isabelle: src/HOL/UNITY/Extend.ML@b64d86018785 (annotated)

6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	1	(* Title: HOL/UNITY/Extend.ML
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	2	ID: $Id$
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	4	Copyright 1999 University of Cambridge
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	5
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	6	Extending of state sets
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	7	function f (forget) maps the extended state to the original state
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	8	function g (forgotten) maps the extended state to the "extending part"
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	9	*)
7362 f08fade5ea0d new laws; changed "guar" back to "guarantees" (sorry) paulson parents: 7341 diff changeset	10
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	11	( These we prove OUTSIDE the locale. )
7badd511844d working snapshot paulson parents: 7399 diff changeset	12
7badd511844d working snapshot paulson parents: 7399 diff changeset	13	(Possibly easier than reasoning about "inv h")
7badd511844d working snapshot paulson parents: 7399 diff changeset	14	val [surj_h,prem] =
7badd511844d working snapshot paulson parents: 7399 diff changeset	15	Goalw [good_map_def]
7badd511844d working snapshot paulson parents: 7399 diff changeset	16	"[\| surj h; !! x x' y y'. h(x,y) = h(x',y') ==> x=x' \|] ==> good_map h";
7badd511844d working snapshot paulson parents: 7399 diff changeset	17	by (safe_tac (claset() addSIs [surj_h]));
7badd511844d working snapshot paulson parents: 7399 diff changeset	18	by (rtac prem 1);
7badd511844d working snapshot paulson parents: 7399 diff changeset	19	by (stac (surjective_pairing RS sym) 1);
7badd511844d working snapshot paulson parents: 7399 diff changeset	20	by (stac (surj_h RS surj_f_inv_f) 1);
7badd511844d working snapshot paulson parents: 7399 diff changeset	21	by (rtac refl 1);
7badd511844d working snapshot paulson parents: 7399 diff changeset	22	qed "good_mapI";
7badd511844d working snapshot paulson parents: 7399 diff changeset	23
7badd511844d working snapshot paulson parents: 7399 diff changeset	24	Goalw [good_map_def] "good_map h ==> surj h";
7badd511844d working snapshot paulson parents: 7399 diff changeset	25	by Auto_tac;
7badd511844d working snapshot paulson parents: 7399 diff changeset	26	qed "good_map_is_surj";
7badd511844d working snapshot paulson parents: 7399 diff changeset	27
7badd511844d working snapshot paulson parents: 7399 diff changeset	28	(A convenient way of finding a closed form for inv h)
7badd511844d working snapshot paulson parents: 7399 diff changeset	29	val [surj,prem] = Goalw [inv_def]
7badd511844d working snapshot paulson parents: 7399 diff changeset	30	"[\| surj h; !! x y. g (h(x,y)) = x \|] ==> fst (inv h z) = g z";
7badd511844d working snapshot paulson parents: 7399 diff changeset	31	by (res_inst_tac [("y1", "z")] (surj RS surjD RS exE) 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7482 diff changeset	32	by (rtac selectI2 1);
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	33	by (dres_inst_tac [("f", "g")] arg_cong 2);
7badd511844d working snapshot paulson parents: 7399 diff changeset	34	by (auto_tac (claset(), simpset() addsimps [prem]));
7badd511844d working snapshot paulson parents: 7399 diff changeset	35	qed "fst_inv_equalityI";
7badd511844d working snapshot paulson parents: 7399 diff changeset	36
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	37
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	38	Open_locale "Extend";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	39
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	40	val slice_def = thm "slice_def";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	41
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	42	(* Trivial properties of f, g, h *)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	43
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	44	val good_h = rewrite_rule [good_map_def] (thm "good_h");
7badd511844d working snapshot paulson parents: 7399 diff changeset	45	val surj_h = good_h RS conjunct1;
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	46
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	47	val f_def = thm "f_def";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	48	val g_def = thm "g_def";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	49
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	50	Goal "f(h(x,y)) = x";
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	51	by (simp_tac (simpset() addsimps [f_def, good_h RS conjunct2]) 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	52	qed "f_h_eq";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	53	Addsimps [f_h_eq];
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	54
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	55	Goal "h(x,y) = h(x',y') ==> x=x'";
7badd511844d working snapshot paulson parents: 7399 diff changeset	56	by (dres_inst_tac [("f", "fst o inv h")] arg_cong 1);
7badd511844d working snapshot paulson parents: 7399 diff changeset	57	(FIXME: If locales worked properly we could put just "f" above)
7badd511844d working snapshot paulson parents: 7399 diff changeset	58	by (full_simp_tac (simpset() addsimps [f_def, good_h RS conjunct2]) 1);
7badd511844d working snapshot paulson parents: 7399 diff changeset	59	qed "h_inject1";
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	60	AddDs [h_inject1];
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	61
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	62	Goal "h(f z, g z) = z";
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	63	by (simp_tac (simpset() addsimps [f_def, g_def, surjective_pairing RS sym,
7badd511844d working snapshot paulson parents: 7399 diff changeset	64	surj_h RS surj_f_inv_f]) 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	65	qed "h_f_g_eq";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	66
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	67
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	68	( A sequence of proof steps borrowed from Provers/split_paired_all.ML )
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	69
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	70	val cT = TFree ("'c", ["term"]);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	71
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	72	(* "PROP P x == PROP P (h (f x, g x))" *)
