isabelle: src/HOL/UNITY/SubstAx.thy@ca56952b7322 (annotated)

37936 1e4c5015a72e updated some headers; wenzelm parents: 35417 diff changeset	1	(* Title: HOL/UNITY/SubstAx.thy
4776 1f9362e769c1 New UNITY theory paulson parents: diff changeset	2	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
1f9362e769c1 New UNITY theory paulson parents: diff changeset	3	Copyright 1998 University of Cambridge
1f9362e769c1 New UNITY theory paulson parents: diff changeset	4
6536 281d44905cab made many specification operators infix paulson parents: 5648 diff changeset	5	Weak LeadsTo relation (restricted to the set of reachable states)
4776 1f9362e769c1 New UNITY theory paulson parents: diff changeset	6	*)
1f9362e769c1 New UNITY theory paulson parents: diff changeset	7
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	8	section\<open>Weak Progress\<close>
13798 4c1a53627500 conversion to new-style theories and tidying paulson parents: 13796 diff changeset	9
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 14150 diff changeset	10	theory SubstAx imports WFair Constrains begin
4776 1f9362e769c1 New UNITY theory paulson parents: diff changeset	11
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 19769 diff changeset	12	definition Ensures :: "['a set, 'a set] => 'a program set" (infixl "Ensures" 60) where
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	13	"A Ensures B == {F. F \<in> (reachable F \<inter> A) ensures B}"
8122 b43ad07660b9 working version, with Alloc now working on the same state space as the whole paulson parents: 8041 diff changeset	14
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 19769 diff changeset	15	definition LeadsTo :: "['a set, 'a set] => 'a program set" (infixl "LeadsTo" 60) where
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	16	"A LeadsTo B == {F. F \<in> (reachable F \<inter> A) leadsTo B}"
4776 1f9362e769c1 New UNITY theory paulson parents: diff changeset	17
60773 d09c66a0ea10 more symbols by default, without xsymbols mode; wenzelm parents: 58889 diff changeset	18	notation LeadsTo (infixl "\<longmapsto>w" 60)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	19
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	20
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	21	text\<open>Resembles the previous definition of LeadsTo\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	22	lemma LeadsTo_eq_leadsTo:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	23	"A LeadsTo B = {F. F \<in> (reachable F \<inter> A) leadsTo (reachable F \<inter> B)}"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	24	apply (unfold LeadsTo_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	25	apply (blast dest: psp_stable2 intro: leadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	26	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	27
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	28
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	29	subsection\<open>Specialized laws for handling invariants\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	30
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	31	( Conjoining an Always property )
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	32
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	33	lemma Always_LeadsTo_pre:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	34	"F \<in> Always INV ==> (F \<in> (INV \<inter> A) LeadsTo A') = (F \<in> A LeadsTo A')"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	35	by (simp add: LeadsTo_def Always_eq_includes_reachable Int_absorb2
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	36	Int_assoc [symmetric])
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	37
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	38	lemma Always_LeadsTo_post:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	39	"F \<in> Always INV ==> (F \<in> A LeadsTo (INV \<inter> A')) = (F \<in> A LeadsTo A')"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	40	by (simp add: LeadsTo_eq_leadsTo Always_eq_includes_reachable Int_absorb2
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	41	Int_assoc [symmetric])
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	42
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	43	(* [\| F \<in> Always C; F \<in> (C \<inter> A) LeadsTo A' \|] ==> F \<in> A LeadsTo A' *)
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45477 diff changeset	44	lemmas Always_LeadsToI = Always_LeadsTo_pre [THEN iffD1]
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	45
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	46	(* [\| F \<in> Always INV; F \<in> A LeadsTo A' \|] ==> F \<in> A LeadsTo (INV \<inter> A') *)
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45477 diff changeset	47	lemmas Always_LeadsToD = Always_LeadsTo_post [THEN iffD2]
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	48
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	49
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	50	subsection\<open>Introduction rules: Basis, Trans, Union\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	51
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	52	lemma leadsTo_imp_LeadsTo: "F \<in> A leadsTo B ==> F \<in> A LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	53	apply (simp add: LeadsTo_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	54	apply (blast intro: leadsTo_weaken_L)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	55	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	56
