use INV1) 1, (* fail if the goal is not a box *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	511	TRYALL (etac Stable)]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	512
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	513	(* auto_inv_tac applies inv_tac and then tries to attack the subgoals;
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	514	in simple cases it may be able to handle goals like \|- MyProg --> []Inv.
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	515	In these simple cases the simplifier seems to be more useful than the
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	516	auto-tactic, which applies too much propositional logic and simplifies
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	517	too late.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	518	*)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	519
5755 22081de41254 corrected auto_tac (applications of unsafe wrappers) oheimb parents: 5525 diff changeset	520	fun auto_inv_tac ss = SELECT_GOAL
4089 96fba19bcbe2 isatool fixclasimp; wenzelm parents: 3807 diff changeset	521	((inv_tac (claset(),ss) 1) THEN
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	522	(TRYALL (action_simp_tac (ss addsimps [Init_stp,Init_act]) [] [squareE])));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	523
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	524
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	525	Goalw [dmd_def] "\|- []($P --> P` \| Q`) --> (stable P) \| <>Q";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	526	by (clarsimp_tac (temp_css addSDs2 [BoxPrime]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	527	by (merge_box_tac 1);
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	528	by (etac contrapos_np 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	529	by (fast_tac (temp_cs addSEs [Stable]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	530	qed "unless";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	531
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	532
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	533	(* --------------------- Recursive expansions --------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	534	section "recursive expansions";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	535
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	536	(* Recursive expansions of [] and <> for state predicates *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	537	Goal "\|- ([]P) = (Init P & []P`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	538	by (auto_tac (temp_css addSIs2 [STL2_gen]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	539	by (fast_tac (temp_cs addSEs [TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	540	by (auto_tac (temp_css addsimps2 [stable_def] addSEs2 [INV1,STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	541	qed "BoxRec";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	542
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	543	Goalw [dmd_def, temp_rewrite BoxRec] "\|- (<>P) = (Init P \| <>P`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	544	by (auto_tac (temp_css addsimps2 Init_simps));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	545	qed "DmdRec";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	546
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	547	Goal "!!sigma. [\| sigma \|= <>P; sigma \|= []~P` \|] ==> sigma \|= Init P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	548	by (force_tac (temp_css addsimps2 [DmdRec,dmd_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	549	qed "DmdRec2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	550
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	551	Goal "\|- ([]<>P) = ([]<>P`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	552	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	553	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	554	by (rtac (temp_use DBImplBD) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	555	by (subgoal_tac "sigma \|= <>[]P" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	556	by (fast_tac (temp_cs addSEs [DmdImplE,TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	557	by (subgoal_tac "sigma \|= <>[](<>P & []~P`)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	558	by (force_tac (temp_css addsimps2 [boxInit_stp]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	559	addSEs2 [DmdImplE,STL4E,DmdRec2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	560	by (force_tac (temp_css addSIs2 [STL6] addsimps2 more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	561	by (fast_tac (temp_cs addIs [DmdPrime] addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	562	qed "InfinitePrime";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	563
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	564	val prems = goalw (the_context ()) [temp_rewrite InfinitePrime]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	565	"[\| sigma \|= []N; sigma \|= []<>A; \|- A & N --> P` \|] ==> sigma \|= []<>P";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	566	by (rtac InfImpl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	567	by (REPEAT (resolve_tac prems 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	568	qed "InfiniteEnsures";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	569
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	570	(* ------------------------ fairness ------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	571	section "fairness";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	572
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	573	(* alternative definitions of fairness *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	574	Goalw [WF_def,dmd_def]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	575	"\|- WF(A)_v = ([]<>~Enabled(<A>_v) \| []<><A>_v)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	576	by (fast_tac temp_cs 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	577	qed "WF_alt";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	578
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	579	Goalw [SF_def,dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	580	"\|- SF(A)_v = (<>[]~Enabled(<A>_v) \| []<><A>_v)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	581	by (fast_tac temp_cs 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	582	qed "SF_alt";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	583