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	73	val lemma1 = Thm.combination
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	74	(Thm.reflexive (cterm_of (sign_of thy) (Free ("P", cT --> propT))))
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	75	(Drule.unvarify (h_f_g_eq RS sym RS eq_reflection));
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	76
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	77	val prems = Goalw [lemma1] "(!!u y. PROP P (h (u, y))) ==> PROP P x";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	78	by (resolve_tac prems 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	79	val lemma2 = result();
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	80
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	81	val prems = Goal "(!!u y. PROP P (h (u, y))) ==> (!!z. PROP P z)";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	82	by (rtac lemma2 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	83	by (resolve_tac prems 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	84	val lemma3 = result();
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	85
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	86	val prems = Goal "(!!z. PROP P z) ==> (!!u y. PROP P (h (u, y)))";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	87	(not needed for proof, but prevents generalization over h, 'c, etc.)
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	88	by (cut_facts_tac [surj_h] 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	89	by (resolve_tac prems 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	90	val lemma4 = result();
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	91
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	92	val split_extended_all = Thm.equal_intr lemma4 lemma3;
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	93
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	94
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	95	(* extend_set: basic properties *)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	96
7594 8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	97	Goalw [extend_set_def] "A<=B ==> extend_set h A <= extend_set h B";
8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	98	by (Blast_tac 1);
8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	99	qed "extend_set_mono";
8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	100
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	101	Goalw [extend_set_def] "z : extend_set h A = (f z : A)";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	102	by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	103	qed "mem_extend_set_iff";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	104	AddIffs [mem_extend_set_iff];
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	105
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	106	Goalw [extend_set_def]
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	107	"(extend_set h A <= extend_set h B) = (A <= B)";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	108	by (Force_tac 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	109	qed "extend_set_strict_mono";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	110	AddIffs [extend_set_strict_mono];
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	111
7378 ed9230a0a700 use of bij, new theorems, etc. paulson parents: 7362 diff changeset	112	Goal "{s. P (f s)} = extend_set h {s. P s}";
ed9230a0a700 use of bij, new theorems, etc. paulson parents: 7362 diff changeset	113	by Auto_tac;
ed9230a0a700 use of bij, new theorems, etc. paulson parents: 7362 diff changeset	114	qed "Collect_eq_extend_set";
ed9230a0a700 use of bij, new theorems, etc. paulson parents: 7362 diff changeset	115
7594 8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	116	Goal "extend_set h {x} = {s. f s = x}";
8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	117	by Auto_tac;
8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	118	qed "extend_set_sing";
8a188ef6545e working version with co-guarantees-leadsto results paulson parents: 7546 diff changeset	119
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	120	Goalw [extend_set_def, project_set_def]
7660 7e38237edfcb now with (weak safety) guarantees (weak progress) with Extend paulson parents: 7630 diff changeset	121	"project_set h (extend_set h C) = C";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	122	by Auto_tac;
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	123	qed "extend_set_inverse";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	124	Addsimps [extend_set_inverse];
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	125
7947 b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	126	Goalw [extend_set_def, project_set_def]
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	127	"C <= extend_set h (project_set h C)";
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	128	by (auto_tac (claset(),
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	129	simpset() addsimps [split_extended_all]));
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	130	by (Blast_tac 1);
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	131	qed "extend_set_project_set";
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	132
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	133	Goal "inj (extend_set h)";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	134	by (rtac inj_on_inverseI 1);
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	135	by (rtac extend_set_inverse 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	136	qed "inj_extend_set";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	137
7689 affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	138	Goalw [extend_set_def] "extend_set h UNIV = UNIV";
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	139	by (auto_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	140	simpset() addsimps [split_extended_all]));
7689 affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	141	qed "extend_set_UNIV_eq";
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	142	Addsimps [standard extend_set_UNIV_eq];
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	143
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	144	(* project_set: basic properties *)
7badd511844d working snapshot paulson parents: 7399 diff changeset	145
7badd511844d working snapshot paulson parents: 7399 diff changeset	146	(project_set is simply image!)