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	57	lemma LeadsTo_Trans:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	58	"[\| F \<in> A LeadsTo B; F \<in> B LeadsTo C \|] ==> F \<in> A LeadsTo C"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	59	apply (simp add: LeadsTo_eq_leadsTo)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	60	apply (blast intro: leadsTo_Trans)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	61	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	62
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	63	lemma LeadsTo_Union:
61952 546958347e05 prefer symbols for "Union", "Inter"; wenzelm parents: 61824 diff changeset	64	"(!!A. A \<in> S ==> F \<in> A LeadsTo B) ==> F \<in> (\<Union>S) LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	65	apply (simp add: LeadsTo_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	66	apply (subst Int_Union)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	67	apply (blast intro: leadsTo_UN)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	68	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	69
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	70
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	71	subsection\<open>Derived rules\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	72
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	73	lemma LeadsTo_UNIV [simp]: "F \<in> A LeadsTo UNIV"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	74	by (simp add: LeadsTo_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	75
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	76	text\<open>Useful with cancellation, disjunction\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	77	lemma LeadsTo_Un_duplicate:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	78	"F \<in> A LeadsTo (A' \<union> A') ==> F \<in> A LeadsTo A'"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	79	by (simp add: Un_ac)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	80
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	81	lemma LeadsTo_Un_duplicate2:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	82	"F \<in> A LeadsTo (A' \<union> C \<union> C) ==> F \<in> A LeadsTo (A' \<union> C)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	83	by (simp add: Un_ac)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	84
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	85	lemma LeadsTo_UN:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	86	"(!!i. i \<in> I ==> F \<in> (A i) LeadsTo B) ==> F \<in> (\<Union>i \<in> I. A i) LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	87	apply (blast intro: LeadsTo_Union)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	88	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	89
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	90	text\<open>Binary union introduction rule\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	91	lemma LeadsTo_Un:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	92	"[\| F \<in> A LeadsTo C; F \<in> B LeadsTo C \|] ==> F \<in> (A \<union> B) LeadsTo C"
44106 0e018cbcc0de tuned proofs haftmann parents: 37936 diff changeset	93	using LeadsTo_UN [of "{A, B}" F id C] by auto
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	94
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	95	text\<open>Lets us look at the starting state\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	96	lemma single_LeadsTo_I:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	97	"(!!s. s \<in> A ==> F \<in> {s} LeadsTo B) ==> F \<in> A LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	98	by (subst UN_singleton [symmetric], rule LeadsTo_UN, blast)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	99
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	100	lemma subset_imp_LeadsTo: "A \<subseteq> B ==> F \<in> A LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	101	apply (simp add: LeadsTo_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	102	apply (blast intro: subset_imp_leadsTo)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	103	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	104
45605 a89b4bc311a5 eliminated obsolete "standard"; wenzelm parents: 45477 diff changeset	105	lemmas empty_LeadsTo = empty_subsetI [THEN subset_imp_LeadsTo, simp]
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	106
45477 11d9c2768729 tuned proofs; wenzelm parents: 44106 diff changeset	107	lemma LeadsTo_weaken_R:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	108	"[\| F \<in> A LeadsTo A'; A' \<subseteq> B' \|] ==> F \<in> A LeadsTo B'"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	109	apply (simp add: LeadsTo_def)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	110	apply (blast intro: leadsTo_weaken_R)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	111	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	112
45477 11d9c2768729 tuned proofs; wenzelm parents: 44106 diff changeset	113	lemma LeadsTo_weaken_L:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	114	"[\| F \<in> A LeadsTo A'; B \<subseteq> A \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	115	==> F \<in> B LeadsTo A'"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	116	apply (simp add: LeadsTo_def)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	117	apply (blast intro: leadsTo_weaken_L)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	118	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	119