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	584	(* theorems to "box" fairness conditions *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	585	Goal "\|- WF(A)_v --> []WF(A)_v";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	586	by (auto_tac (temp_css addsimps2 (WF_alt::more_temp_simps)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	587	addSIs2 [BoxOr]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	588	qed "BoxWFI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	589
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	590	Goal "\|- ([]WF(A)_v) = WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	591	by (fast_tac (temp_cs addSIs [BoxWFI] addSDs [STL2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	592	qed "WF_Box";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	593
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	594	Goal "\|- SF(A)_v --> []SF(A)_v";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	595	by (auto_tac (temp_css addsimps2 (SF_alt::more_temp_simps)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	596	addSIs2 [BoxOr]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	597	qed "BoxSFI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	598
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	599	Goal "\|- ([]SF(A)_v) = SF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	600	by (fast_tac (temp_cs addSIs [BoxSFI] addSDs [STL2]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	601	qed "SF_Box";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	602
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	603	val more_temp_simps = more_temp_simps @ (map temp_rewrite [WF_Box, SF_Box]);
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	604
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	605	Goalw [SF_def,WF_def] "\|- SF(A)_v --> WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	606	by (fast_tac (temp_cs addSDs [DBImplBD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	607	qed "SFImplWF";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	608
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	609	(* A tactic that "boxes" all fairness conditions. Apply more_temp_simps to "unbox". *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	610	val box_fair_tac = SELECT_GOAL (REPEAT (dresolve_tac [BoxWFI,BoxSFI] 1));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	611
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	612
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	613	(* ------------------------------ leads-to ------------------------------ *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	614
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	615	section "~>";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	616
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	617	Goalw [leadsto_def] "\|- (Init F) & (F ~> G) --> <>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	618	by (auto_tac (temp_css addSDs2 [STL2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	619	qed "leadsto_init";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	620
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	621	(* \|- F & (F ~> G) --> <>G *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	622	bind_thm("leadsto_init_temp",
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	623	rewrite_rule Init_simps (read_instantiate [("'a","behavior")] leadsto_init));
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	624
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	625	Goalw [leadsto_def] "\|- ([]<>Init F --> []<>G) = (<>(F ~> G))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	626	by Auto_tac;
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	627	by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	628	by (fast_tac (temp_cs addSEs [DmdImplE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	629	by (fast_tac (temp_cs addSIs [InitDmd] addSEs [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	630	by (subgoal_tac "sigma \|= []<><>G" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	631	by (asm_full_simp_tac (simpset() addsimps more_temp_simps) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	632	by (dtac (temp_use BoxDmdDmdBox) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	633	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	634	by (fast_tac (temp_cs addSEs [DmdImplE,STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	635	qed "streett_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	636
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	637	Goal "\|- []<>F & (F ~> G) --> []<>G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	638	by (Clarsimp_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	639	by (etac ((temp_use InitDmd) RS
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	640	((temp_unlift streett_leadsto) RS iffD2 RS mp)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	641	by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	642	qed "leadsto_infinite";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	643
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	644	(* In particular, strong fairness is a Streett condition. The following
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	645	rules are sometimes easier to use than WF2 or SF2 below.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	646	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	647	Goalw [SF_def] "\|- (Enabled(<A>_v) ~> <A>_v) --> SF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	648	by (clarsimp_tac (temp_css addSEs2 [leadsto_infinite]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	649	qed "leadsto_SF";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	650
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	651	Goal "\|- (Enabled(<A>_v) ~> <A>_v) --> WF(A)_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	652	by (clarsimp_tac (temp_css addSIs2 [SFImplWF, leadsto_SF]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	653	qed "leadsto_WF";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	654
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	655	(* introduce an invariant into the proof of a leadsto assertion.