7badd511844d working snapshot paulson parents: 7399 diff changeset	147	Goalw [project_set_def] "project_set h C = f `` C";
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	148	by (auto_tac (claset() addIs [f_h_eq RS sym],
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	149	simpset() addsimps [split_extended_all]));
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	150	qed "project_set_eq";
7badd511844d working snapshot paulson parents: 7399 diff changeset	151
7badd511844d working snapshot paulson parents: 7399 diff changeset	152	(Converse appears to fail)
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	153	Goalw [project_set_def] "!!z. z : C ==> f z : project_set h C";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	154	by (auto_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	155	simpset() addsimps [split_extended_all]));
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	156	qed "project_set_I";
7badd511844d working snapshot paulson parents: 7399 diff changeset	157
7badd511844d working snapshot paulson parents: 7399 diff changeset	158
7badd511844d working snapshot paulson parents: 7399 diff changeset	159	(* More laws *)
7badd511844d working snapshot paulson parents: 7399 diff changeset	160
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	161	(*Because A and B could differ on the "other" part of the state,
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	162	cannot generalize result to
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	163	project_set h (A Int B) = project_set h A Int project_set h B
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	164	*)
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	165	Goalw [project_set_def]
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	166	"project_set h ((extend_set h A) Int B) = A Int (project_set h B)";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	167	by Auto_tac;
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	168	qed "project_set_extend_set_Int";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	169
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	170	Goal "extend_set h (A Un B) = extend_set h A Un extend_set h B";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	171	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	172	qed "extend_set_Un_distrib";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	173
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	174	Goal "extend_set h (A Int B) = extend_set h A Int extend_set h B";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	175	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	176	qed "extend_set_Int_distrib";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	177
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	178	Goal "extend_set h (INTER A B) = (INT x:A. extend_set h (B x))";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	179	by Auto_tac;
6834 44da4a2a9ef3 renamed UNION_... to UN_..., INTER_... to INT_... (to fit the convention) paulson parents: 6822 diff changeset	180	qed "extend_set_INT_distrib";
6647 9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	181
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	182	Goal "extend_set h (A - B) = extend_set h A - extend_set h B";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	183	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	184	qed "extend_set_Diff_distrib";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	185
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	186	Goal "extend_set h (Union A) = (UN X:A. extend_set h X)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	187	by (Blast_tac 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	188	qed "extend_set_Union";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	189
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	190	Goalw [extend_set_def] "(extend_set h A <= - extend_set h B) = (A <= - B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	191	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	192	qed "extend_set_subset_Compl_eq";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	193
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	194
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	195	(* extend_act *)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	196
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	197	Goalw [extend_act_def]
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	198	"((h(s,y), h(s',y)) : extend_act h act) = ((s, s') : act)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	199	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	200	qed "mem_extend_act_iff";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	201	AddIffs [mem_extend_act_iff];
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	202
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	203	(Converse fails: (z,z') would include actions that changed the g-part)
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	204	Goalw [extend_act_def]
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	205	"(z, z') : extend_act h act ==> (f z, f z') : act";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	206	by Auto_tac;
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	207	qed "extend_act_D";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	208
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	209	Goalw [extend_act_def, project_act_def, project_set_def]
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	210	"project_act h (Restrict C (extend_act h act)) = \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	211	\ Restrict (project_set h C) act";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	212	by (Blast_tac 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	213	qed "project_act_extend_act_restrict";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	214	Addsimps [project_act_extend_act_restrict];
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	215
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	216	Goalw [extend_act_def, project_act_def, project_set_def]
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	217	"(Restrict C (extend_act h act) = Restrict C (extend_act h act')) \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	218	\ = (Restrict (project_set h C) act = Restrict (project_set h C) act')";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	219	by Auto_tac;
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	220	by (ALLGOALS (blast_tac (claset() addSEs [equalityE])));
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	221	qed "Restrict_extend_act_eq_Restrict_project_act";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	222
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	223	(*Premise is still undesirably strong, since Domain act can include
875754b599df working snapshot paulson parents: 7499 diff changeset	224	non-reachable states, but it seems necessary for this result.*)
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	225	Goal "Domain act <= project_set h C \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	226	\ ==> project_act h (Restrict C (extend_act h act)) = act";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	227	by (asm_simp_tac (simpset() addsimps [Restrict_triv]) 1);
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	228	qed "extend_act_inverse";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	229
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	230	Goalw [extend_act_def, project_act_def]
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	231	"act' <= extend_act h act ==> project_act h act' <= act";
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	232	by (Force_tac 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	233	qed "subset_extend_act_D";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	234
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	235	Goal "inj (extend_act h)";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	236	by (rtac inj_on_inverseI 1);
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	237	by (rtac extend_act_inverse 1);
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	238	by (force_tac (claset(), simpset() addsimps [project_set_def]) 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	239	qed "inj_extend_act";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	240
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	241	Goalw [extend_set_def, extend_act_def]