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	120	lemma LeadsTo_weaken:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	121	"[\| F \<in> A LeadsTo A';
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	122	B \<subseteq> A; A' \<subseteq> B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	123	==> F \<in> B LeadsTo B'"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	124	by (blast intro: LeadsTo_weaken_R LeadsTo_weaken_L LeadsTo_Trans)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	125
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	126	lemma Always_LeadsTo_weaken:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	127	"[\| F \<in> Always C; F \<in> A LeadsTo A';
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	128	C \<inter> B \<subseteq> A; C \<inter> A' \<subseteq> B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	129	==> F \<in> B LeadsTo B'"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	130	by (blast dest: Always_LeadsToI intro: LeadsTo_weaken intro: Always_LeadsToD)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	131
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	132	( Two theorems for "proof lattices" )
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	133
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	134	lemma LeadsTo_Un_post: "F \<in> A LeadsTo B ==> F \<in> (A \<union> B) LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	135	by (blast intro: LeadsTo_Un subset_imp_LeadsTo)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	136
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	137	lemma LeadsTo_Trans_Un:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	138	"[\| F \<in> A LeadsTo B; F \<in> B LeadsTo C \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	139	==> F \<in> (A \<union> B) LeadsTo C"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	140	by (blast intro: LeadsTo_Un subset_imp_LeadsTo LeadsTo_weaken_L LeadsTo_Trans)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	141
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	142
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	143	( Distributive laws )
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	144
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	145	lemma LeadsTo_Un_distrib:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	146	"(F \<in> (A \<union> B) LeadsTo C) = (F \<in> A LeadsTo C & F \<in> B LeadsTo C)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	147	by (blast intro: LeadsTo_Un LeadsTo_weaken_L)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	148
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	149	lemma LeadsTo_UN_distrib:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	150	"(F \<in> (\<Union>i \<in> I. A i) LeadsTo B) = (\<forall>i \<in> I. F \<in> (A i) LeadsTo B)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	151	by (blast intro: LeadsTo_UN LeadsTo_weaken_L)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	152
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	153	lemma LeadsTo_Union_distrib:
61952 546958347e05 prefer symbols for "Union", "Inter"; wenzelm parents: 61824 diff changeset	154	"(F \<in> (\<Union>S) LeadsTo B) = (\<forall>A \<in> S. F \<in> A LeadsTo B)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	155	by (blast intro: LeadsTo_Union LeadsTo_weaken_L)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	156
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	157
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	158	( More rules using the premise "Always INV" )
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	159
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	160	lemma LeadsTo_Basis: "F \<in> A Ensures B ==> F \<in> A LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	161	by (simp add: Ensures_def LeadsTo_def leadsTo_Basis)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	162
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	163	lemma EnsuresI:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	164	"[\| F \<in> (A-B) Co (A \<union> B); F \<in> transient (A-B) \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	165	==> F \<in> A Ensures B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	166	apply (simp add: Ensures_def Constrains_eq_constrains)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	167	apply (blast intro: ensuresI constrains_weaken transient_strengthen)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	168	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	169
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	170	lemma Always_LeadsTo_Basis:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	171	"[\| F \<in> Always INV;
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	172	F \<in> (INV \<inter> (A-A')) Co (A \<union> A');
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	173	F \<in> transient (INV \<inter> (A-A')) \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	174	==> F \<in> A LeadsTo A'"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	175	apply (rule Always_LeadsToI, assumption)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	176	apply (blast intro: EnsuresI LeadsTo_Basis Always_ConstrainsD [THEN Constrains_weaken] transient_strengthen)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	177	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	178
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	179	text\<open>Set difference: maybe combine with \<open>leadsTo_weaken_L\<close>??