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	656	[]I --> ((P ~> Q) = (P /\ I ~> Q))
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	657	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	658	Goalw [leadsto_def] "\|- []I & (P & I ~> Q) --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	659	by (Clarsimp_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	660	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	661	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	662	by (auto_tac (temp_css addsimps2 Init_simps addSDs2 [STL2_gen]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	663	qed "INV_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	664
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	665	Goalw [leadsto_def,dmd_def]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	666	"\|- (Init F & []~G ~> G) --> (F ~> G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	667	by (force_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	668	qed "leadsto_classical";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	669
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	670	Goalw [leadsto_def] "\|- (F ~> #False) = ([]~F)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	671	by (simp_tac (simpset() addsimps [boxNotInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	672	qed "leadsto_false";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	673
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	674	Goalw [leadsto_def] "\|- ((EX x. F x) ~> G) = (ALL x. (F x ~> G))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	675	by (auto_tac (temp_css addsimps2 allT::Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	676	qed "leadsto_exists";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	677
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	678	(* basic leadsto properties, cf. Unity *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	679
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	680	Goalw [leadsto_def] "\|- [](Init F --> Init G) --> (F ~> G)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	681	by (auto_tac (temp_css addSIs2 [InitDmd_gen] addSEs2 [STL4E_gen]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	682	addsimps2 Init_simps));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	683	qed "ImplLeadsto_gen";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	684
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	685	bind_thm("ImplLeadsto",
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	686	rewrite_rule Init_simps
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	687	(read_instantiate [("'a","behavior"), ("'b","behavior")] ImplLeadsto_gen));
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	688
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	689	Goal "!!F G. \|- F --> G ==> \|- F ~> G";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	690	by (auto_tac (temp_css addsimps2 [Init_def]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	691	addSIs2 [ImplLeadsto_gen,necT]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	692	qed "ImplLeadsto_simple";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	693
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	694	val [prem] = goalw (the_context ()) [leadsto_def]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	695	"\|- A & $P --> Q` ==> \|- []A --> (P ~> Q)";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	696	by (clarsimp_tac (temp_css addSEs2 [INV_leadsto]) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	697	by (etac STL4E_gen 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	698	by (auto_tac (temp_css addsimps2 Init_defs addSIs2 [PrimeDmd,prem]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	699	qed "EnsuresLeadsto";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	700
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	701	Goalw [leadsto_def] "\|- []($P --> Q`) --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	702	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	703	by (etac STL4E_gen 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	704	by (auto_tac (temp_css addsimps2 Init_simps addSIs2 [PrimeDmd]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	705	qed "EnsuresLeadsto2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	706
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	707	val [p1,p2] = goalw (the_context ()) [leadsto_def]
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	708	"[\| \|- $P & N --> P` \| Q`; \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	709	\ \|- ($P & N) & A --> Q` \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	710	\ \|] ==> \|- []N & []([]P --> <>A) --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	711	by (Clarsimp_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	712	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	713	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	714	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	715	by (subgoal_tac "sigmaa \|= []($P --> P` \| Q`)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	716	by (dtac (temp_use unless) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	717	by (clarsimp_tac (temp_css addSDs2 [INV1]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	718	by (rtac ((temp_use (p2 RS DmdImpl)) RS (temp_use DmdPrime)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	719	by (force_tac (temp_css addSIs2 [BoxDmd_simple]
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	720	addsimps2 [split_box_conj,box_stp_act]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	721	by (force_tac (temp_css addEs2 [STL4E] addDs2 [p1]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	722	qed "ensures";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	723
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	724	val prems = goal (the_context ())