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	242	"extend_act h act ^^ (extend_set h A) = extend_set h (act ^^ A)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	243	by (Force_tac 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	244	qed "extend_act_Image";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	245	Addsimps [extend_act_Image];
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	246
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	247	Goalw [extend_act_def] "(extend_act h act' <= extend_act h act) = (act'<=act)";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	248	by Auto_tac;
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	249	qed "extend_act_strict_mono";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	250
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	251	AddIffs [extend_act_strict_mono, inj_extend_act RS inj_eq];
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	252	(The latter theorem is (extend_act h act' = extend_act h act) = (act'=act) )
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	253
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	254	Goalw [extend_set_def, extend_act_def]
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	255	"Domain (extend_act h act) = extend_set h (Domain act)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	256	by (Force_tac 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	257	qed "Domain_extend_act";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	258
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	259	Goalw [extend_act_def]
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	260	"extend_act h Id = Id";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	261	by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	262	qed "extend_act_Id";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	263
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	264	Goalw [project_act_def]
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	265	"!!z z'. (z, z') : act ==> (f z, f z') : project_act h act";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	266	by (force_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	267	simpset() addsimps [split_extended_all]) 1);
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	268	qed "project_act_I";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	269
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	270	Goalw [project_set_def, project_act_def]
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	271	"UNIV <= project_set h C ==> project_act h (Restrict C Id) = Id";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	272	by (Force_tac 1);
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	273	qed "project_act_Id";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	274
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	275	Goalw [project_set_def, project_act_def]
7915 c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	276	"Domain (project_act h act) = project_set h (Domain act)";
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	277	by (force_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	278	simpset() addsimps [split_extended_all]) 1);
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	279	qed "Domain_project_act";
7badd511844d working snapshot paulson parents: 7399 diff changeset	280
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	281	Addsimps [extend_act_Id, project_act_Id];
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	282
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	283	Goal "(extend_act h act = Id) = (act = Id)";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	284	by Auto_tac;
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	285	by (rewtac extend_act_def);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	286	by (ALLGOALS (blast_tac (claset() addEs [equalityE])));
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	287	qed "extend_act_Id_iff";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	288
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	289	Goal "Id : extend_act h `` Acts F";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	290	by (auto_tac (claset() addSIs [extend_act_Id RS sym],
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	291	simpset() addsimps [image_iff]));
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	292	qed "Id_mem_extend_act";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	293
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	294
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	295	(** extend **)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	296
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	297	(* Basic properties *)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	298
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	299	Goalw [extend_def] "Init (extend h F) = extend_set h (Init F)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	300	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	301	qed "Init_extend";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	302
7880 62fb24e28e5e exchanged the first two args of "project" and "drop_prog" paulson parents: 7878 diff changeset	303	Goalw [project_def] "Init (project h C F) = project_set h (Init F)";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	304	by Auto_tac;
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	305	qed "Init_project";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	306
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	307	Goal "Acts (extend h F) = (extend_act h `` Acts F)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	308	by (auto_tac (claset() addSIs [extend_act_Id RS sym],
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	309	simpset() addsimps [extend_def, image_iff]));
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	310	qed "Acts_extend";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	311
7880 62fb24e28e5e exchanged the first two args of "project" and "drop_prog" paulson parents: 7878 diff changeset	312	Goal "Acts (project h C F) = insert Id (project_act h `` Restrict C `` Acts F)";
7546 36b26759147e project_act no longer has a special case to allow identity actions paulson parents: 7538 diff changeset	313	by (auto_tac (claset(),
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	314	simpset() addsimps [project_def, image_iff]));
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	315	qed "Acts_project";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	316
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	317	Addsimps [Init_extend, Init_project, Acts_extend, Acts_project];
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	318
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	319	Goalw [SKIP_def] "extend h SKIP = SKIP";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	320	by (rtac program_equalityI 1);
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	321	by Auto_tac;
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	322	qed "extend_SKIP";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	323
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	324	Goalw [project_set_def] "project_set h UNIV = UNIV";
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	325	by Auto_tac;
875754b599df working snapshot paulson parents: 7499 diff changeset	326	qed "project_set_UNIV";
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	327	Addsimps [project_set_UNIV];
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	328
7915 c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	329	Goal "project h C (extend h F) = \
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	330	\ mk_program (Init F, Restrict (project_set h C) `` Acts F)";
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	331	by (rtac program_equalityI 1);
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	332	by (asm_simp_tac (simpset() addsimps [image_eq_UN,
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	333	project_act_extend_act_restrict]) 2);
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	334	by (Simp_tac 1);
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	335	qed "project_extend_eq";
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	336
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	337	(ALL act: Acts F. Domain act is MUCH TOO STRONG since Domain Id = UNIV!)