f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	180	This is the most useful form of the "disjunction" rule\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	181	lemma LeadsTo_Diff:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	182	"[\| F \<in> (A-B) LeadsTo C; F \<in> (A \<inter> B) LeadsTo C \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	183	==> F \<in> A LeadsTo C"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	184	by (blast intro: LeadsTo_Un LeadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	185
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	186
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	187	lemma LeadsTo_UN_UN:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	188	"(!! i. i \<in> I ==> F \<in> (A i) LeadsTo (A' i))
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	189	==> F \<in> (\<Union>i \<in> I. A i) LeadsTo (\<Union>i \<in> I. A' i)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	190	apply (blast intro: LeadsTo_Union LeadsTo_weaken_R)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	191	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	192
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	193
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	194	text\<open>Version with no index set\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	195	lemma LeadsTo_UN_UN_noindex:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	196	"(!!i. F \<in> (A i) LeadsTo (A' i)) ==> F \<in> (\<Union>i. A i) LeadsTo (\<Union>i. A' i)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	197	by (blast intro: LeadsTo_UN_UN)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	198
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	199	text\<open>Version with no index set\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	200	lemma all_LeadsTo_UN_UN:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	201	"\<forall>i. F \<in> (A i) LeadsTo (A' i)
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	202	==> F \<in> (\<Union>i. A i) LeadsTo (\<Union>i. A' i)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	203	by (blast intro: LeadsTo_UN_UN)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	204
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	205	text\<open>Binary union version\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	206	lemma LeadsTo_Un_Un:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	207	"[\| F \<in> A LeadsTo A'; F \<in> B LeadsTo B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	208	==> F \<in> (A \<union> B) LeadsTo (A' \<union> B')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	209	by (blast intro: LeadsTo_Un LeadsTo_weaken_R)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	210
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	211
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	212	( The cancellation law )
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	213
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	214	lemma LeadsTo_cancel2:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	215	"[\| F \<in> A LeadsTo (A' \<union> B); F \<in> B LeadsTo B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	216	==> F \<in> A LeadsTo (A' \<union> B')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	217	by (blast intro: LeadsTo_Un_Un subset_imp_LeadsTo LeadsTo_Trans)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	218
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	219	lemma LeadsTo_cancel_Diff2:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	220	"[\| F \<in> A LeadsTo (A' \<union> B); F \<in> (B-A') LeadsTo B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	221	==> F \<in> A LeadsTo (A' \<union> B')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	222	apply (rule LeadsTo_cancel2)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	223	prefer 2 apply assumption
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	224	apply (simp_all (no_asm_simp))
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	225	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	226
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	227	lemma LeadsTo_cancel1:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	228	"[\| F \<in> A LeadsTo (B \<union> A'); F \<in> B LeadsTo B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	229	==> F \<in> A LeadsTo (B' \<union> A')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	230	apply (simp add: Un_commute)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	231	apply (blast intro!: LeadsTo_cancel2)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	232	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	233
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	234	lemma LeadsTo_cancel_Diff1:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	235	"[\| F \<in> A LeadsTo (B \<union> A'); F \<in> (B-A') LeadsTo B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	236	==> F \<in> A LeadsTo (B' \<union> A')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	237	apply (rule LeadsTo_cancel1)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	238	prefer 2 apply assumption
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	239	apply (simp_all (no_asm_simp))
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	240	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	241
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	242
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	243	text\<open>The impossibility law\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	244
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	245	text\<open>The set "A" may be non-empty, but it contains no reachable states\<close>
13812 91713a1915ee converting HOL/UNITY to use unconditional fairness paulson parents: 13805 diff changeset	246	lemma LeadsTo_empty: "[\|F \<in> A LeadsTo {}; all_total F\|] ==> F \<in> Always (-A)"
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	247	apply (simp add: LeadsTo_def Always_eq_includes_reachable)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	248	apply (drule leadsTo_empty, auto)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	249	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	250
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	251
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	252	subsection\<open>PSP: Progress-Safety-Progress\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	253
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	254	text\<open>Special case of PSP: Misra's "stable conjunction"\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	255	lemma PSP_Stable:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	256	"[\| F \<in> A LeadsTo A'; F \<in> Stable B \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	257	==> F \<in> (A \<inter> B) LeadsTo (A' \<inter> B)"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	258	apply (simp add: LeadsTo_eq_leadsTo Stable_eq_stable)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	259	apply (drule psp_stable, assumption)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	260	apply (simp add: Int_ac)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	261	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	262
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	263	lemma PSP_Stable2:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	264	"[\| F \<in> A LeadsTo A'; F \<in> Stable B \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	265	==> F \<in> (B \<inter> A) LeadsTo (B \<inter> A')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	266	by (simp add: PSP_Stable Int_ac)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	267