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	725	"[\| \|- $P & N --> P` \| Q`; \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	726	\ \|- ($P & N) & A --> Q` \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	727	\ \|] ==> \|- []N & []<>A --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	728	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	729	by (rtac (temp_use ensures) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	730	by (TRYALL (ares_tac prems));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	731	by (force_tac (temp_css addSEs2 [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	732	qed "ensures_simple";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	733
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	734	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	735	"[\| sigma \|= []<>P; sigma \|= []A; \|- A & $P --> Q` \|] ==> sigma \|= []<>Q";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	736	by (REPEAT (resolve_tac (prems @
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	737	(map temp_use [leadsto_infinite, EnsuresLeadsto])) 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	738	qed "EnsuresInfinite";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	739
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	740
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	741	(* Gronning's lattice rules (taken from TLP) *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	742	section "Lattice rules";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	743
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	744	Goalw [leadsto_def] "\|- F ~> F";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	745	by (REPEAT (resolve_tac [necT,InitDmd_gen] 1));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	746	qed "LatticeReflexivity";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	747
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	748	Goalw [leadsto_def] "\|- (G ~> H) & (F ~> G) --> (F ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	749	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	750	by (etac dup_boxE 1); (* [][](Init G --> H) *)
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	751	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	752	by (clarsimp_tac (temp_css addSEs2 [STL4E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	753	by (rtac dup_dmdD 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	754	by (subgoal_tac "sigmaa \|= <>Init G" 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	755	by (etac DmdImpl2 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	756	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	757	by (asm_simp_tac (simpset() addsimps [dmdInitD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	758	qed "LatticeTransitivity";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	759
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	760	Goalw [leadsto_def] "\|- (F \| G ~> H) --> (F ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	761	by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	762	qed "LatticeDisjunctionElim1";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	763
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	764	Goalw [leadsto_def] "\|- (F \| G ~> H) --> (G ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	765	by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	766	qed "LatticeDisjunctionElim2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	767
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	768	Goalw [leadsto_def] "\|- (F ~> H) & (G ~> H) --> (F \| G ~> H)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	769	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	770	by (merge_box_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	771	by (auto_tac (temp_css addsimps2 Init_simps addSEs2 [STL4E]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	772	qed "LatticeDisjunctionIntro";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	773
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	774	Goal "\|- (F \| G ~> H) = ((F ~> H) & (G ~> H))";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	775	by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	776	LatticeDisjunctionElim1, LatticeDisjunctionElim2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	777	qed "LatticeDisjunction";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	778
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	779	Goal "\|- (A ~> B \| C) & (B ~> D) & (C ~> D) --> (A ~> D)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	780	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	781	by (subgoal_tac "sigma \|= (B \| C) ~> D" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	782	by (eres_inst_tac [("G", "LIFT (B \| C)")] (temp_use LatticeTransitivity) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	783	by (ALLGOALS (fast_tac (temp_cs addSIs [LatticeDisjunctionIntro])));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	784	qed "LatticeDiamond";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	785
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	786	Goal "\|- (A ~> D \| B) & (B ~> D) --> (A ~> D)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	787	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	788	by (subgoal_tac "sigma \|= (D \| B) ~> D" 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	789	by (eres_inst_tac [("G", "LIFT (D \| B)")] (temp_use LatticeTransitivity) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	790	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	791	by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,LatticeReflexivity]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	792	qed "LatticeTriangle";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	793