875754b599df working snapshot paulson parents: 7499 diff changeset	338	Goal "UNIV <= project_set h C \
7880 62fb24e28e5e exchanged the first two args of "project" and "drop_prog" paulson parents: 7878 diff changeset	339	\ ==> project h C (extend h F) = F";
7915 c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	340	by (asm_simp_tac (simpset() addsimps [project_extend_eq, image_eq_UN,
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	341	subset_UNIV RS subset_trans RS Restrict_triv]) 1);
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	342	qed "extend_inverse";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	343	Addsimps [extend_inverse];
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	344
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	345	Goal "inj (extend h)";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	346	by (rtac inj_on_inverseI 1);
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	347	by (rtac extend_inverse 1);
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	348	by (force_tac (claset(), simpset() addsimps [project_set_def]) 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	349	qed "inj_extend";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	350
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	351	Goal "extend h (F Join G) = extend h F Join extend h G";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	352	by (rtac program_equalityI 1);
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	353	by (simp_tac (simpset() addsimps [image_Un]) 2);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	354	by (simp_tac (simpset() addsimps [extend_set_Int_distrib]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	355	qed "extend_Join";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	356	Addsimps [extend_Join];
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	357
6647 9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	358	Goal "extend h (JOIN I F) = (JN i:I. extend h (F i))";
9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	359	by (rtac program_equalityI 1);
7537 875754b599df working snapshot paulson parents: 7499 diff changeset	360	by (simp_tac (simpset() addsimps [image_UN]) 2);
6834 44da4a2a9ef3 renamed UNION_... to UN_..., INTER_... to INT_... (to fit the convention) paulson parents: 6822 diff changeset	361	by (simp_tac (simpset() addsimps [extend_set_INT_distrib]) 1);
6647 9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	362	qed "extend_JN";
9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	363	Addsimps [extend_JN];
9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	364
7689 affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	365
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	366	( These monotonicity results look natural but are UNUSED )
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	367
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	368	Goal "F <= G ==> extend h F <= extend h G";
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	369	by (full_simp_tac (simpset() addsimps [component_eq_subset]) 1);
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	370	by Auto_tac;
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	371	qed "extend_mono";
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	372
7880 62fb24e28e5e exchanged the first two args of "project" and "drop_prog" paulson parents: 7878 diff changeset	373	Goal "F <= G ==> project h C F <= project h C G";
7689 affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	374	by (full_simp_tac
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	375	(simpset() addsimps [component_eq_subset, project_set_def]) 1);
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	376	by Auto_tac;
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	377	qed "project_mono";
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	378
affe0c2fdfbf working snapshot (even Alloc) paulson parents: 7660 diff changeset	379
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	380	(* Safety: co, stable *)
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	381
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	382	Goal "(extend h F : (extend_set h A) co (extend_set h B)) = \
281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	383	\ (F : A co B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	384	by (simp_tac (simpset() addsimps [constrains_def]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	385	qed "extend_constrains";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	386
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	387	Goal "(extend h F : stable (extend_set h A)) = (F : stable A)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	388	by (asm_simp_tac (simpset() addsimps [stable_def, extend_constrains]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	389	qed "extend_stable";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	390
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	391	Goal "(extend h F : invariant (extend_set h A)) = (F : invariant A)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	392	by (asm_simp_tac (simpset() addsimps [invariant_def, extend_stable]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	393	qed "extend_invariant";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	394
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	395	(Converse fails: A and B may differ in their extra variables)
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	396	Goal "extend h F : A co B ==> F : (project_set h A) co (project_set h B)";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	397	by (auto_tac (claset(),
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	398	simpset() addsimps [constrains_def, project_set_def]));
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	399	by (Force_tac 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	400	qed "extend_constrains_project_set";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	401
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	402
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	403	(* Diff, needed for localTo *)
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	404
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	405	Goal "Restrict (extend_set h C) (extend_act h act) = \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	406	\ extend_act h (Restrict C act)";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	407	by (auto_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	408	simpset() addsimps [split_extended_all]));
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	409	by (auto_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	410	simpset() addsimps [extend_act_def]));
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	411	qed "Restrict_extend_set";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	412
7915 c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	413	Goalw [Diff_def]
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	414	"(Diff (extend_set h C) (extend h G) (extend_act h `` acts)) = \