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	268	lemma PSP:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	269	"[\| F \<in> A LeadsTo A'; F \<in> B Co B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	270	==> F \<in> (A \<inter> B') LeadsTo ((A' \<inter> B) \<union> (B' - B))"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	271	apply (simp add: LeadsTo_def Constrains_eq_constrains)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	272	apply (blast dest: psp intro: leadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	273	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	274
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	275	lemma PSP2:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	276	"[\| F \<in> A LeadsTo A'; F \<in> B Co B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	277	==> F \<in> (B' \<inter> A) LeadsTo ((B \<inter> A') \<union> (B' - B))"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	278	by (simp add: PSP Int_ac)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	279
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	280	lemma PSP_Unless:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	281	"[\| F \<in> A LeadsTo A'; F \<in> B Unless B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	282	==> F \<in> (A \<inter> B) LeadsTo ((A' \<inter> B) \<union> B')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	283	apply (unfold Unless_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	284	apply (drule PSP, assumption)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	285	apply (blast intro: LeadsTo_Diff LeadsTo_weaken subset_imp_LeadsTo)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	286	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	287
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	288
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	289	lemma Stable_transient_Always_LeadsTo:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	290	"[\| F \<in> Stable A; F \<in> transient C;
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	291	F \<in> Always (-A \<union> B \<union> C) \|] ==> F \<in> A LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	292	apply (erule Always_LeadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	293	apply (rule LeadsTo_Diff)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	294	prefer 2
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	295	apply (erule
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	296	transient_imp_leadsTo [THEN leadsTo_imp_LeadsTo, THEN PSP_Stable2])
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	297	apply (blast intro: subset_imp_LeadsTo)+
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	298	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	299
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	300
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	301	subsection\<open>Induction rules\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	302
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	303	( Meta or object quantifier ????? )
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	304	lemma LeadsTo_wf_induct:
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	305	"[\| wf r;
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	306	\<forall>m. F \<in> (A \<inter> f-`{m}) LeadsTo
67613 ce654b0e6d69 more symbols; wenzelm parents: 63146 diff changeset	307	((A \<inter> f-`(r\<inverse> `` {m})) \<union> B) \|]
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	308	==> F \<in> A LeadsTo B"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	309	apply (simp add: LeadsTo_eq_leadsTo)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	310	apply (erule leadsTo_wf_induct)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	311	apply (blast intro: leadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	312	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	313
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	314
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	315	lemma Bounded_induct:
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	316	"[\| wf r;
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	317	\<forall>m \<in> I. F \<in> (A \<inter> f-`{m}) LeadsTo
67613 ce654b0e6d69 more symbols; wenzelm parents: 63146 diff changeset	318	((A \<inter> f-`(r\<inverse> `` {m})) \<union> B) \|]
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	319	==> F \<in> A LeadsTo ((A - (f-`I)) \<union> B)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	320	apply (erule LeadsTo_wf_induct, safe)
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	321	apply (case_tac "m \<in> I")
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	322	apply (blast intro: LeadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	323	apply (blast intro: subset_imp_LeadsTo)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	324	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	325
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	326
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	327	lemma LessThan_induct:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	328	"(!!m::nat. F \<in> (A \<inter> f-`{m}) LeadsTo ((A \<inter> f-`(lessThan m)) \<union> B))
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	329	==> F \<in> A LeadsTo B"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	330	by (rule wf_less_than [THEN LeadsTo_wf_induct], auto)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	331
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	332	text\<open>Integer version. Could generalize from 0 to any lower bound\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	333	lemma integ_0_le_induct:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	334	"[\| F \<in> Always {s. (0::int) \<le> f s};
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	335	!! z. F \<in> (A \<inter> {s. f s = z}) LeadsTo
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	336	((A \<inter> {s. f s < z}) \<union> B) \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	337	==> F \<in> A LeadsTo B"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	338	apply (rule_tac f = "nat o f" in LessThan_induct)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	339	apply (simp add: vimage_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	340	apply (rule Always_LeadsTo_weaken, assumption+)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	341	apply (auto simp add: nat_eq_iff nat_less_iff)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	342	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	343
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	344	lemma LessThan_bounded_induct:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	345	"!!l::nat. \<forall>m \<in> greaterThan l.
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	346	F \<in> (A \<inter> f-`{m}) LeadsTo ((A \<inter> f-`(lessThan m)) \<union> B)
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	347	==> F \<in> A LeadsTo ((A \<inter> (f-`(atMost l))) \<union> B)"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	348	apply (simp only: Diff_eq [symmetric] vimage_Compl
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	349	Compl_greaterThan [symmetric])
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	350	apply (rule wf_less_than [THEN Bounded_induct], simp)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	351	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	352
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	353	lemma GreaterThan_bounded_induct:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	354	"!!l::nat. \<forall>m \<in> lessThan l.