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	794	Goal "\|- (A ~> B \| D) & (B ~> D) --> (A ~> D)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	795	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	796	by (subgoal_tac "sigma \|= B \| D ~> D" 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	797	by (eres_inst_tac [("G", "LIFT (B \| D)")] (temp_use LatticeTransitivity) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	798	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	799	by (auto_tac (temp_css addIs2 [LatticeDisjunctionIntro,LatticeReflexivity]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	800	qed "LatticeTriangle2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	801
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	802	(* Lamport's fairness rules *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	803	section "Fairness rules";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	804
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	805	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	806	"[\| \|- $P & N --> P` \| Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	807	\ \|- ($P & N) & <A>_v --> Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	808	\ \|- $P & N --> $(Enabled(<A>_v)) \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	809	\ ==> \|- []N & WF(A)_v --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	810	by (clarsimp_tac (temp_css addSDs2 [BoxWFI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	811	by (rtac (temp_use ensures) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	812	by (TRYALL (ares_tac prems));
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	813	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	814	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	815	by (clarsimp_tac (temp_css addsimps2 [WF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	816	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	817	by (clarsimp_tac (temp_css addSEs2 [mp] addSIs2 [InitDmd]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	818	by (resolve_tac ((map temp_use (prems RL [STL4])) RL [box_stp_actD]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	819	by (asm_simp_tac (simpset() addsimps [split_box_conj,box_stp_actI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	820	qed "WF1";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	821
15661 9ef583b08647 reverted renaming of Some/None in comments and strings; wenzelm parents: 15531 diff changeset	822	(* Sometimes easier to use; designed for action B rather than state predicate Q *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	823	val [prem1,prem2,prem3] = goalw (the_context ()) [leadsto_def]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	824	"[\| \|- N & $P --> $Enabled (<A>_v); \
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	825	\ \|- N & <A>_v --> B; \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	826	\ \|- [](N & [~A]_v) --> stable P \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	827	\ ==> \|- []N & WF(A)_v --> (P ~> B)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	828	by (clarsimp_tac (temp_css addSDs2 [BoxWFI]) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	829	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	830	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	831	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	832	by (rtac (temp_use (prem2 RS DmdImpl)) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	833	by (rtac (temp_use BoxDmd_simple) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	834	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	835	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	836	by (rtac (temp_use STL2) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	837	by (clarsimp_tac (temp_css addsimps2 [WF_def] addSEs2 [mp] addSIs2 [InitDmd]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	838	by (rtac ((temp_use (prem1 RS STL4)) RS box_stp_actD) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	839	by (asm_simp_tac (simpset() addsimps [split_box_conj,box_stp_act]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	840	by (etac (temp_use INV1) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	841	by (rtac (temp_use prem3) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	842	by (asm_full_simp_tac (simpset() addsimps [split_box_conj,temp_use NotDmd,not_angle]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	843	qed "WF_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	844
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	845	val prems = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	846	"[\| \|- $P & N --> P` \| Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	847	\ \|- ($P & N) & <A>_v --> Q`; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	848	\ \|- []P & []N & []F --> <>Enabled(<A>_v) \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	849	\ ==> \|- []N & SF(A)_v & []F --> (P ~> Q)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	850	by (clarsimp_tac (temp_css addSDs2 [BoxSFI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	851	by (rtac (temp_use ensures) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	852	by (TRYALL (ares_tac prems));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	853	by (eres_inst_tac [("F","F")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	854	by (merge_temp_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	855	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	856	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	857	by (clarsimp_tac (temp_css addsimps2 [SF_def]) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	858	by (rtac (temp_use STL2) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	859	by (etac mp 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	860	by (resolve_tac (map temp_use (prems RL [STL4])) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	861	by (asm_simp_tac (simpset() addsimps [split_box_conj, STL3]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	862	qed "SF1";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	863