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	415	\ extend h (Diff C G acts)";
7915 c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	416	by (rtac program_equalityI 1);
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	417	by (Simp_tac 1);
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	418	by (simp_tac (simpset() addsimps [inj_extend_act RS image_set_diff]) 1);
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	419	by (simp_tac (simpset() addsimps [image_eq_UN,
c7fd7eb3b0ef ALMOST working version: LocalTo results commented out paulson parents: 7880 diff changeset	420	Restrict_extend_set]) 1);
7387 5e74c23063de new results for localTo paulson parents: 7378 diff changeset	421	qed "Diff_extend_eq";
5e74c23063de new results for localTo paulson parents: 7378 diff changeset	422
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	423	(*Opposite inclusion fails; this inclusion's more general than that of
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	424	Diff_extend_eq*)
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	425	Goal "Diff (project_set h C) G acts \
7880 62fb24e28e5e exchanged the first two args of "project" and "drop_prog" paulson parents: 7878 diff changeset	426	\ <= project h C (Diff C (extend h G) (extend_act h `` acts))";
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	427	by (simp_tac
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	428	(simpset() addsimps [component_eq_subset, Diff_def,image_UN,
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	429	image_image, image_Diff_image_eq,
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	430	Restrict_extend_act_eq_Restrict_project_act,
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	431	vimage_image_eq]) 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	432	by (blast_tac (claset() addSEs [equalityE])1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	433	qed "Diff_project_set_component";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	434
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	435	Goal "(Diff (extend_set h C) (extend h G) (extend_act h `` acts) \
7387 5e74c23063de new results for localTo paulson parents: 7378 diff changeset	436	\ : (extend_set h A) co (extend_set h B)) \
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	437	\ = (Diff C G acts : A co B)";
7387 5e74c23063de new results for localTo paulson parents: 7378 diff changeset	438	by (simp_tac (simpset() addsimps [Diff_extend_eq, extend_constrains]) 1);
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	439	qed "Diff_extend_constrains";
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	440
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	441	Goal "(Diff (extend_set h C) (extend h G) (extend_act h `` acts) \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	442	\ : stable (extend_set h A)) \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	443	\ = (Diff C G acts : stable A)";
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	444	by (simp_tac (simpset() addsimps [Diff_extend_constrains, stable_def]) 1);
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	445	qed "Diff_extend_stable";
d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	446
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	447	(UNUSED!!)
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	448	Goal "Diff (extend_set h C) (extend h G) (extend_act h `` acts) : A co B \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	449	\ ==> Diff C G acts : (project_set h A) co (project_set h B)";
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	450	by (asm_full_simp_tac (simpset() addsimps [Diff_extend_eq,
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	451	extend_constrains_project_set]) 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	452	qed "Diff_extend_constrains_project_set";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	453
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	454	Goalw [LOCALTO_def]
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	455	"(extend h F : (v o f) localTo[extend_set h C] extend h H) = \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	456	\ (F : v localTo[C] H)";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	457	by (Simp_tac 1);
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	458	(A trick to strip both quantifiers)
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	459	by (res_inst_tac [("f", "All")] (ext RS arg_cong) 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	460	by (stac Collect_eq_extend_set 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	461	by (simp_tac (simpset() addsimps [Diff_extend_stable]) 1);
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	462	qed "extend_localTo_extend_eq";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	463
7947 b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	464	Goal "[\| F : v localTo[C] H; C' <= extend_set h C \|] \
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	465	\ ==> extend h F : (v o f) localTo[C'] extend h H";
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	466	by (blast_tac (claset() addDs [extend_localTo_extend_eq RS iffD2,
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	467	impOfSubs localTo_anti_mono]) 1);
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	468	qed "extend_localTo_extend_I";
b999c1ab9327 working again; new treatment of LocalTo paulson parents: 7915 diff changeset	469
7878 43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	470	(USED?? opposite inclusion fails)
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	471	Goal "Restrict C (extend_act h act) <= \
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	472	\ extend_act h (Restrict (project_set h C) act)";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	473	by (auto_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	474	simpset() addsimps [split_extended_all]));
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	475	by (auto_tac (claset(),
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	476	simpset() addsimps [extend_act_def, project_set_def]));
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	477	qed "Restrict_extend_set_subset";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	478
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	479
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	480	Goal "(extend_act h `` Acts F) - {Id} = extend_act h `` (Acts F - {Id})";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	481	by (stac (extend_act_Id RS sym) 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	482	by (simp_tac (simpset() addsimps [inj_extend_act RS image_set_diff]) 1);
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	483	qed "extend_act_image_Id_eq";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	484
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	485	Goal "Disjoint C (extend h F) (extend h G) = Disjoint (project_set h C) F G";
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	486	by (simp_tac