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	355	F \<in> (A \<inter> f-`{m}) LeadsTo ((A \<inter> f-`(greaterThan m)) \<union> B)
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	356	==> F \<in> A LeadsTo ((A \<inter> (f-`(atLeast l))) \<union> B)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	357	apply (rule_tac f = f and f1 = "%k. l - k"
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	358	in wf_less_than [THEN wf_inv_image, THEN LeadsTo_wf_induct])
19769 c40ce2de2020 Added [simp]-lemmas "in_inv_image" and "in_lex_prod" in the spirit of "in_measure". krauss parents: 16417 diff changeset	359	apply (simp add: Image_singleton, clarify)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	360	apply (case_tac "m<l")
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	361	apply (blast intro: LeadsTo_weaken_R diff_less_mono2)
61824 dcbe9f756ae0 not_leE -> not_le_imp_less and other tidying paulson <lp15@cam.ac.uk> parents: 60773 diff changeset	362	apply (blast intro: not_le_imp_less subset_imp_LeadsTo)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	363	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	364
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	365
63146 f1ecba0272f9 isabelle update_cartouches -c -t; wenzelm parents: 62343 diff changeset	366	subsection\<open>Completion: Binary and General Finite versions\<close>
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	367
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	368	lemma Completion:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	369	"[\| F \<in> A LeadsTo (A' \<union> C); F \<in> A' Co (A' \<union> C);
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	370	F \<in> B LeadsTo (B' \<union> C); F \<in> B' Co (B' \<union> C) \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	371	==> F \<in> (A \<inter> B) LeadsTo ((A' \<inter> B') \<union> C)"
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	372	apply (simp add: LeadsTo_eq_leadsTo Constrains_eq_constrains Int_Un_distrib)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	373	apply (blast intro: completion leadsTo_weaken)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	374	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	375
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	376	lemma Finite_completion_lemma:
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	377	"finite I
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	378	==> (\<forall>i \<in> I. F \<in> (A i) LeadsTo (A' i \<union> C)) -->
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	379	(\<forall>i \<in> I. F \<in> (A' i) Co (A' i \<union> C)) -->
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	380	F \<in> (\<Inter>i \<in> I. A i) LeadsTo ((\<Inter>i \<in> I. A' i) \<union> C)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	381	apply (erule finite_induct, auto)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	382	apply (rule Completion)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	383	prefer 4
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	384	apply (simp only: INT_simps [symmetric])
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	385	apply (rule Constrains_INT, auto)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	386	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	387
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	388	lemma Finite_completion:
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	389	"[\| finite I;
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	390	!!i. i \<in> I ==> F \<in> (A i) LeadsTo (A' i \<union> C);
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	391	!!i. i \<in> I ==> F \<in> (A' i) Co (A' i \<union> C) \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	392	==> F \<in> (\<Inter>i \<in> I. A i) LeadsTo ((\<Inter>i \<in> I. A' i) \<union> C)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	393	by (blast intro: Finite_completion_lemma [THEN mp, THEN mp])
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	394
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	395	lemma Stable_completion:
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	396	"[\| F \<in> A LeadsTo A'; F \<in> Stable A';
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	397	F \<in> B LeadsTo B'; F \<in> Stable B' \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	398	==> F \<in> (A \<inter> B) LeadsTo (A' \<inter> B')"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	399	apply (unfold Stable_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	400	apply (rule_tac C1 = "{}" in Completion [THEN LeadsTo_weaken_R])
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	401	apply (force+)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	402	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	403
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	404	lemma Finite_stable_completion:
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	405	"[\| finite I;
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	406	!!i. i \<in> I ==> F \<in> (A i) LeadsTo (A' i);
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	407	!!i. i \<in> I ==> F \<in> Stable (A' i) \|]
3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	408	==> F \<in> (\<Inter>i \<in> I. A i) LeadsTo (\<Inter>i \<in> I. A' i)"
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	409	apply (unfold Stable_def)
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	410	apply (rule_tac C1 = "{}" in Finite_completion [THEN LeadsTo_weaken_R])
13805 3786b2fd6808 some x-symbols paulson parents: 13798 diff changeset	411	apply (simp_all, blast+)
13796 19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	412	done
19f50fa807ae converting more UNITY theories to new-style paulson parents: 9685 diff changeset	413
4776 1f9362e769c1 New UNITY theory paulson parents: diff changeset	414	end

author	wenzelm
	Sun, 03 Sep 2023 16:44:07 +0200
changeset 78639	ca56952b7322
parent 67613	ce654b0e6d69
child 80914	d97fdabd9e2b
permissions	-rw-r--r--