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	864	val [prem1,prem2,prem3,prem4] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	865	"[\| \|- N & <B>_f --> <M>_g; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	866	\ \|- $P & P` & <N & A>_f --> B; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	867	\ \|- P & Enabled(<M>_g) --> Enabled(<A>_f); \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	868	\ \|- [](N & [~B]_f) & WF(A)_f & []F & <>[]Enabled(<M>_g) --> <>[]P \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	869	\ ==> \|- []N & WF(A)_f & []F --> WF(M)_g";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	870	by (clarsimp_tac (temp_css addSDs2 [BoxWFI, (temp_use BoxDmdBox) RS iffD2]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	871	addsimps2 [read_instantiate [("A","M")] WF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	872	by (eres_inst_tac [("F","F")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	873	by (merge_temp_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	874	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	875	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	876	by (clarsimp_tac (temp_css addSIs2
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	877	[(temp_use BoxDmd_simple) RS (temp_use (prem1 RS DmdImpl))]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	878	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	879	by (subgoal_tac "sigmaa \|= <>(($P & P` & N) & <A>_f)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	880	by (force_tac (temp_css addsimps2 [angle_def] addSIs2 [prem2] addSEs2 [DmdImplE]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	881	by (rtac (temp_use (rewrite_rule [temp_rewrite DmdDmd] (BoxDmd_simple RS DmdImpl))) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	882	by (asm_full_simp_tac (simpset() addsimps [temp_use NotDmd, not_angle]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	883	by (merge_act_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	884	by (forward_tac [temp_use prem4] 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	885	by (TRYALL atac);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	886	by (dtac (temp_use STL6) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	887	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	888	by (eres_inst_tac [("V","sigmaa \|= <>[]P")] thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	889	by (eres_inst_tac [("V","sigmaa \|= []F")] thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	890	by (dtac (temp_use BoxWFI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	891	by (eres_inst_tac [("F", "ACT N & [~B]_f")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	892	by (merge_temp_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	893	by (etac DmdImpldup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	894	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	895	by (auto_tac (temp_css addsimps2 [split_box_conj,STL3,WF_Box,box_stp_act]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	896	by (force_tac (temp_css addSEs2 [read_instantiate [("P","P")] TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	897	by (rtac (temp_use STL2) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	898	by (force_tac (temp_css addsimps2 [WF_def,split_box_conj] addSEs2 [mp]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	899	addSIs2 [InitDmd, prem3 RS STL4]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	900	qed "WF2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	901
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	902	val [prem1,prem2,prem3,prem4] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	903	"[\| \|- N & <B>_f --> <M>_g; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	904	\ \|- $P & P` & <N & A>_f --> B; \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	905	\ \|- P & Enabled(<M>_g) --> Enabled(<A>_f); \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	906	\ \|- [](N & [~B]_f) & SF(A)_f & []F & []<>Enabled(<M>_g) --> <>[]P \|] \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	907	\ ==> \|- []N & SF(A)_f & []F --> SF(M)_g";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	908	by (clarsimp_tac (temp_css addSDs2 [BoxSFI]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	909	addsimps2 [read_instantiate [("A","M")] SF_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	910	by (eres_inst_tac [("F","F")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	911	by (eres_inst_tac [("F","TEMP <>Enabled(<M>_g)")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	912	by (merge_temp_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	913	by (etac STL4Edup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	914	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	915	by (clarsimp_tac (temp_css addSIs2
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	916	[(temp_use BoxDmd_simple) RS (temp_use (prem1 RS DmdImpl))]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	917	by (rtac classical 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	918	by (subgoal_tac "sigmaa \|= <>(($P & P` & N) & <A>_f)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	919	by (force_tac (temp_css addsimps2 [angle_def] addSIs2 [prem2] addSEs2 [DmdImplE]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	920	by (rtac (temp_use (rewrite_rule [temp_rewrite DmdDmd] (BoxDmd_simple RS DmdImpl))) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	921	by (asm_full_simp_tac (simpset() addsimps [temp_use NotDmd, not_angle]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	922	by (merge_act_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	923	by (forward_tac [temp_use prem4] 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	924	by (TRYALL atac);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	925	by (eres_inst_tac [("V","sigmaa \|= []F")] thin_rl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	926	by (dtac (temp_use BoxSFI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	927	by (eres_inst_tac [("F","TEMP <>Enabled(<M>_g)")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	928	by (eres_inst_tac [("F", "ACT