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	487	(simpset() addsimps [Disjoint_def, disjoint_iff_not_equal,
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	488	image_Diff_image_eq,
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	489	Restrict_extend_act_eq_Restrict_project_act,
43b03d412b82 working version with localTo[C] instead of localTo paulson parents: 7826 diff changeset	490	extend_act_Id_iff, vimage_def]) 1);
7826 c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	491	qed "Disjoint_extend_eq";
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	492	Addsimps [Disjoint_extend_eq];
c6a8b73b6c2a working shapshot with "projecting" and "extending" paulson parents: 7689 diff changeset	493
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	494	(* Weak safety primitives: Co, Stable *)
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	495
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	496	Goal "p : reachable (extend h F) ==> f p : reachable F";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	497	by (etac reachable.induct 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	498	by (auto_tac
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	499	(claset() addIs reachable.intrs,
7341 d15bfea7c943 many "project" laws paulson parents: 6834 diff changeset	500	simpset() addsimps [extend_act_def, image_iff]));
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	501	qed "reachable_extend_f";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	502
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	503	Goal "h(s,y) : reachable (extend h F) ==> s : reachable F";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	504	by (force_tac (claset() addSDs [reachable_extend_f], simpset()) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	505	qed "h_reachable_extend";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	506
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	507	Goalw [extend_set_def]
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	508	"reachable (extend h F) = extend_set h (reachable F)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	509	by (rtac equalityI 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	510	by (force_tac (claset() addIs [h_f_g_eq RS sym]
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	511	addSDs [reachable_extend_f],
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	512	simpset()) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	513	by (Clarify_tac 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	514	by (etac reachable.induct 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	515	by (ALLGOALS (force_tac (claset() addIs reachable.intrs,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	516	simpset())));
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	517	qed "reachable_extend_eq";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	518
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	519	Goal "(extend h F : (extend_set h A) Co (extend_set h B)) = \
281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	520	\ (F : A Co B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	521	by (simp_tac
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	522	(simpset() addsimps [Constrains_def, reachable_extend_eq,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	523	extend_constrains, extend_set_Int_distrib RS sym]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	524	qed "extend_Constrains";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	525
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	526	Goal "(extend h F : Stable (extend_set h A)) = (F : Stable A)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	527	by (simp_tac (simpset() addsimps [Stable_def, extend_Constrains]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	528	qed "extend_Stable";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	529
6647 9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	530	Goal "(extend h F : Always (extend_set h A)) = (F : Always A)";
9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	531	by (asm_simp_tac (simpset() addsimps [Always_def, extend_Stable]) 1);
9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	532	qed "extend_Always";
9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	533
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	534
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	535	(* Progress: transient, ensures *)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	536
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	537	Goal "(extend h F : transient (extend_set h A)) = (F : transient A)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	538	by (auto_tac (claset(),
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	539	simpset() addsimps [transient_def, extend_set_subset_Compl_eq,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	540	Domain_extend_act]));
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	541	qed "extend_transient";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	542
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	543	Goal "(extend h F : (extend_set h A) ensures (extend_set h B)) = \
281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	544	\ (F : A ensures B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	545	by (simp_tac
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	546	(simpset() addsimps [ensures_def, extend_constrains, extend_transient,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	547	extend_set_Un_distrib RS sym,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	548	extend_set_Diff_distrib RS sym]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	549	qed "extend_ensures";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	550
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	551	Goal "F : A leadsTo B \
281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	552	\ ==> extend h F : (extend_set h A) leadsTo (extend_set h B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	553	by (etac leadsTo_induct 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	554	by (asm_simp_tac (simpset() addsimps [leadsTo_UN, extend_set_Union]) 3);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	555	by (blast_tac (claset() addIs [leadsTo_Trans]) 2);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	556	by (asm_simp_tac (simpset() addsimps [leadsTo_Basis, extend_ensures]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	557	qed "leadsTo_imp_extend_leadsTo";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	558
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	559	(* Proving the converse takes some doing! *)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	560
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	561	Goalw [slice_def] "slice (Union S) y = (UN x:S. slice x y)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	562	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	563	qed "slice_Union";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	564