N & [~B]_f")] dup_boxE 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	929	by (merge_temp_box_tac 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	930	by (etac DmdImpldup 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	931	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	932	by (auto_tac (temp_css addsimps2 [split_box_conj,STL3,SF_Box,box_stp_act]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	933	by (force_tac (temp_css addSEs2 [read_instantiate [("P","P")] TLA2E]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	934	by (rtac (temp_use STL2) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	935	by (force_tac (temp_css addsimps2 [SF_def,split_box_conj] addSEs2 [mp,InfImpl]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	936	addSIs2 [prem3]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	937	qed "SF2";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	938
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	939	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	940	(* Liveness proofs by well-founded orderings *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	941	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	942	section "Well-founded orderings";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	943
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	944	val p1::prems = goal (the_context ())
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	945	"[\| wf r; \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	946	\ !!x. sigma \|= F x ~> (G \| (EX y. #((y,x):r) & F y)) \
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	947	\ \|] ==> sigma \|= F x ~> G";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	948	by (rtac (p1 RS wf_induct) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	949	by (rtac (temp_use LatticeTriangle) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	950	by (resolve_tac prems 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	951	by (auto_tac (temp_css addsimps2 [leadsto_exists]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	952	by (case_tac "(y,x):r" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	953	by (Force_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	954	by (force_tac (temp_css addsimps2 leadsto_def::Init_simps addSIs2 [necT]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	955	qed "wf_leadsto";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	956
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	957	(* If r is well-founded, state function v cannot decrease forever *)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	958	Goal "!!r. wf r ==> \|- [][ (v`, $v) : #r ]_v --> <>[][#False]_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	959	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	960	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	961	by (subgoal_tac "sigma \|= (EX x. v=#x) ~> #False" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	962	by (dtac ((temp_use leadsto_false) RS iffD1 RS (temp_use STL2_gen)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	963	by (force_tac (temp_css addsimps2 Init_defs) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	964	by (clarsimp_tac (temp_css addsimps2 [leadsto_exists,not_square]@more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	965	by (etac wf_leadsto 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	966	by (rtac (temp_use ensures_simple) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	967	by (TRYALL atac);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	968	by (auto_tac (temp_css addsimps2 [square_def,angle_def]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	969	qed "wf_not_box_decrease";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	970
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	971	(* "wf r ==> \|- <>[][ (v`, $v) : #r ]_v --> <>[][#False]_v" *)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	972	bind_thm("wf_not_dmd_box_decrease",
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	973	standard(rewrite_rule more_temp_simps (wf_not_box_decrease RS DmdImpl)));
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	974
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	975	(* If there are infinitely many steps where v decreases, then there
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	976	have to be infinitely many non-stuttering steps where v doesn't decrease.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	977	*)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	978	val [prem] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	979	"wf r ==> \|- []<>((v`, $v) : #r) --> []<><(v`, $v) ~: #r>_v";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	980	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	981	by (rtac ccontr 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	982	by (asm_full_simp_tac (simpset() addsimps not_angle::more_temp_simps) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	983	by (dtac (prem RS (temp_use wf_not_dmd_box_decrease)) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	984	by (dtac (temp_use BoxDmdDmdBox) 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	985	by (atac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	986	by (subgoal_tac "sigma \|= []<>((#False)::action)" 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	987	by (Force_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	988	by (etac STL4E 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	989	by (rtac DmdImpl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	990	by (force_tac (temp_css addIs2 [prem RS wf_irrefl]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	991	qed "wf_box_dmd_decrease";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	992
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	993	(* In particular, for natural numbers, if n decreases infinitely often
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	994	then it has to increase infinitely often.
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	995	*)
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	996	Goal "!!n::nat stfun. \|- []<>(n` < $n) --> []<>($n < n`)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	997	by (Clarsimp_tac 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	998	by (subgoal_tac "sigma \|= []<><~( (n`,$n) : #less_than )>_n" 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	999	by (etac thin_rl 1);
c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1000	by (etac STL4E 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1001	by (rtac DmdImpl 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1002	by (clarsimp_tac (temp_css addsimps2 [angle_def]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1003	by (rtac (temp_use wf_box_dmd_decrease) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1004	by (auto_tac (temp_css addSEs2 [STL4E,DmdImplE]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1005	qed "nat_box_dmd_decrease";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1006
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1007
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1008	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1009	(* Flexible quantification over state variables *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1010	(* ------------------------------------------------------------------------- *)
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1011	section "Flexible quantification";
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1012
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1013	val [prem1,prem2] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1014	"[\| basevars vs; (!!x. basevars (x,vs) ==> sigma \|= F x) \|]\
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1015	\ ==> sigma \|= (AALL x. F x)";
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1016	by (auto_tac (temp_css addsimps2 [aall_def] addSEs2 [eexE]
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1017	addSIs2 [prem1] addSDs2 [prem2]));
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1018	qed "aallI";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1019
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1020	Goalw [aall_def] "\|- (AALL x. F x) --> F x";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1021	by (Clarsimp_tac 1);
10231 178a272bceeb renaming of contrapos rules paulson parents: 9517 diff changeset	1022	by (etac contrapos_np 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1023	by (force_tac (temp_css addSIs2 [eexI]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1024	qed "aallE";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1025
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1026	(* monotonicity of quantification *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1027	val [min,maj] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1028	"[\| sigma \|= EEX x. F x; !!x. sigma \|= F x --> G x \|] ==> sigma \|= EEX x. G x";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1029	by (rtac (unit_base RS (min RS eexE)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1030	by (rtac (temp_use eexI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1031	by (etac ((rewrite_rule intensional_rews maj) RS mp) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1032	qed "eex_mono";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1033
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1034	val [min,maj] = goal (the_context ())
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1035	"[\| sigma \|= AALL x. F(x); !!x. sigma \|= F(x) --> G(x) \|] ==> sigma \|= AALL x. G(x)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1036	by (rtac (unit_base RS aallI) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1037	by (rtac ((rewrite_rule intensional_rews maj) RS mp) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1038	by (rtac (min RS (temp_use aallE)) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1039	qed "aall_mono";
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1040
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1041	(* Derived history introduction rule *)
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1042	val [p1,p2,p3,p4,p5] = goal (the_context ())
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1043	"[\| sigma \|= Init I; sigma \|= []N; basevars vs; \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1044	\ (!!h. basevars(h,vs) ==> \|- I & h = ha --> HI h); \
db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1045	\ (!!h s t. [\| basevars(h,vs); N (s,t); h t = hb (h s) (s,t) \|] ==> HN h (s,t)) \
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1046	\ \|] ==> sigma \|= EEX h. Init (HI h) & [](HN h)";
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1047	by (rtac ((temp_use history) RS eexE) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1048	by (rtac p3 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1049	by (rtac (temp_use eexI) 1);
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 15661 diff changeset	1050	by (Clarsimp_tac 1);
9517 f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1051	by (rtac conjI 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1052	by (cut_facts_tac [p2] 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1053	by (merge_box_tac 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1054	by (force_tac (temp_css addSEs2 [STL4E,p5]) 2);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1055	by (cut_facts_tac [p1] 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1056	by (force_tac (temp_css addsimps2 Init_defs addSEs2 [p4]) 1);
f58863b1406a tuned version by Stephan Merz (unbatchified etc.); wenzelm parents: 9168 diff changeset	1057	qed "historyI";
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1058
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1059	(* ----------------------------------------------------------------------
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1060	example of a history variable: existence of a clock
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1061
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1062	Goal "\|- EEX h. Init(h = #True) & [](h` = (~$h))";
4423 a129b817b58a expandshort; wenzelm parents: 4089 diff changeset	1063	by (rtac tempI 1);
a129b817b58a expandshort; wenzelm parents: 4089 diff changeset	1064	by (rtac historyI 1);
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 5755 diff changeset	1065	by (REPEAT (force_tac (temp_css addsimps2 Init_defs addIs2 [unit_base, necT]) 1));
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1066	( solved )
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1067
82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	1068	---------------------------------------------------------------------- *)

author	urbanc
	Tue, 13 Dec 2005 18:11:21 +0100
changeset 18396	b3e7da94b51f
parent 17309	c43ed29bd197
child 20223	89d2758ecddf
permissions	-rw-r--r--