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	565	Goalw [slice_def] "slice (extend_set h A) y = A";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	566	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	567	qed "slice_extend_set";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	568
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	569	Goalw [slice_def, project_set_def] "project_set h A = (UN y. slice A y)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	570	by Auto_tac;
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	571	qed "project_set_is_UN_slice";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	572
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	573	Goalw [slice_def, transient_def]
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	574	"extend h F : transient A ==> F : transient (slice A y)";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	575	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	576	by (rtac bexI 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	577	by Auto_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	578	by (force_tac (claset(), simpset() addsimps [extend_act_def]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	579	qed "extend_transient_slice";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	580
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	581	Goal "extend h F : A ensures B ==> F : (slice A y) ensures (project_set h B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	582	by (full_simp_tac
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	583	(simpset() addsimps [ensures_def, extend_constrains, extend_transient,
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	584	project_set_eq, image_Un RS sym,
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	585	extend_set_Un_distrib RS sym,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	586	extend_set_Diff_distrib RS sym]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	587	by Safe_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	588	by (full_simp_tac (simpset() addsimps [constrains_def, extend_act_def,
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	589	extend_set_def]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	590	by (Clarify_tac 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	591	by (ball_tac 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	592	by (full_simp_tac (simpset() addsimps [slice_def, image_iff, Image_iff]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	593	by (force_tac (claset() addSIs [h_f_g_eq RS sym], simpset()) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	594	(transient)
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	595	by (dtac extend_transient_slice 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	596	by (etac transient_strengthen 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	597	by (force_tac (claset() addIs [f_h_eq RS sym],
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	598	simpset() addsimps [slice_def]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	599	qed "extend_ensures_slice";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	600
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	601	Goal "ALL y. F : (slice B y) leadsTo CU ==> F : (project_set h B) leadsTo CU";
7badd511844d working snapshot paulson parents: 7399 diff changeset	602	by (simp_tac (simpset() addsimps [project_set_is_UN_slice]) 1);
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	603	by (blast_tac (claset() addIs [leadsTo_UN]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	604	qed "leadsTo_slice_image";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	605
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	606
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	607	Goal "extend h F : AU leadsTo BU \
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	608	\ ==> ALL y. F : (slice AU y) leadsTo (project_set h BU)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	609	by (etac leadsTo_induct 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	610	by (full_simp_tac (simpset() addsimps [slice_Union]) 3);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	611	by (blast_tac (claset() addIs [leadsTo_UN]) 3);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	612	by (blast_tac (claset() addIs [leadsTo_slice_image, leadsTo_Trans]) 2);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	613	by (blast_tac (claset() addIs [extend_ensures_slice, leadsTo_Basis]) 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	614	qed_spec_mp "extend_leadsTo_slice";
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	615
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	616	Goal "(extend h F : (extend_set h A) leadsTo (extend_set h B)) = \
281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	617	\ (F : A leadsTo B)";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	618	by Safe_tac;
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	619	by (etac leadsTo_imp_extend_leadsTo 2);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	620	by (dtac extend_leadsTo_slice 1);
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	621	by (full_simp_tac (simpset() addsimps [slice_extend_set]) 1);
6647 9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	622	qed "extend_leadsto";
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	623
6536 281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	624	Goal "(extend h F : (extend_set h A) LeadsTo (extend_set h B)) = \
281d44905cab made many specification operators infix paulson parents: 6454 diff changeset	625	\ (F : A LeadsTo B)";
6454 1c8f48966033 new result extend_LeadsTo paulson parents: 6309 diff changeset	626	by (simp_tac
1c8f48966033 new result extend_LeadsTo paulson parents: 6309 diff changeset	627	(simpset() addsimps [LeadsTo_def, reachable_extend_eq,
6647 9ec7b9723f43 new thm extend_JN; renamed extend_leadsto paulson parents: 6536 diff changeset	628	extend_leadsto, extend_set_Int_distrib RS sym]) 1);
6454 1c8f48966033 new result extend_LeadsTo paulson parents: 6309 diff changeset	629	qed "extend_LeadsTo";
1c8f48966033 new result extend_LeadsTo paulson parents: 6309 diff changeset	630
6297 5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	631
5b9fbdfe22b7 new theory of extending the state space paulson parents: diff changeset	632	Close_locale "Extend";
7482 7badd511844d working snapshot paulson parents: 7399 diff changeset	633
7badd511844d working snapshot paulson parents: 7399 diff changeset	634	(*Close_locale should do this!
7badd511844d working snapshot paulson parents: 7399 diff changeset	635	Delsimps [f_h_eq, extend_set_inverse, f_image_extend_set, extend_act_inverse,
7badd511844d working snapshot paulson parents: 7399 diff changeset	636	extend_act_Image];
7badd511844d working snapshot paulson parents: 7399 diff changeset	637	Delrules [make_elim h_inject1];
7badd511844d working snapshot paulson parents: 7399 diff changeset	638	*)

author	paulson
	Thu, 11 Nov 1999 10:25:17 +0100
changeset 8005	b64d86018785
parent 7947	b999c1ab9327
child 8041	e3237d8c18d6
permissions	-rw-r--r--